COURSE BOOK
Blockchain
DLMCSEBCQC01
Course Book
Blockchain
DLMCSEBCQC01
2
Masthead
Masthead
Publisher:
IUBH Internationale Hochschule GmbH
IUBH International University of Applied Sciences
Juri-Gagarin-Ring 152
D-99084 Erfurt
Mailing address:
Albert-Proeller-Straße 15-19
D-86675 Buchdorf
media@iubh.de
www.iubh.de
DLMCSEBCQC01
Version No.: 001-2020-0520
© 2020 IUBH Internationale Hochschule GmbH
This course book is protected by copyright. All rights reserved.
This course book may not be reproduced and/or electronically edited, duplicated, or distributed in any kind of
form without written permission by the IUBH Internationale Hochschule GmbH.
www.iubh.de
3
Module Director
Module Director
Prof. Dr. Ralf Kneuper
Mr. Kneuper has been a professor of informatics and business informatics at IUBH since 2016. He specializes in the teaching of software
development, IT management, IT governance and IT security.
Mr. Kneuper studied mathematics in Mainz (Germany), Manchester
(UK) and Bonn (Germany), and received his PhD in Computer Science
from the University of Manchester. Afterward, he worked for a software house and the IT department of a large enterprise, where he
was responsible for different tasks in quality management, software
processes and process improvement, and he served as project lead.
Since 2004, Mr. Kneuper has worked as a self-employed consultant,
with a main focus on helping companies with software quality management, process improvement and data protection. He is an expert
in software process models and data protection and has published
extensively on these topics. For many years he has been a member of
the government body of the special interest group on software process models within the German Informatics Society (GI).
www.iubh.de
4
Contents
Table of Contents
Blockchain
Module Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Introduction
Blockchain
7
Signposts Throughout the Course Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Learning Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Unit 1
Basic Concepts
1.1
The Functional View: Distributed Ledger Technologies (DLT) . . . . . . . . . . 12
1.2
The Technical View: Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3
History of Blockchain and Distributed Ledger Technology . . . . . . . . . . . . 24
1.4
Consensus Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
1.5
Limitations of Blockchain Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Unit 2
Bitcoin
www.iubh.de
12
34
2.1
The Bitcoin Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.2
The Technology Behind Bitcoin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.3
Security of Bitcoin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.4
Scalability and Other Limitations of Bitcoin . . . . . . . . . . . . . . . . . . . . . . . . 52
2.5
Bitcoin Derivatives and Alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Contents
Unit 3
Smart Contracts and Decentralized Apps
60
3.1
Smart Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.2
Decentralized Apps (DApps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.3
Ethereum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.4
Hyperledger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.5
Alternative Platforms for Smart Contracts and DApps . . . . . . . . . . . . . . . . 76
Unit 4
Security of Blockchain and DLT
82
4.1
Components of Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4.2
Attacks on Blockchain and DLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.3
Resolving Bugs and Security Holes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.4
Long-Term Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Unit 5
Blockchain and DLT Application Scenarios
5
100
5.1
Benefits and Limits of Applying Blockchain and DLT . . . . . . . . . . . . . . . . 100
5.2
Financial Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
5.3
Supply Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.4
Healthcare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
5.5
Governments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.6
Real Estate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.7
Sports and Entertainment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
5.8
Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
www.iubh.de
6
Contents
Unit 6
Development of Blockchain and DLT Applications
6.1
Architecture of Blockchain and DLT Applications . . . . . . . . . . . . . . . . . . . 134
6.2
Platform Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
6.3
Platform Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.4
Design of Blockchain and DLT Applications . . . . . . . . . . . . . . . . . . . . . . . . 148
Unit 7
Blockchain and Society
154
7.1
(Mis-)Trust in Institutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
7.2
Blockchain and the Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.3
Cyber-Currencies in the Darknet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
7.4
ICO Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Unit 8
Legal Aspects
www.iubh.de
134
180
8.1
DLT and Smart Contracts as Legal Contracts . . . . . . . . . . . . . . . . . . . . . . . 180
8.2
Cryptocurrencies as Legal Currencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
8.3
Regulation of ICOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
8.4
Data Protection/Privacy in Blockchains . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Appendix 1
List of References
208
Appendix 2
List of Tables and Figures
228
Introduction
Blockchain
8
Introduction
Signposts Throughout the Course Book
Welcome
This course book contains the core content for this course. Additional learning materials can
be found on the learning platform, but this course book should form the basis for your
learning.
The content of this course book is divided into units, which are divided further into sections.
Each section contains only one new key concept to allow you to quickly and efficiently add
new learning material to your existing knowledge.
At the end of each section of the digital course book, you will find self-check questions.
These questions are designed to help you check whether you have understood the concepts
in each section.
For all modules with a final exam, you must complete the knowledge tests on the learning
platform. You will pass the knowledge test for each unit when you answer at least 80% of the
questions correctly.
When you have passed the knowledge tests for all the units, the course is considered finished and you will be able to register for the final assessment. Please ensure that you complete the evaluation prior to registering for the assessment.
Good luck!
www.iubh.de
Introduction
9
Learning Objectives
Introduced in 2008, blockchain provides distributed ledger technology based on distributed
databases in a peer-to-peer network of computing environments. Blockchain’s tenets of
decentralization, consensus mechanisms, transparency, and security of data all support the
concept of providing a trustless ecosystem for the use of cryptocurrencies in a myriad of
transactions. Since inception, blockchain has gained maturity, yet continues to present challenges that need to be overcome in order to encourage the growth of the platform.
