While blockchain technology has enormous potential for creating new financial, supply chain, and digital identity systems, it is often mistakenly viewed as a panacea for solving business problems.
Through a large number of pilots and proof-of-concepts by large companies and government agencies, the reality of blockchain technology is expected, but these projects are not always a business case that can be put into practical use. It is necessary to take a different approach. Sometimes, proven and reliable technologies like relational databases perform tasks more efficiently than distributed ledgers based on p2p technology, because p2p technology often requires complex governance and a set of rules.
For example, providing a blockchain with full visibility across the entire value chain of a business may seem very meaningful, but when you weigh the entire upstream and downstream ecosystem built for it and the cost of building a blockchain. At the time, this solution may not be financially justified.
- Observation | Is the open source of the blockchain the biggest flaw in the business model or the strongest defense?
- Research on the Application Direction of Blockchain in Digital Government Affairs: Opportunities and Challenges
- Which company likes to hire people the most? Which jobs are most popular? 2019 Blockchain Overseas Recruitment List
- Research | Multi-signature and Multi-party Computing: Which is more secure?
- Getting started with blockchain | Multi-signature is safe but not private enough? Ring signature and blind signature
- Viewpoint | Blockchain is a digital social governance system for AI smart new species
“Who pays for it? How do these intuitive advantages bring real benefits to the participants? If the cost of technology construction is shared by all parties, will the benefits be distributed in terms of income or return on investment? These thorny issues tend to get more cumbersome as they move from pilot projects to actual production,” said James Wester, head of global blockchain strategy research at IDC Consulting. “In other words, even if the pilot project validates the concept, it is feasible. However, from the scale of actual application, cost and other considerations will become the main problem."
There are also some issues related to the financing of blockchain projects. Pilot projects and proof of concept (PoC) often come from innovation or research and development budgets, but once they are put into formal production, their costs will inevitably fall to the department or company responsible for the business. When the blockchain involves the need for partner companies to work together on an open ledger, the partners must agree on complex rules and the funding sources for the project.
Wester added, “If there are no convincing business cases, these construction costs may be less attractive. Given the natural distribution of blockchains, if one of the partners decides not to participate, the entire program will fall apart. ”
The following are the main issues that companies may encounter when using blockchains:
The blockchain is still relatively young and there are still many software defects
Although the first distributed blockchain was introduced in 2008 by “Nakamoto Satoshi” (a pseudonym), the application of this technology in the real world is only a few years old.
The two most popular blockchain platforms, Hyperledger and Ethereum, are not mature enough, which can lead to unforeseen problems in blockchain deployment. Martha Bennett, principal analyst at Forrester Research, said that the company's chief information officers (CIOs) and their teams should take this into account and potentially find serious vulnerabilities in the software. They may even let a blockchain project go halfway and have to start over after a serious software failure.
For example, Ethereum's script for executing smart contracts, Solidity, does not currently support the use of decimal points, which requires developers to find another workaround, or write a software from scratch.
“I’ve seen this situation often,” Bennett said. “When I’m talking to people who are working on blockchain projects, even though they’re all working on large formal projects, they’ll say that using blockchain technology. The longer it is, the more it realizes how immature it is."
What's changed is that many startups, and leading enterprise technology vendors like IBM and Oracle, have been working steadily to abstract more of the tools available from the underlying complex of a specific programming environment, and “can provide appropriate protection. The smart contract scripting language," Bennett said.
Bennett added: "Overall, it's worth noting that not only are tools improving, but there are now quite a few services that make it easier for companies to build and operate blockchain networks."
Few business leaders fully understand the blockchain and related technologies
Blockchains are often abused as a shorthand for many associated technologies, architectures, use cases, and even philosophies.
Ultimately, it is a point-to-point distributed ledger or database, a combination of a set of protocols and a blockchain, which means that a blockchain is a collection of encrypted data that records over time. Unchangeable changes. While such an interpretation may be relatively straightforward and straightforward, its definition may become complex and confusing, depending on how the technology is implemented.
