This article seeks to thoroughly examine the characteristics, security mechanics, and risks of blockchain technology to better understand how it works and the value it may hold.
While the emergence of blockchain is most often associated with Satoshi Nakamoto’s publishing of the Bitcoin whitepaper in 2008, the core concepts were being explored in the late 1980s and were attempting to be implemented in the early 1990s (Yaga et al., 2019). A blockchain is frequently referred to as a “distributed ledger”. A ledger can be thought of as a record book or database. Distributed means no single person or entity has complete control over it. A simple analogy for a blockchain is a public spreadsheet that anybody can access on their computer. Since the spreadsheet is public, anybody can see when a new entry is made, or a record is changed. Every so often, users of the spreadsheet will have to agree that all the most recent entries are accurate, and a copy of the spreadsheet will be saved. After a copy is saved, users of the spreadsheet cannot go back and edit the older copies. These copies are the “blocks” in blockchain. The “chain” merely refers to all the blocks, or copies, linked together back to the inception of the spreadsheet. This represents a complete and transparent history that cannot be altered and has been verified as accurate by various users of the spreadsheet. Many liken the emergence of blockchain to the rise of the internet. For the layman, the technical components are a bit difficult to comprehend. Most users of the internet likely still cannot explain what it is or how it works. However, the technology’s capacity to profoundly improve the efficiency and quality of how humans interact means that its mass adoption is likely inevitable.
While blockchains can be engineered differently to favor certain attributes, there are several appealing characteristics inherent to blockchain networks that may make the technology favorable over current systems.
• Decentralized: Decentralization is at the core of every blockchain. Blockchains are decentralized because they are not controlled by a centralized authority, rather, they are operated and secured by a network of computers called “nodes”. Anyone with enough computing power can participate in running the blockchain and the more nodes that enter the network, the more decentralized the blockchain becomes. In some situations, decentralization can come at the cost of diminished performance so different blockchains may seek to maintain varying levels of decentralization based on their performance objectives.
• Immutable: Immutability means that the data that is stored on a blockchain can never be manipulated or removed, it is permanent. Blocks on the blockchain are secured through cryptographic methods and any attempt to alter the data stored within them would be immediately evident to the nodes operating on the network. There are some potential threats to the immutability of blockchains such as a “51 percent attack” or the emergence of quantum computing, but for the most part, blockchains are built to be tamper-proof.
• Transparent: Transparency means that the data stored on a blockchain is available for anyone to see. The history of a blockchain can be viewed by connecting a node to the network, or by simply navigating to the blockchain’s explorer using a web browser. This allows for real-time auditability that has not existed in previous technologies.
• Permissionless: Permisionlessness means that anybody is allowed to use the blockchain, like how anyone can use the internet. Permissionlessness gives users the freedom to access the network from anywhere regardless of geographic location and without fear of being censored. While there are “permissioned” blockchains where a centralized authority chooses who is allowed to access the network, this is not typical of most blockchains.
• Trustless: Trustlessness allows separate parties to transact on a blockchain without needing to know or trust one another. Traditionally, a third party such as a bank, brokerage firm, etc. is needed to facilitate these types of transactions. A blockchain, however, can validate the authenticity of both the transacting parties and the value being transacted without the need for an intermediary.
• Anonymous: Anonymity refers to the user’s identity remaining anonymous even though all the data on the blockchain is fully transparent. Blockchains can have varying levels of anonymity. For instance, on a pseudo-anonymous blockchain, the user will remain anonymous granted their on-chain identity is not linked to their personal identity whereas a fully anonymous blockchain generates the user a new on-chain identity every time they interact allowing for complete anonymity. Newer generation blockchains seek to allow users to link their personal identity to their on-chain identity to allow for regulation and fully transparent interactions. Anonymity itself is not necessarily a valued feature of blockchains, but rather the capacity for anonymity where users can choose to share or hide their personal data in different situations with different actors as they see fit.
While blockchains have many interesting and potentially appealing characteristics, it is important to gain an understanding of their underlying mechanics to determine if they are as secure and trustworthy as existing systems.
An integral component of a blockchain’s security mechanism is a cryptographic process known as “hashing”. Hashing is conducted by passing some input through a “hash function” which then produces an output. The hash function uses cryptography to generate an output that appears to bear no relationship to the input. Identical inputs into the hash function will produce the same output, thus hashing is not simply producing a random output given an input, rather it is encrypting the input data in a way that it is impossible to reverse engineer. (Trautman & Molesky, 2019).
Most websites use hash functions for password storage so that they never know their users’ true passwords. When a user creates an account, their password is passed through a hash function, and then the website stores the output in a database. When a user logs into the website, their password is once again passed through the hash function and if the output matches the output that was stored in the database, the user is granted access. Hash functions are also designed in a way such that no two inputs can produce the same output, therefore, it would be impossible for an incorrect password to generate the same output as the correct password (Di Pierro, 2017).