Bitcoin is the first major implementation of blockchain, introduced by Satoshi Nakamoto, the
pioneer of blockchain. Bitcoin is the name of the blockchain platform as well as the name of
the cryptocurrency that is transacted upon the platform. Bitcoin is an active cryptocurrency
environment, however, the limitations of blockchain, the limitations of bitcoin, and the security breaches that been experienced have caused an instability in the platform and in the
value of the Bitcoin cryptocurrency.
Smart contracts are a significant capability of blockchain. They automate a contractual agreement between two or more parties by writing the terms of the contract into lines of code,
which then executes on the blockchain and records information into the blockchain ledger.
Smart contracts are useful in a number of industries such as health care, financial services,
supply chain, voting, and so much more.
Blockchain presents a number of social and legal issues. It is stated by some that blockchain
falls within a neoliberalism policy model. A significant concern is how, from a legal position,
this runs contrary to the need to establish regulations to stabilize the blockchain implementations while providing assurances to both the investors and users of blockchain. Other
social concerns include environmental impact and the use of blockchain to conduct illegal
activities. Meanwhile, legal concerns include what should be regulated. This is complicated
by the worldwide implementation of blockchain and the level of blockchain acceptance in
different parts of the world.
Overall, blockchain has a tremendous amount of potential for individuals and businesses
alike. Blockchain’s mix of complex technologies creates a sound environment that, after more
than ten years, is gradually becoming everything that Satoshi Nakamoto intended.
www.iubh.de
Unit 1
Basic Concepts
STUDY GOALS
On completion of this unit, you will have learned …
… the evolution of financial accounting to include distributed ledger technologies.
… how blockchain is an implementation of distributed ledger technologies.
… the technologies and processes that enable blockchain technologies.
… the consensus mechanisms of blockchain that assure the security and accuracy of the
data.
… the limitations of blockchain technologies.
DL-E-DLMCSEBCQC01-U01
12
Unit 1
1. Basic Concepts
Introduction
Accounting for the transfer of money, goods, and services between parties has been a
common practice since at least 7,500 B.C. The abacus, calculators, and ultimately, computers, are quite an improvement compared to traditional clay tablets. Centralized
computer systems allowed people and corporations to perform their internal financial
tracking for many years and continue to do so today. With the advancement of various
technologies and the migration to the internet, the opportunity was presented to automate accounting transactions between two parties that otherwise lack a connection. In
order to take this opportunity, we must first answer the following questions:
•
•
•
•
How can transactions be conducted securely?
How can transactions be processed correctly and consistently?
What are the technical components of the architectural solution?
What are the limitations of the solution, and how can we improve upon these limitations in the future?
1.1 The Functional View: Distributed Ledger Technologies
(DLT)
People have always actively engaged in the exchange of goods and services, even in
early human history. The act of recording these exchanges was demonstrated as long
ago as 7,500 B.C., when tokens and clay balls were used to denote inventory figures representing agricultural goods such as wheat, sheep, and cattle. These initial rudimentary
approaches eventually evolved into an ancient balance around the year 5,000 B.C. Historians determined that, at this time, Sumerians marked clay tablets with sticks to
account for the trading of goods.
Over 2,000 years ago, the Roman Empire had a banking system that enabled people to
transact with people in other regions in the empire. Paper checks allowed them to
record and track transactions. In the 14th century, Venetian merchants created the concept of double-entry bookkeeping, an act which became an established “business practice following the Industrial Revolution and the globalization of trade starting the latter
part of the 19th century” (Yusuf, 2018, p. 18).
Accounting for these transactions, most typically in the form of ledger entries, was very
much a manual process conducted on paper until the ubiquitous presence of the computer became common within businesses of all sizes. Moving into the last quarter of
the 20th century, enhanced computerization led to the understanding that “data gathering, its management and analysis, the recording of transactions, and the entry and execution of contracts […] can all be done more efficiently and swiftly using computer files”
(Yusuf, 2018, p. 18).
www.iubh.de
Unit 1
13
Basic Concepts
Most financial transactions involve an intermediary, such as a bank or the state, to
maintain records, vouch for their accuracy, safeguard their integrity, and help to complete a transaction. When a transaction involves an intermediary, all parties involved in
the transaction need to put their trust in the integrity of the intermediary. A technological solution could potentially eliminate the intermediaries while preserving “an inviolable record of transactions and contracts” (Yusuf, 2018, p. 18).
The Database of Distributed Ledger Technology
Technology options for data storage have expanded and matured in past decades. One
of the most common options is a centralized database. Here, transactional data is
stored and maintained in one physical location, on one server, controlled by a single
entity. A distributed ledger is a distributed database in which there are identical copies
of the data located across multiple nodes. These copies are stored in one or more
physical locations, and updated in a synchronized manner by a consensus of the parties involved. An important difference between a distributed ledger and a traditional
distributed database is that the participants of a traditional distributed database trust
and cooperate with one another to maintain data accuracy and consistency, whereas in
a distributed ledger, the parties do not completely trust each other and may have conflicting interests.
The following figure shows that all distributed ledgers are built on distributed databases, but not all distributed databases function as a distributed ledger.
Key attributes of DLT are:
www.iubh.de
14
Unit 1
•
•
•
•
•
Shared record keeping: Multiple parties can create, maintain, and update the ledger.
The storage, maintenance, and updating of ledgers in a distributed ledger is the core
of the technology, and the task of updating the ledgers is divided between the
nodes.
Consensus: To achieve data accuracy and consistency in a distributed ledger, a way
to verify transactional data before the ledgers are shared must be established. This
mechanism needs a set of agreed-upon rules or procedures that have been
approved by all involved parties before the updates to synchronize all databases
can be performed.
Independent validation: Each participant has the ability to verify the state of their
transactions.
DLT cannot rely on a central coordinator to be the authority mechanism.