As head of strategic research, Wester is often required to define blockchains and “a range of technologies” under the heading “blockchain”, including tagged assets, encrypted digital currencies, encrypted wallets, distributed ledgers, smart contracts, and Autonomous identity, and the technologies listed below are actually applications or architectures that can run on a blockchain network, but they are not inherent in the technology.
Wester said: "Now we are still explaining the stage of how this technology works. In addition, people may have a sneak peek at the technology without knowing the differences between technologies. People are even too lazy to seriously study related terms and techniques."
Blockchain is not always suitable for storing data
One of the biggest value of the blockchain is the distributed nature of "write once and read multiples", which can be easily deployed across different nodes on the web, but each record contains its own hash value, so the record It cannot be tampered with.
In other technologies, users only have selective perspectives, or they can only view internal systems, some may view some blacklists, and distributed ledgers through blockchain-based networks can provide richer and more comprehensive Transaction history.
However, this does not mean that the data associated with the transaction must be part of the chain.
For example, if a blockchain user takes an image as part of their transaction history, the amount of data will grow rapidly, considering that the amount of storage data used only for reading will become larger and larger over time, and network overhead Will grow rapidly. Due to the distributed nature of the blockchain, all data must be replicated to all nodes in the chain, Bennett explains.
So for some trading tasks, using a relational database with separate networked storage would be better than using a blockchain to make the overhead grow beyond control. “The rule of thumb I am going to say is that when a relational database can do a good job, never use a blockchain-based architecture for this work,” Bennett said.
Bennett also said that although not all blockchain technology frameworks require full replication of data across nodes, all blockchain systems need to be carefully structured to build regulatory requirements, confidentiality requirements, and potential latency issues. And so on are all considered. “This determines which data will be placed on the blockchain and which will not,” she said.
One of the main problems facing the blockchain is its scalability, or the ability to grow without consuming more and more CPU capacity, and the ability to complete transactions in near real-time situations. , for example, by credit card. Visa says its network VisaNet can handle up to 65,000 transactions per second.
Due to the nature of the blockchain, each new record inserted into the blockchain must be serialized, which means that the blockchain is updated more slowly than traditional databases that can update data in parallel.
Although many blockchain alliances and related startups are experimenting with them, for example, there is a blockchain network that can handle tens of thousands of transactions per second, and there is even a network capacity that is even larger than VisaNet. But most blockchains are still hampered by scalability issues. Popular blockchain protocols such as Bitcoin only support 3 to 5 transactions per second, while Ethereum technology can support about 20 transactions per second.
The degree of scalability between the technical framework and the governance model remains a problem. For example, the Ethereum Foundation is using techniques such as a proof of equity consensus model and a fragmentation mechanism to improve the performance of its protocols.
"It's also important to build a network architecture, and network latency can be more challenging than computing power," Bennett said. "For example, I have seen very impressive test results, but if they do your testing by renting a huge AWS cluster, then these test results are meaningless for the actual application."
Avivah Litan, vice president of research at Gartner, said that scalability is now more of a governance issue than a technical one.
“As the blockchain is licensed, the entire concept of the zero-trust model collapses,” Litan said. “There are only a limited number of witnesses who operate the nodes and participate in the process of reaching consensus, so you really need to trust those parties. If they do something wrong, what you need is the support of the legal framework. So for me, this is not scalable in practice."
Bennett believes that in the blockchain environment, the frequently used indicator "number of transactions per second" is relatively meaningless. She said: "First, how do you define 'transactions'? Second, if you can't finalize a deal, it doesn't matter if you can handle a lot of transactions."
The blockchain does not essentially eliminate centralized management. According to a recent report by the Federal Reserve Bank of Minneapolis, the blockchain essentially uses only one type of authorization or trust. Replaced another.
The report states: “Participants must trust the design, technology, and network rules of the blockchain system, rather than entrusting trust to a centralized agency such as a brokerage agent or bank to facilitate the transaction. But the blockchain does not eliminate governance authority. Needs, there is still a need to establish, implement, and enforce rules in some form, as well as respond to unexpected system challenges and anomalies. Although members of such a governance body can be distributed or decentralized, they still need A governance endpoint to handle all operational issues."