However, the input of a hash function is not just limited to passwords, it could be any type of text data such as a poem, a book, an entire database, etc. On a blockchain, each time a block is created, the data which is stored in that block is passed through a hash function, typically the SHA-256 function. The output of that block is then used as an input for the next block. This is how blockchains gain their immutability. Since hash functions always generate a unique output for a given input, if the data stored on a block was altered, the output would not match the output stored on the subsequent block and it would be evident that tampering had occurred (Trautman & Molesky, 2019)
Consensus mechanisms are another crucial piece of a blockchain’s security framework. Consensus mechanisms seek to ensure that all nodes in a blockchain network agree that the data contained in each new block is accurate (Arabaci, 2018). While there are many different types of consensus mechanisms, there are two that most blockchains rely on for achieving consensus.
• Proof of Work (PoW): When a block is being created in a blockchain that implements a PoW consensus mechanism, the new block will have a complex math problem attached to it that special nodes called “miners” will attempt to solve. This math problem can only be solved through trial and error, so miners will use computational resources to plug different values into an equation until a correct answer is found. Once a miner finds a value that yields a correct solution, they will broadcast it to the network and the other miners will plug the value into the equation to verify that the value does indeed solve the problem. The miner who solved the problem first will then receive a monetary reward in the form of the blockchain’s native currency and the block will officially be added to the blockchain.
• Proof of Stake (PoS): The PoS consensus mechanism was developed out of concern for the immense energy consumption required by the computational mining process of the PoW consensus mechanism. In a PoW system, the miners that did not solve the problem associated with the new block first essentially wasted all the electricity used to produce their computational power. In a blockchain that implements a PoS consensus mechanism, the nodes that add new blocks to the chain are referred to as “validators” rather than miners. Validators must solve the same type of math problem as the miners, however, instead of investing in expensive computational hardware, they must simply purchase some of the blockchain’s native currency and lock it into the network. This process is called “staking” where validators’ “stakes” acts as a type of deposit to prove that they are invested in the network. A validator will receive any fees associated with transactions contained in a block and if they create an invalid block, they will lose a portion of their stake. Instead of validators trying to solve the problem all at once, a single validator is chosen at random to solve it so that computational resources are not wasted.
Game Theory can be used to model the behaviors of miners/validators to ensure that they are incentivized to act honestly. Game Theory is the study of how rational actors will make decisions given a set of constraints. For any “game” there are three essential components:
• Player: A player has the capacity to make decisions within the game.
• Strategy: A strategy represents a set of actions that a player can choose from.
• Utility: Utility is the outcome associated with a player’s chosen action.
In a game, each player will choose a strategy that maximizes their utility based on the strategies that they anticipate other players will choose (Liu et al., 2019).
In the game of achieving consensus about the current state of a blockchain network, the players would be miners in a PoW system and validators in a PoS system. Miners and validators can either choose to play the game honestly and invest their resources for a chance of adding a new block, or to play the game maliciously by including blocks with invalid transactions for their own financial gain. If a player chooses to act honestly, when they get the opportunity to add a new block to the chain, they will receive utility in the form of block rewards in a PoW system and transaction fees in a PoS system. If a player chooses to act maliciously, the invalid blocks will be rejected by the rest of the miners and the player will have wasted their computing power in a PoW system or their stake will be reduced in a PoS system. These payoff structures result in a Nash Equilibrium meaning that each player knows the optimal strategy of every other player and no player has an incentive to change their strategy. This Nash Equilibrium ensures that miners and validators always act honestly and only seek to include valid blocks (Curran, 2020).
When considering the risks of blockchain, it is important to examine the risks of the technology itself rather than the risks of its various use cases. Regardless of if blockchain enables the existence of legitimate decentralized currencies, assets, or otherwise, the success of those concepts is contingent on the underlying technology. If the technology fails, then all the potential use cases will be rendered invalid anyway. Thus, it is crucial to examine the risks of blockchain itself before assessing the risks of its numerous potential use cases. Despite the security mechanics that are inherent to blockchains, there are still threats that must be considered. Some of the most prominent security risks that threaten blockchains are as follows:
• Double-Spending: Double-spending occurs when a user conducts more than one transaction using the same cryptocurrency, essentially duplicating it. While blockchains are inherently designed to prevent this from happening, several known vectors may allow for double-spending such as Race Attacks, Finney Attacks, and Vector7. However, most major blockchains implement additional countermeasures to combat each of these different attacks (Rathod & Motwani, 2018).