Immutable ledger:
◦ Tamper evidence: Each participant has the ability to detect non-consensual
changes to transactions.
◦ Tamper resistant: Enforces barriers to resist changes to historical transactions.
Blockchain
Blockchain provides the underlying technical environment where a historical recording
of digital transactions can be retained, whether it is an exchange of currency, goods, or
services. Tapscott (2016) describes a blockchain as an “incorruptible digital ledger of
economic transactions that can be programmed to record not just financial transactions but virtually everything of value.” The original objective of blockchain is “to support an electronic payment system based on cryptographic proof instead of trust”
(Waldo, 2019, p. 38). With respect to both definitions, the functional requirement is for
an environment that assures the anonymity of blockchain users, a ledger of transactions that cannot be altered once it has been verified and agreed to, and a system that
is independent of a central authority. Blockchain is implemented as a distributed database that captures shared transactional data in blocks. A blockchain, the linked list of
blocks containing the transactions, is also referred to as the “ledger.”
Distributed databases can be used for a variety of purposes, and a distributed ledger is
a use case for a distributed database structure. Some distributed ledgers are implemented in a blockchain architecture. With all of the previously described attributes,
distributed ledgers that are implemented as a blockchain enable transactions to be
processed and stored in connected blocks that form a chain. The integrity of the data
stored in the chains is accomplished and guaranteed by cryptography. The append-only
structure allows data to be added to the database, but the alteration or deletion of
previous transaction data in earlier blocks is impossible.
The following figure shows that all blockchains are distributed ledgers, but not all distributed ledgers are implemented as blockchain.
www.iubh.de
Unit 1
15
Basic Concepts
Functional Characteristics of Blockchain
The functional characteristics of blockchain include the characteristics of distributed
ledger technology (DLT) together with other blockchain-specific characteristics.
Decentralization
Blockchain data is decentralized, rather than centrally stored. The use of a peer-topeer (P2P) network eliminates central access, authority, and control of data. New transactions are validated, added to a block, and the block is added to a blockchain. The
updated blockchain is then distributed to every node on the blockchain network. In a
P2P network, each node contributes computing resources. P2P was introduced in the
late 1970s and became well-known with the introduction of Napster, a website allowing
users to share music.
Peer-to-peer
This is a decentralized communications model in which
each node has the
same capabilities.
Security
Blockchain uses cryptography to secure the user’s address and assets using a combination of public and private keys. Private keys are used to sign transactions, and public
keys are used to verify that the transactions come from the entity they say they are
from. For example, when Amy sends Bob money, Amy uses her private key to sign a
message that is transmitted to blockchain which pays Bob with a cryptocurrency. Bob
uses Amy’s public key to verify that the message came from her.
Blockchain also uses cryptography to secure the transactional data and the construction, or linkage, of the blocks in the blockchain. This ensures the immutability of the
data.
www.iubh.de
16
Unit 1
Asymmetric cryptography
Also called publickey cryptography,
asymmetric cryptography uses pairs of
keys: public keys
which may be distributed, and private
keys which are
known only to the
owner.
Available since the early 1980s, asymmetric cryptography enables the secure exchange
of data between two parties. Cryptography authenticates the sender, ensures the integrity of the message, and prevents third parties from accessing the information if it is
intercepted (Romeo Ugarte, 2018).
Consensus
Consensus mechanisms are the ways that a blockchain network reaches agreement on
the validity of transactions. The consensus mechanisms ensure that the protocol, or
rules, are being followed. For example, the Bitcoin protocol defines the procedure that
should be followed by a Bitcoin transaction from its creation, through its validation, to
its final confirmation. It defines how the nodes should interact, how the data should be
transmitted between them, and the requirements for a successful block validation. Bitcoin’s consensus algorithm is responsible for performing the actual verification of bitcoin balances and signatures, confirming transactions, and validating the previous
blocks in the blockchain.
Introduced in the 1990s, consensus mechanisms ensure that all ledgers are identical,
and that there is no fraud or duplication of information. There are different consensus
methods which can be used, with the most common one being “proof of work” (PoW).
Trust
A trustless system is one that is not dependent on the intentions or actions of its participants, good or bad. The system always acts in the same manner. Since blockchain is
based on a P2P protocol, it is considered to be a trustless system. As a result of the
inherent design of blockchain, trust is not a requirement; hence, the designation of it
as a trustless system. As stated by Kaushal and Tyle (2015), “Computers verify each
transaction with sophisticated algorithms to confirm the transfer of value and create a
historical ledger of all activity. The computers that form the network that are processing the transactions are located throughout the world and importantly are not owned
or controlled by any single entity. The process is real-time, and much more secure than
relying on a central authority to verify a transaction” (para. 6).
Transparency
All participants in a blockchain have access to the same historical details, they do not
have individual copies. Data on a blockchain is more accurate, consistent, and available
to participants with permissioned access, resulting in a greater level of transparency.
Public versus Private Blockchain Networks
The blockchain network of a DLT environment can be public or private, depending on
how access is granted to the participants.
Public blockchains
A public blockchain, also referred to as a permissionless blockchain, is open and anyone can participate in it. Public access can be granted to:
www.iubh.de
Unit 1
17
Basic Concepts
•
•
•
Read data
Write data
Participate in the consensus process, which determines which blocks are added to
the chain.
Public blockchains are secured by cryptographic fingerprints and a consensus protocol.
The most well-known implementation of blockchain, Bitcoin, is delivered on a public
network.
Private blockchains
In a private blockchain, also referred to as a permissioned blockchain, participation is
usually by invitation and/or by meeting certain requirements. A key difference is that in
a public network, participants do not necessarily know each other, whereas participants
in a private network know each other. Maersk, a container ship and supply vessel operator, and Walmart, a large big box retailer, are both implementing private blockchains
for supply chain management.