Bennett said how to resolve disputes or how to reach an agreement when problems arise are still key issues in governance.
For example, how to comply with the way smart contracts work and how to deal with controversial contracts, blockchain participants need to agree on these issues.
Bennett: "If something is not written in the blockchain, you need to have a "unchained" way to write it in, or a 'terminate switch' to block the blockchain. Unexpected way to run."
The public blockchain, also the most common form of blockchain, is completely open and transparent, meaning that anyone on the chain can see every transaction. For example, special currency is such a form.
The public blockchain also has a primitive capability, which is a stronger tamper-proof capability, because the public chain can grow to thousands of nodes, even millions of nodes, and the entire chain is like a huge distributed computer. The more nodes, the more difficult it is for an erroneous performer to control most of the computing power in the chain, so either block new transactions from being confirmed or create and confirm their own entries. If you can achieve self-identification, there will be some illegal activities, such as double payment of bitcoin or other encrypted digital currency.
On the other hand, when you work in a business environment, full transparency is usually not a good thing. For example, if blockchain technology is used as part of a stock trading platform to implement an instant settlement mechanism, each participant in the chain can see what other users are doing, which will allow one user to conduct real-time transactions with another user. .
Another example would be if a manufacturer uses a blockchain as its supplier's public ledger, which would allow a contractor to view information about all other subcontractors in the chain.
“I may not want my customers to see who my subcontractors are, even if you might want to implement a specific transaction process on the chain,” Bennett said. “So, you will decide what to do right away. …you will choose to keep the transaction data confidential."
There are ways to create information exclusive rights on the blockchain so that only some users can see confidential or sensitive data. For example, the Linux Foundation's blockchain open source project Hyperledger uses "channels" or sub-chains to ensure that only some authorized users can see sensitive information.
As mentioned above, there are two types of blockchains, public and private. The public blockchain allows anyone to join, and Bitcoin is a good example of a public blockchain that anyone who wants to purchase this encrypted digital currency can join. It's open and transparent, which means everyone in the chain can see all the deals. If one or more participants try to falsify the system, the wrongdoing will be defeated because the majority of the users involved in verifying the new transaction will provide the correct data.
“The bottom line is that in a large public blockchain network, you don't have to trust peers. This is the Byzantine general problem, and the public blockchain solves this problem,” Litan said.
Conversely, private or licensed blockchains are centrally managed and require people to be licensed, and they are suitable for use between individual organizations or partner organizations. Only authorized users can join such a chain.
Common blockchains and private blockchains are naturally safe because they are not tamperable, for example, each record or block is immutable and bound to all other records or blocks. Adding new blocks requires a consensus among users, and the size of this consensus will depend on the specific blockchain technology used. For some technologies, a 50% consensus is required, and for other technologies, this percentage may be higher. The inextricable modification and consensus requirements of blockchain make them inherently more secure than most other network technologies, but depending on the technical architecture and the people and places where these chain nodes are running, blockchains are actually vulnerable to attack. One point has been verified again and again in practice.
The above-mentioned Minneapolis Federal Reserve Bank report mentions that although blockchain provides security for the integrity of data recorded on the chain, this security is limited to the blockchain itself, if there is no additional technology. Or the system, can not prevent unauthorized access, such as data leakage.
For example, the recent "51% attack" against the Ethereum classic token exchange shows that even blockchain technology can't stop falsification. 51% of attacks mean that if you gain control of most of the CPUs in the encrypted digital currency pool, one can do nothing. Such attacks are usually limited to small blockchains with fewer nodes because they are more susceptible to personal weight control based on the Workplace Proof (PoW) consensus mechanism.
Data transparency, the ability of all parties on the chain to view transactions, is an attractive part of blockchain technology because if unintended participants try to add unverified data, they can be quickly identified. However, the transparency of data can also be a threat. For example, the Fed's report states that confidentiality may be a key factor in security in a financial institution's settlement or clearing system, so transparency of system data can be a security risk.