• 51% Attacks: The 51% attack is arguably one of the most concerning risks to blockchains. This type of attack can occur when those securing a blockchain network, either miners in a PoW system or validators in a PoS network, acquire over 50% control of the network. Exploiting this vulnerability would allow malicious actors to double-spend, modify historical data, censor transactions, etc. and nothing could be done to reconcile the network (Li et al., 2020). However, the chances of this occurring are extremely low since there is no economic incentive for attacking a blockchain network as it would risk destroying the value of the very resources that were acquired to attack it. Additionally, even irrational actors would need such an excessively large amount of money to conduct a 51% attack on a major blockchain that it would theoretically be impossible.
• Quantum Computing: There is the possibility that with the evolution of quantum computing, the cryptographic algorithms that currently secure blockchains will eventually be able to be reverse engineered, invalidating the security assumptions of present-day blockchains. However, this is largely theoretical as it cannot be proven without sufficient computing power. Additionally, by the time quantum computers exist with the capability of rendering blockchains insecure quantum-resistant hashing algorithms may be widely available as well (Kappert, et al., 2021).
While these risks are significant among the known threats to blockchain, the greatest security threat is likely unknown. Since blockchain is still a relatively novel technology, it should be expected that there will be unforeseen risks that must be addressed in the future. In addition to these various security risks, the following risks should also be considered as they may hinder the adoption of blockchain:
• Environmental Risk: The risk that energy consumption required to power blockchains will adversely impact the environment.
• Scalability Risk: The risk that as blockchains become more congested, storage requirements will grow, transaction costs will rise, and latency will slow to the point that the networks are rendered infeasible.
• Ethical Risk: The risk that the decentralized and anonymous nature of blockchains will facilitate illegal and illicit activities such as money laundering, drug trade, etc.
• Regulatory Risk: The risk that policymakers will identify blockchains as a threat to incumbent systems or as a danger to society and impose adverse regulations on their usage.
• Usability Risk: The risk that blockchains do not evolve to the point where the average person can use them with ease and remain a tool for the technologically savvy rather than gaining widespread adoption throughout society.
A blockchain is a distributed ledger. While blockchain technology is most often associated with cryptocurrencies, it has a wide variety of potential applications. Blockchains have many favorable characteristics over more traditional and centralized systems of data storage such as decentralization, immutability, transparency, etc. Blockchains maintain their security by using cryptographic hashing to ensure that no data can be manipulated or removed, consensus mechanisms to reach agreement about the accuracy of the data being stored in a decentralized manner, and Game Theory to incentivize those securing the blockchain to act in the best interest of the network. Despite the security mechanisms that are inherent to blockchains, there are additional security risks that should be taken into consideration as well as environmental, scalability, ethical, regulatory, and usability risks that may inhibit the adoption of this emergent technology.
Arabaci, O. (2018).Blockchain consensus mechanisms: the case of natural disasters.
Curran, B. (2020). What Is Game Theory? And How Does it Relate to Cryptocurrency? Blockonomi.https://blockonomi.com/game-theory/
Di Pierro, M. (2017). What is the blockchain?. Computing in Science & Engineering, 19(5),92-95.
Kappert, N., Karger, E.,& Kureljusic, M. (2021). Quantum Computing–The Impending End for theBlockchain?. Quantum, 7, 12-2021.
Li, X., Jiang, P., Chen,T., Luo, X., & Wen, Q. (2020). A survey on the security of blockchain systems. Future Generation Computer Systems, 107, 841-853.
Rathod, N., &Motwani, D. (2018). Security threats on Blockchain and its countermeasures.Int. Res. J. Eng. Technol, 5(11), 1636-1642.
Trautman, L. J., &Molesky, M. J. (2019). A primer for blockchain. UMKC L. Rev., 88,239.
Yaga, D., Mell, P., Roby, N., & Scarfone, K. (2019). Blockchain technology overview. arXivpreprint arXiv:1906.11078.
This article was prepared by and is the property of Graystream LLC and is intended only for informational and educational purposes. None of the information contained herein constitutes investment, tax, legal, or other advice nor is it to be relied upon for making investment or other decisions. No consideration is being given to the specific investment objectives, risk tolerances, or time horizons of any recipients of this article. Recipients should consult their own advisors, including tax advisors, before making any investment decision. The views expressed herein are solely those of Graystream LLC as of the date of this article and are subject to change without notice. The information contained in this article has been obtained from sources believed to be reliable by Graystream LLC, but accuracy is not guaranteed. Graystream LLC and its affiliates may have financial interest or positions in one or more of the securities/financial products discussed in this article. Additionally, Graystream LLC and its affiliates may have investment positions that are inconsistent with the views expressed in this article. Recipients should consult their own advisors, including tax advisors, before making any investment decision. This article is not an offer to sell or the solicitation of an offer to buy the securities or other financial instruments mentioned.