Consortium blockchains
An extension of private blockchains, a consortium blockchain, also referred to as a
shared permission blockchain, is a group of entities within an industry that come
together for a common need. The attributes of a consortium blockchain are similar to
that of a private blockchain, except that governance is performed by a set of participants, rather than a sole owner. An example of a consortium blockchain is Digital Trade
Chain Consortium, a group of European banks using blockchain to enable faster, easier,
and cheaper trade transactions.
The following chart presents a summary comparison of public, private, and consortium
blockchain networks.
Comparison of Blockchain Networks
Public Blockchain
Private Blockchain
Consortium
Blockchain
Governance
consensus is
public
consensus is
managed by single owner
consensus is
managed by a
set of participants
Participants
don’t know each
other
know each other
Transaction validation
any node
authorized nodes
www.iubh.de
18
Unit 1
Public Blockchain
Private Blockchain
Consortium
Blockchain
Transaction reading
any node
any node (without permission) or predefined nodes (with permission)
Consensus
without permission
with permission
Access
public to anyone
by invitation
Examples
Bitcoin, Ethereum, Monero, etc.
individual corporations
industry
1.2 The Technical View: Blockchain
Expanding upon the functional aspects of blockchain, this section will describe each of
the technical aspects and how they are used together to enable the blockchain process.
Key Technical Components
The following three technologies are key to the architecture of a blockchain environment and the processing of transactional data onto the blockchain.
Peer-to-peer networks
In a P2P, or decentralized network, many computer systems, known as nodes, are connected to each other by the Internet, collectively making up the network. Nodes are
considered equal, and each node contributes computing resources without the need
for a central authority. In exchange for the blockchain work conducted by the nodes,
including the validation and storage of transactions, the owners of the nodes can collect transaction fees in the blockchain’s underlying cryptocurrency.
www.iubh.de
Unit 1
19
Basic Concepts
Processing transactions may necessitate considerable computing and processing
power. Owners of professional nodes heavily invest in powerful computing resources.
The electricity needed to power these computing resources is a significant factor. As a
result, some of the largest nodes are located in countries where electricity is cheaper,
such as China or Venezuela.
Cryptography
Cryptography ensures that identities are kept private and that every record written to a
blockchain is secured by a unique cryptographic key, which makes the blockchain and
its information immutable.
Digital signatures guarantee the integrity of the data on the blockchain. The digital signature of data would become invalid if the data was altered. Digital signatures secure
the data as well as the identity of the sender. Additionally, digitally signed transactions
provide a quality of non-repudiation as something digitally signed by a user can be
legally binding.
The transactions that are going to be written into a block are hashed, and the hash
value is stored in the header of the block. Hashing is the process of taking an input,
using a mathematical algorithm to encrypt it, and producing an output. Hashing
ensures that data (in this case, the transactions) have not been tampered with. For
example, data being sent from Amy to Bob can be processed by Amy through a hashing
algorithm to compute a hash value. Upon receipt, Bob can process the data through the
hashing algorithm. If the two hash values match, Bob can be certain that the data was
not tampered with. If the hash values do not match, then the data was likely altered
before it was received by Bob.
www.iubh.de
20
Unit 1
Consensus mechanisms
With a distributed network of nodes, there is no central authority. With the lack of a
central decision-maker, the determination of correctness needs to be made by a consensus of the involved parties. This is exemplified by the Byzantine Generals’ Problem,
an analogy based on the Byzantine army’s camp around an enemy city. The generals
must agree upon a battle plan to attack the enemy and be victorious, communicating
only by messenger. The challenges are that some generals may be traitors, some messengers may be traitors, and/or a messenger could be captured by the enemy and be
replaced by a fake messenger. The Byzantine Generals’ Problem demonstrates the challenges that are faced in a distributed computing environment in its processing of transactions. These challenges must be addressed to ensure the authenticity of the data,
the agreement regarding the processing of the data, and that the process is not compromised by bad actors.
At the center of blockchain technology, consensus mechanisms are the way that all
nodes in the network agree on the state of the data on the blockchain. Each blockchain
chooses an algorithm that will be used to create the agreement for the necessary validation and security within its network.
In a public blockchain, since anyone can be a node, it is possible for a node to alter
transactions and include them in a new block. This results in a “fork,” where one fork in
the chain contains the altered transaction and the other fork contains the valid transaction. A consensus mechanism aims to avoid forks and present a single version of the
truth. In a private blockchain where participating nodes are known, consensus is still
necessary because the honesty of the nodes cannot always be assumed. As a result,
private blockchains often use consensus mechanisms that are less resource intensive.
Blockchain Processing
This section will describe the process of a blockchain transaction from generation to
completion.
www.iubh.de
Unit 1
21
Basic Concepts
www.iubh.de
22
Unit 1
Generate a transaction
Amy is going to pay Bob a number of bitcoins for a service. Amy obtains Bob’s public
key from her wallet. Amy creates the transaction which includes Bob’s public key, the
amount of cryptocurrency to be paid to Bob, and any fee associated with the transaction. The transaction is signed with Amy’s private key.
Gather transactions
Once a transaction has been created to exchange data representative of money, contracts, or any asset, the transaction is placed in a queue of pending transactions.
Based on the rules of the network, after a set period of time (for example, Bitcoin uses
every ten minutes) the transactions are gathered into a block for processing.
Mining
Mining is the term given to the processing of transactions in a blockchain that uses the
proof of work consensus algorithm, such as Bitcoin. Blockchains that use other consensus mechanisms may use a different term, such as forging.
