• United States



Contributing writer

Is the blockchain good for security?

Apr 01, 20168 mins
Data and Information SecuritySecurity

The blockchain is now being hyped as the solution to all inefficient information processing systems

Overstock was one of the first online retailers to adopt Bitcoin in a big way. Now it’s become the first major company to issue stock on a trading platform powered by the blockchain.

The blockchain is a distributed file system where participants keep copies of the file and agree on changes by consensus. The file is composed of blocks, where each block includes a cryptographic signature of the previous block, creating an immutable record.

“Blockchain trading is much more secure than the current system,” said Judd Bagley, director of communications at Salt Lake City-based “The distributed nature of the network that verifies the integrity of the transactions and associated account balances makes a successful attack mathematically impossible.”

Overstock used the stock trading platform, which it owns. Up to a million common shares will be issued on, and up to a million preferred shares will be issued on the traditional exchanges.

“There may be no software that has been better proven, from a security standpoint, than Bitcoin,” Bagley said. “Building a stock trading platform atop such well proven software should leave all parties feeling very confident, from a security point of view.”

In addition, he said, settlement times are reduced from three days to 10 minutes, settlement costs are cut by 80 percent, and counterparty risk is eliminated because the cash and assets are accounted for ahead of time and instantly swapped.

Finally, the blockchain is completely transparent, he said, and cannot be changed.

“Put transparency and immutability together and you have a dream scenario for regulators, auditors and compliance officers,” he said.

And it’s not just stock trading. The blockchain is now being hyped as the solution to all inefficient information processing systems, such as recording of property transfers, escrow services, and even legal contracts.

But Bitcoin isn’t without problems. The cryptocurrency has proven to be extremely volatile and popular with criminals. Regular users have lost millions to theft, the FBI is sitting on stockpiles of confiscated Bitcoins, and some of the members of the Bitcoin Foundation, created to legitimate the currency, are now in jail or on the lam. In addition, the Bitcoin system is slow to process transactions and is facing significant scalability issues.

[ BITCOIN ISSUES: How online black markets work ]

Are any of these problems endemic to the blockchain itself? And if you’re looking to eliminate an old, inefficient manual or batch-based process, the blockchain may be better — but is it better than other modern types of data structures?

For example, the blockchain lends itself well to peer-to-peer systems but isn’t necessarily a good tool for individual enterprises.

“If you’re the only participant, you don’t need a block chain — you just need a database,” said Prakash Santhana, director for payments risk and integrity at Deloitte Advisory at Deloitte & Touche LLP

More Bitcoin, more problems

Peter Williams, chief edge officer at Deloitte’s Centre for the Edge, calculates that each Bitcoin transaction costs roughly $6 in hardware and energy, and consensus approval of each transaction takes about 10 minutes.

That kind of performance doesn’t necessarily compare well to competing technologies.

But some of this is due to the way that Bitcoin uses the blockchain.

“Bitcoin throughput is limited,” said Mance Harmon, senior director of labs at Ping Identity. “To increase throughput means that you need a business relationship in place, and more trust between peers.”

That is very much possible when a blockchain is used by, say, a limited group of business partners.

For example, banks would send money directly to one another instead of going through a centralized clearinghouse like SWIFT or ACH.

In February, 40 of the world’s largest banks conducted a trial of five blockchain technologies, including Ethereum, a public block chain platform, as well as blockchains from Chain, Eris Industries, IBM, and Intel.

Ethereum claims to take only 17 seconds to process a transaction, while a San Francisco-based startup, Safe Cash, announced last month that it can process a transaction in under five seconds — and can handle up to 25,000 transactions per second.

According to Autonomous Research, blockchain technology could save the financial system $16 billion by 2021, or one-third of annual clearing and settlement costs globally.

But getting to that point could be extremely difficult, said Larry Tabb, founder and CEO at Tabb Group, in a report released in February.

“Many massive and in some cases what seem to be insurmountable challenges need to be overcome,” he said. “This will take not only years but hundreds of millions if not billions of investment dollars across banks, investors, custodians, and industry infrastructure.”

Larger attack surface

As any company with a big database knows, hackers love going after sensitive information. If a blockchain is used to store confidential contract information or payment data, then replicating the file could potentially offer hackers more places to get their hands on it.

This isn’t a problem for blockchain data that is meant to be visible to the public. But many investors, for example, would not like others to know that they are taking a position in a particular security, said Tabb.

If the information is meant to be visible, then having multiple copies means that the data is less likely to be lost, said Ping Identity’s Harmon, since there are multiple copies of the records.

And if the blockchain contains encrypted information, then it doesn’t much matter whether the peers access the data in a single location or in multiple locations, since the number of access points remains the same.

“If a key is compromised, then it can be used to access the database in a hub-and-spoke model, as well as in a distributed database,” said Harmon. “There is no difference.”

Enterprises do have a lot of flexibility in how they deploy the blockchain, said Nigel Smart, co-founder and adviser at Dyadic Security.

“If you wanted to deploy a block chain in a system like a commercial banking system, you wouldn’t use it the way Bitcoin uses the blockchain,” he said. “The general idea is you can put anything you want on the blockchain. If you want anonymity, you could put that on. If you want public accessibility, you can put that in.”

But not all the proposed applications make common sense, he added.

For example, some blockchain proponents suggest that the technology could eliminate escrow accounts.

According to Dan Wellers, digital futures lead in SAP’s marketing division, a company looking to buy, say, a million widgets could put the order into the blockchain, the widget factory would invest in the new plans and machinery needed to make the widgets, and when the order was complete, the contracts would execute automatically.

This is possible, agreed Smart, if the money for the widgets was to be locked away inside the blockchain in Bitcoin or some digital equivalent.

Someone else still has to validate that the contract has been fulfilled, but then once it does, the money could leave the blockchain automatically.

“The Bitcoin wallet itself is acting as an escrow system,” Smart said. “But if you’re transferring a large amount of money, if you put it into a traditional escrow account it earns interest, and if you put it in a Bitcoin account it doesn’t earn interest.”

Plus, Bitcoin’s volatlity means that you don’t know whether you’ll end up with the same amount of money as you started with.

A more likely application would involve the sale of virtual goods, Smart said.

For example, the blockchain could contain a song file, and the smart contract to release it once the payment for it has cleared.

“Anything digital can go on the block chain,” Smart said.

Compliance and enforcement

Central clearinghouses do more than just move information around, however.

Even if blockchain technology does prove to have advantages over other modern systems, there are still issues of compliance, regulations and enforcement that will need to be addressed.

For example, centralized utilities often have to comply with rules about what kinds of public access they provide to their systems. Do groups of companies setting up private blockchains have to comply with the same rules?

Other regulatory issues include clarity over jurisdictions and how to comply with know-your-customer and anti money laundering laws.

There’s also a large network effect associated with some platforms. For example, according to Autonomous Research, card networks currently process around 2,000 transactions per second and do so very cheaply, meaning that merchants have little incentive to switch.

Finally, one unintended consequence of full automation is the lack of circuit breakers. The current settlement process provides more opportunity to hit the brakes if something goes wrong.

According to the DTCC, the blockchain not only has fundamental technology challenges related to scalability, latency, performance, and security but many operational problems as well. For example, logging and monitoring are essential for enterprise environments, but have not yet been addressed.