Myths and Pitfalls of Blockchain
When it comes to blockchain, facts and myths are sometimes far apart. But it also happens the other way around. Let’s look into this issue together.
The myth of decentralization
The decentralized nature of the blockchain gives the technology a special charm. According to this argument, so far no central authority can control the process of recording transactions, data and assets processed by the blockchain. Right?
Wishful thinking! Because even a decentralized system, such as a blockchain platform, can become a victim of a targeted cyberattack, or fall under the exclusive control of an authoritarian organization.
Control through decentralization is still possible. Even a decentralized system, such as a blockchain platform, can fall under the control of an idiosyncratic entity.
Some of the biggest misconceptions about blockchain are related to the unreliable nature of blockchain. As Ernst & Young, a British audit and consulting company, found last year in a study based on a survey of decision makers in Southeast Asia, 66 percent of respondents admitted that they needed a clearer understanding of the benefits and risks of blockchain before considering implementation. 68% believe that the lack of understanding of blockchain in the leadership was the biggest obstacle to this.
Approximately every second participant in the survey (46 percent) believes that blockchain is a “trustless” system that does not require any central authority. This concept will only apply to blockchains without authorization, analysts say.
The myth of immutability
The prevailing view that blockchains are trustworthy simply because they are “immutable” is one of the widespread myths that, unfortunately, have nothing to do with reality.
Even the possibility of a 51 mining attack on the POW consensus mechanism with 25 percent of the network mining performance will cause the ghost of an “editable” blockchain: the possibility of reversing transactions is always possible only in one way or another.
If blockchains were truly immutable, the Ethereum community would not have been able to resist the legendary DAO robbery, according to an improperly programmed smart contract, in the summer of 2016. Users voted for the hard fork, and were able to prevent fraud by declaring a number of transactions in the blockchain invalid. This and other information can be found on Coinmarketrate.com.
This, in turn, raises the question of whether regulatory obligations do not contradict the principle of immutability of the transaction register. How to reconcile the immutability of data in the blockchain with the right to correct and delete the data subject in the light of the EU GDPR? How does blockchain comply with regulatory requirements? How can blockchain protect consumer rights, such as the right to recall? Is immutability really necessary for this? These kinds of questions are beginning to bother users very much.
Jimmy Ong of EY explains, “While the blockchain database may be immutable, the applications may not be.”
The principle of immutability and the need to maintain data integrity are two different things.
Protection against counterfeiting
The belief that blockchains are protected from unauthorized access and forgery is widespread in society and is largely true. But the devil is in the details. The security of blockchain manipulation stands or falls along with its cryptographic substructure, and may even extend to the hardware level (for example, Secure Execution Environment).
It all starts with the fact that the consensus procedure, protected from forgery, with absolutely reliable Sybil protection has not yet been invented. Even an expensive POW (Proof-of-Work) cannot completely prevent manipulation, when huge mining pools can de facto come under the control of a very small number of market participants for purely economic reasons (including subsidized electricity prices, technological leadership due to market dominance, etc.). Some leaders in the Bitcoin community feared that a handful of Chinese mining rig manufacturers could manipulate the POW consensus process. But even today, these fears are not without reason, only not in relation to China.
Even the sensor technology of the IoT endpoints of blockchain platforms is not automatically protected from manipulation just because the block chain itself can guarantee a certain degree of protection against manipulation. Anyone who can sabotage these sensitive data entry endpoints can transmit fake information to the blockchain. In this scenario, the rest of the “trust infrastructure” is not worth a damn.
Among other things, experts and managers of the Cologne startup Ubirch GmbH realized the danger. The forge of blockchains intended to develop a secure platform for data collection. The company wants to transfer the notarial printing of documents to data sets from IoT sensors, and increase the reliability of data by using hard cryptography in combination with the structures of DLT Ethereum and IOTA. The notary service for the Internet of Things is designed to increase resistance to manipulation and protect against counterfeiting of blockchain solutions.
The information in the block chain is usually permanent, not only in the interests of protection against manipulation, but rather because of the distributed nature of DLT technology. Hashed data is not only constantly written to them, but also replicated over the network.
Since the available computing power of potential spies only increases over time, the encryption method, which, by the way, cannot be “updated” for consistency reasons, inevitably has an inherent, but unknown to legitimate users, “expiration”.
Many insiders fear that the advent of quantum computers will shake the cryptographic substructure of many blockchains, and thereby cast doubt on their security from manipulation over the next decade. But quantum-stable cryptography is already gaining momentum.
Code errors and malware
More and more industries are playing with the idea of automated contract performance checks and “rubbing their hands” thinking about chain code. Leaving aside the social consequences of this devastating transformation: there is really nothing wrong with greater efficiency in business life.
For example, in the music industry. Music labels and film studios cannot cope with the complexity of distributing income between many project participants. Smart contracts can help.
Critics, in turn, object that many general contractual provisions in all their nuances cannot be implemented in software, for example, the requirement to act “in good faith” with a contractual partner. In other cases, the conventions are not only too vague, but also too complex to be adequately reflected in the code. Many people wonder whether a technology that chooses consensus as a criterion for the performance of a contract can adequately reflect the legal consequences of the nuances of events in the course of a real business relationship.
For example, Dr. Mathias Landheuser, founder and Director of IoT, believes that software of such high complexity as the blockchain platform cannot be accurately programmed in accordance with today’s standards. It is necessary to question the meaning of fully automatic execution of contracts using smart contracts (i.e. programmed contracts that are automatically executed when pre-defined conditions are met).
From a legal point of view, extensive changes in the law will be required before smart contracts can legally replace ordinary civil law agreements. Then the question arises: can they restrict certain civil liberties by micromanaging everyday activities. Then aren’t we substituting our freedoms for the supposed economic benefits? These and similar questions remain open for now.
Myth: protection from hacking
Security experts claim that the smart contract code may contain not only errors, but also malware. An attacker can intentionally hang a malicious smart contract in the blockchain and launch it. This is done in order to cause material damage to the participants, disable cyber-physical systems or bring the infrastructure to its knees (DDoS). Since the blockchain must be immutable, the risk is even greater than in the case of traditional software, critics say.
Therefore, a smart contract should always work in isolation from the rest of the executable code of the blockchain. The blockchain should also be able to forcibly terminate the contract if, for example, it consumes too many resources.
The first smart contract verification solutions are already available. The analytical company EY introduced just such a tool in April 2019 – Smart Contract Analyzer.
“Testing static code is not enough. We need to see what smart contracts and tokens really do in real-world transaction environments,” said Paul Brody, head of global innovation at Ernest & Young, Blockchain.
The service can check smart contracts for known security gaps, as well as monitor performance bottlenecks. Using the simulator, you can test many different transaction scenarios using the full Ethereum block chain without changing their status.
It is claimed that this tool can “evaluate all kinds of common actions”, including code updates, blocking rules and transfer restrictions. Of course, this is just the beginning.
So, a detailed examination shows that there is some truth behind this or that myth about the blockchain.