Validation
The transactions in the block are validated to verify that the transactions are not malicious, do not result in a double spend of cryptocurrency, etc.
Consensus mechanism
Blockchains that do not use the proof of work consensus mechanism will have a way
that the network can select the node to publish the block to the network. For blockchains that use the proof of work consensus mechanism, the following section
describes the processing that will occur.
Nonce
A nonce is an arbitrary number.
Proof of work
To determine the node that will publish the block to the network, Bitcoin miners compute hashes until they find a hash that is less than the difficulty target, a number set
by the software protocol. To find the correct hash, miners must find the right nonce
that, together with the data in the block, produces a hash that is less than the difficulty
target. The node will hash the block header repeatedly, changing the nonce, until the
hash output is less than the target hash. The first miner that finds the target hash, and
whose work is accepted by the others in the network, will receive a reward in Bitcoins
in addition to transaction fees.
The lower the difficulty target, the more difficult it is to reach, and will require the plugging of more nonces to get an acceptable result. Difficulty values were established to
control the creation of new blocks at a steady rate.
Create the block header
A block header will be created to contain metadata about the block. Common data
fields are shown below:
•
•
www.iubh.de
Timestamp
Size of the block
Unit 1
23
Basic Concepts
•
•
Metadata specific to the consensus algorithm — Blockchains that use the proof of
work consensus algorithm store a nonce and a difficulty level in the block header.
Hash of the previous block — In blockchain, the input to the hashing process is the
entire blockchain, all previous transactions, and the new transactions that are being
added. The first block in the blockchain, called the genesis block, contains transactions that, after validation, are used to produce the first hash. For the second block,
the first block’s hash and all the transactions that are being processed into the second block are combined to create a second hash that is used for the second block
of the chain. This repeats as transactions are validated, then used to create and add
new blocks to the chain.
The header of each block contains the hash of the previous block. The result is that
each successive block has a hash reflecting a chain back to the previous block. Because
the hash of the previous block is contained in the hash of the new block, the blocks all
connect to each other. This cascading effect creates a dependency that furthers the
security of blockchain and its immutable characteristic. A change to a block would
force the recalculation of all subsequent blocks, which would be a significant computational effort.
Creating a hash representation of the block data is often done by generating a Merkle
tree and storing the root hash, or by using a hash of all the combined block data.
Merkle trees allow the validity of an individual transaction to be determined without
downloading the whole blockchain. In the example above, if you have the root hash
(HABCDEFGH), you can confirm transaction (TH) by accounting for hashes (HG), (HEF), and
(HABCD). If those three hashes are on a blockchain, then transaction (TH) is valid. As stated by Vitalik Buterin, the co-founder of Bitcoin magazine and Ethereum, “Merkle trees
are a fundamental part of what makes blockchains tick. Although it is definitely theoretically possible to make a blockchain without Merkle trees, simply by creating giant
www.iubh.de
24
Unit 1
block headers that directly contain every transaction, doing so poses large scalability
challenges that arguably put the ability to trustlessly use blockchains out of the reach
of all but the most powerful computers in the long term” (Buterin, 2015).
Complete the process
Once validation has been completed and the node to publish the block is determined,
the selected node distributes the block to the network so that each node can add the
block to the chain.
The reward and/or transaction fees will be distributed to the node that has earned the
right to publish the block.
Challenge of Double-Spending
With digital currencies and other digital goods, there arises the challenge of doublespending. Double-spending is when the owner attempts to spend or transfer the balance of a digital currency or good more than once. The result is referred to as the double-spending problem which, until now, has prevented the peer-to-peer transfer of
digital assets (Tapscott, 2016). Unlike cash, where if you use €20 to pay for an item, then
you no longer have the €20 to pay for another item, when using digital currencies and
goods, multiple transactions can be generated that result in a double spend.
If a person with one unit of currency tried to send it to two recipients, both transactions would go into the queue of pending transactions. The first transaction would be
verified, confirmed, and stored with a hash that includes the timestamp. The second
transaction would not be determined as valid and would not be confirmed. The first
transaction, meanwhile, would gather more confirmations, the number of blocks added
to the blockchain after the transaction was recorded.
As stated by Nakamoto (2008), a possible solution to the double-spending problem is:
“using a peer-to-peer distributed timestamp server to generate computational proof of
the chronological order of transactions […] The network timestamps transactions by
hashing them into an ongoing chain of hash-based proof-of-work, forming a record
that cannot be changed without redoing the proof-of-work […] The system is secure as
long as honest nodes collectively control more CPU power than any cooperating group
of attacker nodes” (Introduction, para. 2)
1.3 History of Blockchain and Distributed Ledger
Technology
Blockchain and DLT history is often described in three generations. In addition to versions 1—3, there are a number of contributing factors that occurred to enable Blockchain (Pre-Block chain), and there are current discussions regarding the next generation, Version 4.
www.iubh.de
Unit 1
25
Basic Concepts
Pre-Blockchain
In the 1970s, 1980s, and 1990s, a number of technologies were introduced that contributed to the development of Blockchain.
•
•
•
•
•
•
•
•
The early 1970s marked the development of major advances in public key infrastructure (PKI). In 1976, secure key exchange and asymmetric key algorithms were introduced by four cryptographers. PKI and cryptography will become instrumental to
maintain the security and privacy of a blockchain.
In 1979, USENET was introduced as an early point-to-point architecture. The key difference was the absence of a central server and dedicated administrator. Point-topoint networks are the foundation of blockchain, enabling a trustless architecture.
