Poof!

Quadriga CX is a crypto-currency exchange. The only person who knew the password died and now the exchange cannot access $140 million dollars of bitcoins. Stories abound of people forgetting a password and losing their bitcoins. But this is an exchange that has lost the password. Read more.

One problem is that bitcoins are ether—not tangible. However, I never see or touch most of the dollars in my paycheck, which is electronically deposited in my and mostly goes to the many electronic bills. The primary problem is that the exchange was badly managed.

More block chain thoughts

I recently explained to my cousin why I’m skeptical about blockchain. She is in the technology side of the banking industry so her interest was more than casual. Below is basically what I told my cousin.

A blockchain is a ledger: An append-only file that stores records (i.e., blocks). The blockchain file is replicated across many nodes to build trust. In order to corrupt the file, an attacker must co-opt 50% plus one nodes. The more nodes involved, the greater the trust. I speculated that a highly trusted blockchain needs to be widely distributed because if at breakfast it become known that a $10B hedge fund ledger were distributed across only 10 nodes the money would be missing by dinner.

Second, because the blockchain file is distributed the information is shared. Sharing data increases the security perimeter that must be guarded. Thus there is a conflict between trust (increases with node count) and security/privacy (decreases with node count).

The last point, which is the most overlooked, is that blockchain does very little to protect against fraud. It protects the ledger by making it hard to tamper with. However, the ledger is internal data that is fairly easy to protect. But it does nothing to prevent an erroneous ledger entry from being inserted in the first place, as the millions of dollars of stolen bitcoins attest to. Therefore, the blockchain offers no help for the most vulnerable attack vectors.

In addition to these limitations, blockchain is also very inefficient, Consequently I have yet to be shown a use case (other that crytocurrency) for blockchain. Tell if I’m wrong in the comments.

I have an earlier and longer post on block chain.

 

Some thoughts on blockchain

While watching a hockey game, I saw this IBM commercial that touts how to use blockchain to track commodities such as tomatoes and diamonds. I also heard that your chances of getting VC funding increase dramatically if you use blockchain. It has been claimed that blockchain will revolutionize banking, real estate, and many other industries. But is blockchain really a game changer? How generally useful is blockchain.

 

Blockchain is a critical (maybe the critical) technology enabling bitcoin and other
cryptocurrencies.There are many places you can go to learn about blockchain but for this discussion we need to know three things.

 

First, blockchain is a ledger—an append-only record of transactions. In bitcoin, a ledger entry might be “Alice transfers 1.8 bitcoins to Bob.” However, entries can be anything such as an arrival scan for a package or an edit to a document.

 

Second, the ledger is constructed as a chain of blocks that are cryptographically connected. Each block has a hash value that contains the hash value of its predecessor block. This is the key to blockchain. Modifying a block changes its hash value and it will not match the value stored in the successor block. Therefore, in order to incorporate this modified block into an existing chain all successor blocks must also be modified.

Third, a blockchain is a public and distributed. Therefore, in addition to recomputing all the hashes for the modified blocks, the fraudster also has to convince 50% plus one of the blockchain servers to adopt its version of the blockchain.

 

There are other features about blockchain in general and bitcoin’s blockchain specifically that are necessary for bitcoin, such as “proof of work.” But those are attributes that are not necessary in all uses of blockchain.

 

The beauty of blockchain is that is creates trust in public ledger. This is critical to bitcoin because it is decentralized—there is no master server. However, if the ledger is not decentralized then the overhead of blockchain (which is significant) is hard to justify. Furthermore, if the ledger is not public (by desire or regulation), it should not be in a blockchain. There are abundant solutions for private ledgers—such as read-only, offline archives that are hacker-proof—that are much cheaper than blockchain.

 

It is important to note that bitcoin’s use of blockchain only prevents fraudulent modifications of the ledger. It does not prevent fraud. Other mechanisms are needed to regulate the creation of ledger entries.

 

IBM in its commercial illustrated three uses for blockchain. A tomato you can track from farm to pot to jar to table and “serve with confidence that it is safe.” The safety consequence is dubious because we use lot numbers to track food and drugs, yet recalls are common. Moreover, it is not a function of blockchain but of better record keeping.
The point (I think) they are making is that you can independently verify the public ledger.
Accepting the premise (tracking ensures the tomato is safe): is it worth the cost? Blockchain is not cheap. At time of this posting the bitcoin blockchain is almost 170GB (55GB growth in last year) and it is stored about 10,000 nodes. Of course the tomato blockchain need  have not have that many nodes. But there are more tomatoes than bitcoins. I suspect that tomatoes and all produce are extremely price sensitive so even small costs will be difficult to absorb. However, I cannot estimate the cost. So let’s consider if this is better than the current solution. Recently there was a recall on romaine lettuce. The CDC was able to pin-point the problem to lettuce “from the Yuma growing region w[as] harvested on April 16, 2018.” So the question becomes are we safer with many people independently verifying a public ledger or relying solely on the CDC?

 

The second example in IBM’s commercial, it is a diamond you can trust from “mine to finger and trust it never fell into the wrong hands.”There are fewer diamonds than tomatoes and they are less price-sensitive so the cost isn’t a problem. But it is not clear that anything is broken in the current diamond market. So I suspect any benefit from blockchain is minor. The last example is a package that is “tracked from port to port.” We already have this ability and it is doubtful shipping industries or customers are dissatisfied with the current solution. Now, the intent of this post is not to pick on IBM and its short commercial. Rather to show that much of the hype lacks depth and understanding.

 

Blockchain provides trust to a public, decentralized ledger. Much data is public (e.g., land deeds) but is not and should not be decentralized. I believe few database require a public, decentralized ledger. If the data is private or there is sufficient trust (e.g., the county registrar) the cost of blockchain is not justified. Of course, if VCs are throwing money at blockchain solutions or if it increases the visibility of your tea then use blockchain. However, if you are developing a solution to a problem and believe that form follows function, blockchain is probably not necessary.