The report states: “If data transparency is implemented, but confidentiality is required, the data on the chain needs to be encrypted or strongly authenticated. The privacy and access control can be added to the blockchain. Not an inherent property of blockchain technology. The blockchain itself does not provide authentication."
In other words, don't assume that all other blockchains also include this feature because a specific blockchain design and implementation includes a specific feature, such as privacy, data transparency, or strong authentication.
Bennett points out that systems that provide information to blockchains, such as smart contracts, can also be a vehicle for cyber attacks because they are not decentralized and can be a single point of failure.
Smart contracts, or auto-execution contracts, are business automation tools built on blockchain technology. They are one of the attractive features of blockchain technology because they eliminate management overhead. Basically, once certain conditions of the contract are met, actions on receipt information, money, property or goods will automatically begin.
For example, insurers can use smart contracts to pay out claims based on large-scale floods, hurricanes or droughts. Or, once the goods arrive at the port, the IoT sensor in the container can automatically issue the shipping bill of lading if it confirms various conditions, such as the package of the goods intact, has been stored at the appropriate temperature, and so on.
However, Bennett believes that so-called smart contracts are neither intelligent nor legally contractual. Coupled with the lack of maturity in the blockchain scripting language, the programmer's learning curve is inherently steep, which can lead to bugs or loopholes.
Bennett says that today's smart contracts are actually just the same set of rules and software used to create automated processes, and automated processes are no longer an issue at the moment, and there are many ways to implement them.
“We’re even starting to see tools that allow merchants to gather the basic elements of a smart contract,” she said. “However, this is just the beginning, as some companies have discovered, ensuring that each network participant Running the same version of a smart contract can be a challenge in itself."
Bennett added that there are other challenges, including how to ensure that the smart contract itself does not create security issues and that any external input to the smart contract is valid and correct.
“As I always said, a thing can't just mean it's in the blockchain, it means it must be true,” Bennett said to ensure the accuracy and source of the input data, she said. “Smart contracts can only be said to work similarly to those rules that teams have developed for process automation, and also depend on the quality of programming.”
How to comply with the way the contract works, how to deal with controversial contracts, and the blockchain participants need to agree on these issues. Creating new business processes also requires agreement on these conditions between different users, and in practice, there are already some real-world examples, because people can't agree on these operating conditions and cause blockchain projects to be put on hold. Therefore, the blockchain is not only related to IT, it is also closely related to contractual agreements.
“Just like someone told me recently, 80% of the blockchain is commercial and 20% is technology,” Benett said.
In addition, although blockchains may be spread across dozens or thousands of nodes, smart contracts are not distributed managed. This means that these blockchain nodes cannot see how smart contracts work. In other words, as part of a blockchain network, the blockchain alliance of these companies must rely on one other entity to obtain input smart contracts. The information, this entity is called an oracle (database).
The blockchain network uses some centralized management software called oracle as a proxy to find and validate events happening in the real world and then trigger a smart contract based on predefined criteria. For example, the temperature of a drug shipped from California to Denmark can be monitored by an IoT sensor in the container. The sensor information is collected by the oracle software and then sent to the smart contract. If the temperature range meets the conditions throughout the transportation process, the smart contract can trigger events through the blockchain, such as issuing a shipping bill of lading or paying for the goods being shipped.
If your company is part of a blockchain alliance, for example, a supply chain, there is no way to know what is actually running in a smart contract. So the data is not verifiable. Essentially, no matter what kind of information is sent to the blockchain by the company running the oracle and the server where the smart contract is located, you can only accept it.
"You have to find a source of data, a table, and an oracle to get the data. There is no standard process to verify the authenticity of the data. This will be where the errors are concentrated," said Litan of Gartner.
“Smart contracts are not yet mature,” Litan continued. “I talked to companies involved in a blockchain alliance. I asked them, 'How do you know what smart contracts are doing? They say they don’t know. If you’re There is a contract in real life, don't you want to know what it is doing?"
Note: This article was originally published in November 2017 and updated in July 2019.
Author introduction: Lucas Mearian, senior reporter of Computer World.
English Original: The top 8 problems with blockchain: https://www.computerworld.com/article/3236480/top-8-problems-with-blockchain.html