Also in 1979, Ralph Merkle patented the concept of hash trees, or Merkle trees, which
use a tree structure where every leaf node is labeled with the hash of a data block
and every non-leaf node is labeled with the cryptographic hash of the labels of its
child nodes. Hash trees enable efficient and secure verification of the contents of
large data structures (Merkle tree) and will evolve to do so for the transactions and
blocks of a blockchain.
In 1982, the problem of obtaining consensus was formalized by Lamport, Shostak,
and Pease in a paper describing the Byzantine Generals’ Problem. This is a condition
where components in a distributed computer system may fail and actors must come
to a consensus to avoid system failure, with the expectation that some of the actors
are not acting in a reliable manner. The paper develops an algorithm to ensure that
those who are loyal to the process can reach an agreement. This algorithm was
leveraged in blockchain to determine consensus amount the network nodes.
From 1982—1990, David Chaum with his company, DigiCash, implemented the first
attempt at crypto-currency. It required software to make withdrawals and designate
specific encrypted keys before sending to a recipient. Chaum also constructed a set
of cryptographic protocols which removed the ability to trace the personal payments
conducted online (DigiCash, 2019).
In 1991, Haber and Stornetta published a paper on time-stamping digital documents
so that one can certify when a document was created or last modified by creating
an unforgeable timestamp. The solutions that they proposed use one-way hash
functions and digital signatures (Haber & Stornetta, 1991).
Since 1993, Secure Hash Algorithms (SHA) have evolved from SHA-0 to SHA3. SHA is a
family of cryptographic hash functions published by the National Institute of Standards and Technologies (Secure Hash Algorithms, n.d.).
In 1999, Jakobsson and Juels coined the term “proof of work,” elaborating on an idea
discussed by Dwork and Naor in 1992, which states that a moderately difficult computational problem will deter spammers and ensure that all completed processes
are desirable (Daniel, 2018a).
USENET
A distributed messaging system of the
1970s.
www.iubh.de
26
Unit 1
Blockchain Generation 1.0 — Transactions or Currency
Referred to as the generation of “transactions” or “currency,” the implementation of DLT
led to the first blockchain applications for cryptocurrencies. Satoshi Nakamoto is credited as the creator of Bitcoin. It is still unknown whether Nakamoto is an individual or
group of people, as Nakamoto has chosen not to be identified. Bitcoin is the name
given to the currency as well as to the network that shares the public ledger. On May 22,
2010, Laszlo Hanyecz conducted the first bitcoin transaction by buying two pizzas for
10,000 BTC, an amount that would be worth over 84 million USD in mid-2019. In 2011,
Silk Road was launched, an online black market and platform for the sale of various
contraband. Bitcoin was the sole form of currency on the site.
First generation blockchains used resource-intensive proof of work consensus mechanisms while primarily serving as a payment system.
Blockchain Generation 2.0 — Contracts
The second generation of blockchains are more than payment processors. Blockchains
are now being built to function as smart contracts and computer programs that transfer currencies or assets between parties based on contractual conditions. In 2013,
Buterin introduced the smart contract concept. For example, the digital lock of a vacation home can be set automatically and made available upon receipt of the rental payment. The Ethereum Blockchain is a key player in the blockchain contract space. NEO,
another company that specializes in smart contracts, adds the focus of being regulatory compliant, requiring any entity on their platform to have a unique and verifiable
digital identity.
Blockchain Generation 3.0 — Applications
Open source
This is software that
is freely available to
be redistributed and
modified.
In the third generation, the use of blockchain has expanded to include DApps, or
decentralized applications for the automation of business processes. DApps are built
on the smart contract capabilities of blockchain. DApps are similar to traditional web
applications, however, instead of working with databases, they work with blockchain
data. Other criteria for DApps are that they are open source, operate autonomously,
and cannot be controlled centrally (Filipova, 2018). In short, a DApp is smart contract
with a web-based frontend application.
In 2016, Hyperledger was launched by 30 founding corporate members. The goals of
Hyperledger are to:
•
•
www.iubh.de
create enterprise-grade, open source, distributed ledger frameworks and code bases
to support business transactions,
provide neutral, open, and community-driven infrastructure supported by technical
and business governance,
Unit 1
27
Basic Concepts
•
•
build technical communities to develop blockchain and shared ledger proof of concepts, use cases, field trials, and deployments, and
educate the public about the market opportunity for blockchain technology (Hyperledger, n.d.).
Blockchain Generation 4.0 – The Future
The definition of blockchain generation 4.0 is still in process. The general consensus is
to use the foundation of the previous generations to expand blockchain into information technology (IT) systems. These might include supply chain management, financial
transactions, Internet of Things (IoT), health management, and much more.
1.4 Consensus Mechanisms
Consensus mechanisms are a key component of blockchain. The objective of consensus mechanisms is to ensure the following:
•
•
•
•
•
Unified agreement about which data are true and accurate: Referring to the Byzantine Generals’ Problem, consensus mechanisms ensure that the public ledger is
updated with the consensus of the masses.
Prevent double-spending: Rules built into the algorithm ensure that only valid and
authentic transactions are included in the public ledger, preventing a double spend
of digital currency.
Align economic incentives: Consensus mechanisms incentivize good behavior and
punish bad actors. Efforts to work against the network require a large amount of
computing and financial resources, which is theoretically better used for good
behavior, rather than bad.
Fair and equitable: Consensus mechanisms ensure distributive empowerment over
processing.
Fault-tolerant: Consensus mechanisms ensure that blockchains operate indefinitely,
reliably, and consistently (Aziz, n.d.).
