Is this the end for blockchain as 1500 experts send US Congress an appeal to be vigilant about the technology?
Every so often in the world of tech, something comes along that makes investors salivate and technologists swoon. Blockchain is one such innovation that has taken the technology world by storm.
Love it or hate it, blockchain has created noise and offered new ways of digitizing things from money to voting to self-sovereign identity. But the use of blockchain for cryptocurrencies and digital identity has had enthusiasts and naysayers raise their voices in equal measure.
However, in the last few weeks, blockchain has come under the scrutiny of some of the best minds in the business: in a Tweet in May, Professor Jorge Stolfi described blockchain technology as a "technological fraud." And now, an industry report has taken the decentralization thunder from under the feet of the blockchain.
Where does this all leave blockchain? Will it go into the annals of tech like the Betamax video cassette recorder?
Decentralized or bust
The ability to offer decentralized storage is at the cornerstone of blockchain. It is this feature that The Defense Advanced Research Projects Agency (DARPA) asked tech analyst firm Trail of Bits to take a close look at.
The question on the lips of DARPA (and many of us in the tech industry) was, is the blockchain all it is held up to be in the world of decentralized technology? This is an important question because blockchain is chosen for its decentralized capabilities to improve privacy and provide user control and immutability.
The ability to provide self-sovereign identities (SSI) and cryptocurrencies, for example, creates a system that delivers long-sought-after features that place a person in control of their finances and digital identity. Decentralization seems to offer the golden chalice of immutability, transparency, and privacy, and more, including reducing the points of failure of a centralized system.
But does it? Or is the hype becoming a myth?
Decentralization is not an island
As every cryptographer knows, security is not just about an encryption algorithm. Security is about so much more. The Trail of Bits researchers know this, so they looked at blockchain as part of an ecosystem that consists of many moving parts.
Knowing this, Trail of Bits focused not just on the blockchain itself but on the implementations, networking, and consensus protocols of a blockchain. The blockchain ecosystem was scrutinized by the team, who discovered some important and worrying issues, including:
“Every widely used blockchain has a privileged set of entities that can modify the semantics of the blockchain to potentially change past transactions.”
This is a concern in terms of self-sovereign identity (SSI) as well as cryptocurrencies. For example, SSI governance frameworks may be overseen by stewards, a group of interested companies that include tech vendors and others. This is fine and is useful for oversight, but it is pulled out as a potential issue in the Trail of Bits report unless structures are in place to prevent collusion.
“The number of entities sufficient to disrupt a blockchain is relatively low: four for Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.”
The low number needed to create an insecure network makes a mockery of decentralization.
“Of all Bitcoin traffic, 60% traverses just three ISPs.”
This is a major decentralized red flag: if a single ISP were to be taken over by a nefarious state, this could lead to control of not just cryptocurrencies but self-sovereign identities that used that blockchain. In a previous article, "Web 5: all Jack should know about digital identity but is too afraid to ask," I point out that TBD, Jack Dorsey's company, is using the Bitcoin blockchain to build an internet identity layer… this red flag should be acknowledged and mitigation measures put in place.
“Of Bitcoin’s nodes, 21% were running an old version of the Bitcoin Core client that is known to be vulnerable in June of 2021.”
Vulnerabilities are not just an issue in centralized systems. Crypto hackers have been exploiting blockchain vulnerabilities for many years now.
The conclusion of the paper makes this warning:
“The majority of Bitcoin nodes have significant incentives to behave dishonestly, and in fact, there is no known way to create any permissionless blockchain that is impervious to malicious nodes without having a TTP (Trusted Third Party.)
1500 industry experts warn about the blockchain
The Trail of Bits report is well worth a read for anyone who wants to understand the broader issues of the blockchain ecosystem. In addition, Professor Jorge Stolfi, along with 1500 others, including Bruce Schneier and Kelsey Hightower, recently penned a letter to the US Congress expressing deep concerns about blockchain technologies.
The letter urges:
“Today, we write to you urging you to take a critical, skeptical approach toward industry claims that crypto-assets (sometimes called cryptocurrencies, crypto tokens, or web3) are an innovative technology that is unreservedly good. We urge you to resist pressure from digital asset industry financiers, lobbyists, and boosters to create a regulatory safe haven for these risky, flawed, and unproven digital financial instruments and to instead take an approach that protects the public interest and ensures technology is deployed in genuine service to the needs of ordinary citizens.”
The letter warns:
“As software engineers and technologists with deep expertise in our fields, we dispute the claims made in recent years about the novelty and potential of blockchain technology. Blockchain technology cannot, and will not, have transaction reversal or data privacy mechanisms because they are antithetical to its base design. Financial technologies that serve the public must always have mechanisms for fraud mitigation and allow a human-in-the-loop to reverse transactions; blockchain permits neither.”
Shouldn't we be talking user-centric instead of decentralized?
I like to think that there is more than one way to skin a cat (sorry, cat lovers). In other words, there is often more than one way to do something or more than one solution to the complex problems that digitization requires. However, decentralization has suffered from an almost cult-like status that has caused a rift and in my opinion meant that the scientific method has not been used to analyze technology. As Kim Duffy from MIT once noted on Twitter, regarding the general view of blockchain and self-sovereign identity, "I just want to verify a credential; I don't want to join a cult."
The uber hype of blockchain and associated technologies such as crypto and SSI has led to a diminishing of its worth and led to the subsequent scrutiny by computer scientists of its claims of decentralization.
The blockchain may not stand up to current scrutiny, but no doubt there will be community backlash against the results of the Trail of Bits report. For now, I, for one, will continue to bang the drum for user-centric identities that do not rely on blockchain to ensure that security and privacy are upheld. Perhaps technology is only one part of the puzzle of the digitization of our lives. Maybe we need to stop thinking that technology alone can fix all ills. Instead, it is time to start bringing our knowledge of human behavior and technological advances together to find elegant and sustainable solutions.
More from Cybernews:
Subscribe to our newsletter