Leading Consensus Mechanisms
Proof of work (PoW)
PoW is the leading consensus algorithm, being the one that was, and is, used by
Satoshi Nakamoto in the establishment of Bitcoin. Before confirming a new block of
transactions, Bitcoin miners compute hashes until they find a desirable number that is
less than a number set by the software protocol called the “difficulty target.” Miners
must find the right nonce that produces a hash lower than the difficulty target set by
the software. This is called a hash-puzzle because the miner must add the nonce to the
hash of the previous block in the blockchain (Narayanan et al., 2016). The first miner
that finds the target hash, and whose work is accepted by the others in the network,
will receive a reward in Bitcoins in addition to transaction fees. Because of the increas-
www.iubh.de
28
Unit 1
ing level of difficulty over time, miners need an increasing amount of processing power,
which in turn consumes a high amount of electricity. In addition, achieving PoW consensus is time-consuming. Between 7 and 30 transactions can be executed per second,
a throughput that is not satisfactory for business applications.
Proof of stake (PoS)
In PoS, the “validator” invests in the coins of the system and therefore owns a stake in
the network. Being selected to validate a block and earn the transaction fee is based
on the number of coins a validator owns (stakes). Different random elements are
added so that the process is not dominated by the wealthy. For example, coin age
selection chooses validators based on how long their tokens are staked for. PoS consumes much less energy and time, resulting in an execution of between 30 and 173
transactions per second.
“Nothing at stake” is the most commonly raised issue with PoS, suggesting that a PoS
environment is more vulnerable to attackers. “Nothing at stake” suggests that there are
minimal economic costs associated with a validator creating multiple competing transaction histories and earning multiple transaction fees. Furthermore, signers (nodes that
need to approve the block before the block is committed) can also sign off on both
blocks. For the validator and the signers, there is nothing to lose if they are a bad actor.
In addition, multiple transaction histories makes it difficult to have consensus of a true
transaction history.
Delegated proof of stake (DPoS)
DPoS is similar to PoS concerning the way that it uses validators for creating new
blocks, but only elected nodes can vote on new blocks. With the intent of speeding up
the process, voting is limited to 21—100 elected delegates, with voting power determined by those most invested in the network. DPoS raises throughput to 25—2500
transactions per second. EOS, Bitshares, Dispatch, and Steemit use DPoS.
Practical Byzantine fault tolerant mechanism (pBFT)
PBFT, when used, is done so with other consensus mechanisms. Nodes in a pBFT system are sequentially ordered with one node being the leader and others referred to as
backup nodes. All nodes in the system communicate with one another, with the goal
being that all honest nodes will come to an agreement of the state of the system using
a majority rule. Communication between nodes has two functions: Nodes must prove
that messages came from a specific peer node, and they must verify that the message
was not modified during transmission. For the pBFT system to function, the number of
malicious nodes must not equal or exceed one third of all nodes in the system in a
given vulnerability window. Similar to the proof of work consensus mechanism, the
more nodes there are in a pBFT network, the more secure it becomes. A supermajority
of honest nodes can determine when a leader is faulty and replace them with the next
leader in line (Lai & O'Day, 2018a). Hyperledger, Fabric, and Zilliqa use pBFT.
Delegated Byzantine fault tolerance (dBFT)
DBFT is similar to DPoS in that each user is able to choose delegates. Each time a new
block is generated, a “speaker” is randomly drawn from the group of delegates. The
speaker will propose a new block as “the truth” to the other delegates. A minimum of
www.iubh.de
Unit 1
29
Basic Concepts
66 percent of the delegates will then need to approve the proposed block. Once
approved, the transactions will be processed and recorded on the blockchain. If not
approved, the block is discarded. The speaker returns to a delegate role. The assumptions for dBFT is that the work proposed by dishonest speakers will be voted down and
that only a minority of delegates will act dishonestly. In either case, the expectation is
that bad blocks will be discarded. NEO is the creator and user of dBFT.
Other Consensus Mechanisms
Many variations of the above consensus mechanisms are currently being used or
developed. Some of these are identified below.
Proof of activity
Proof of activity is a hybrid of PoW and PoS. The process starts as a standard PoW process with miners trying to create the new block by solving. When the new block is mined,
in PoS fashion, a random group of validators is selected to validate the new block. The
more cryptocoins owned by a validator, the higher the chance of being selected for the
validator role. Once signed, the block is added to the blockchain and the transactions
are recorded to it. Decred uses proof of activity.
Proof of authority
Proof of authority is based on the value of identities. Validators are staking their reputation, so blockchains are secured by nodes that are selected because they are deemed
trustworthy. Proof of authority uses a limited number of validators, making it highly
scalable. Microsoft Azure has implemented proof of authority.
Proof of believability
Proof of believability, used by IOST, uses a reputation-based system called Servi, which
are non-tradeable tokens given to good actors in IOST. The IOST network algorithmically
selects a set number of random validators per block. The nodes with a higher believability score are more likely to be selected. Believability scores are based on the number
of IOST tokens, number of Servi tokens earned, number of positive reviews the node
has, and the node transaction and action history.
Proof of capacity
In proof of capacity (variations are proof of storage and proof of space), the more hard
drive space you have, the better your chance of mining the next block and earning the
reward.
Proof of importance
Proof of importance is used by NEM to select a node that will add a block to the blockchain based on a probability score computed on the node’s overall support of the network. This includes vesting (the number of coins vested by the node), transaction partners (rewards are made to users who make transactions with other NEM accounts), and
number and size of transactions in the previous 30 days.
www.iubh.de
30
Unit 1
1.5 Limitations of Blockchain Technologies
As with any technology, blockchain has its limitations. There are common limitations
that blockchain shares with most other technologies — resistance to change, lack of
skilled personnel, lack of a consistent vocabulary, legal concerns, social concerns, and
more. There are other limitations specific to blockchain, discussed below, that can be
generalized as scalability, resource demands, and security.
Scalability
Blockchain confirms an average of 275,000 transactions per day (approximately 190 per
minute) while major credit card systems process 400,000 transactions per minute
(Waldo, 2019). The limiting factor is block verification which is slowed down by the processor intensive consensus mechanisms. It is the consensus mechanisms that ensure
the highest level of immutability. However, the sacrifice is scalability. Consensus mechanisms that reduce the processing requirements are being developed to improve upon
this limitation.
Resource Demands
An extension of scalability is the limitation of resource usage. This is particular to the
use of the proof of work (PoW) consensus mechanism in permissionless blockchains.
PoW is heavily computing intensive, and incurs a significant use of electricity. The
tradeoff is that PoW is an effective solution for “hard to solve, easy to verify” proofs for
the environment where there is little to no trust among system users. In permissioned
blockchains, different consensus mechanisms can be used because the requirements
are different.
Security
There is an unavoidable security flaw in P2P networks. In bitcoin and other blockchains,
there is potential for the 51% attack, highlighted by Satoshi Nakamoto. If more than half
of the nodes of the network lie, then the lie becomes the truth. For this reason, bitcoin
mining pools are closely monitored so that no one gains network influence. Malicious
actions can include:
•
•
•
www.iubh.de
Ignoring transactions from specific users, nodes, groups, or countries.
Creating an alternate chain then submitting it once the alternate chain is longer
than the real chain. The honest nodes will switch to the chain that has the most
work done, which is now the alternate chain.
Refusing to transmit blocks to other nodes, disrupting the distribution of information (Yaga et al., 2018).
Unit 1
31
Basic Concepts
Blockchain uses asymmetric cryptography for identification, authentication, and
authorization. Although it is a strong cryptographic method, there is no protection if
the user loses or unwillingly shares their private key with others.
Summary
In today’s connected world, the transfer of money, services, and goods span geographic and jurisdictional boundaries. From an accounting perspective, these activities have been recorded using ledgers. The ledgers are held by each participant
involved in the transaction and are subject to being out-of-sync. This results in
extra efforts to reconcile, increased settlement times, intermediaries, and additional overhead costs.
Blockchain is a distributed ledger that allows transactions to be recorded in a peerto-peer network. The ledger is structured in hash-linked blocks and is distributed
to all nodes in the network to ensure consistency. All confirmed and validated
blocks are linked from the beginning. The blockchain is the source of truth.
The consensus mechanism sets the protocol to ensure the validity and integrity of
the transaction. Cryptographic hashes built into the structure of the chain prohibit
any change to data on the chain and digital signatures ensure that transactions are
from who they say they are. The peer-to-peer network eliminates and prevents a
single controlling entity so participants in the network are all equal.
The blockchain technology has matured in the past decade, however, there remain
limitations that are being addressed so that the technology can scale to meet the
needs of individuals and enterprises as the technology gains acceptance.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 2
Bitcoin
STUDY GOALS
On completion of this unit, you will have learned …
… how the Bitcoin platform functions in the market from the user's perspective.
… how Bitcoin is technically designed and implemented.
… about the potential attack vectors that could affect Bitcoin and security breaches that
have affected bitcoin holdings.
… about limitations of Bitcoin that affect its growth in the cryptocurrency market.
… what cryptocurrency platforms have been derived from the Bitcoin platform.
… what leading cryptocurrency platforms are alternatives to the Bitcoin platform.
DL-E-DLMCSEBCQC01-U02
34
Unit 2
2. Bitcoin
Introduction
Bitcoin is considered to be the first implementation of blockchain and the first decentralized cryptocurrency. Bitcoin also involves the internet-based use of cryptography to
secure currency used for financial transactions.
Decentralization of the cryptocurrency is made possible through the technologies associated with distributed ledger technology (DLT). Key characteristics of DLT are shared
record keeping, consensus, independent validation, and an immutable ledger. While
not all distributed ledgers are implemented with blockchain, blockchain is the primary
technical architecture for DLT, providing all of the required characteristics of DLT.
Bitcoin is an implementation of blockchain technology created by Satoshi Nakamoto in
2009. In this unit, we will cover:
•
•
•
how bitcoin was designed, the user interface and the underlying technologies,
general concerns, including security, scalability, and other limitations, and
other cryptocurrencies that have spawned from bitcoin and the future of bitcoin.
Note that ‘bitcoin’ is the name of both the currency and the software technology. Lower
case ‘b’ will be used to designate the currency (bitcoin) and upper case ‘B’ will be used
to designate the software technology (Bitcoin).
The website associated with Bitcoin specifies the Principles of Bitcoin to be as follows:
•
•
•
•
•
•
•
21 million coins: Only 21 million coins will ever exist.
No censorship: Nobody should be able to prevent valid transactions from being confirmed.
Open source: Bitcoin source code should always be open for anyone to read, modify,
copy, and share.
Permissionless: No arbitrary gatekeepers should ever prevent anybody from being
part of the network (user, node, miner, etc.).
Pseudonymous: No ID should be required to own and/or use Bitcoin.
Fungible: All coins are equal and should be equally spendable.
Irreversible transactions: Confirmed blocks should be set in stone. Blockchain history should be immutable (Principles of Bitcoin, n.d.).
In this unit, user components of the bitcoin payment system and the technical components that, together, achieve the principles as specified, will be described.
www.iubh.de
Unit 2
35
Bitcoin
2.1 The Bitcoin Payment System
High-Level User Process
Bitcoin can be used to receive bitcoin in payment and to use bitcoin for payment. To do
so, the process and the components needed by the end user are defined below.
•
•
•
•
Obtain and set up a mobile wallet.
To accept a single payment:
◦ the user generates a public address for their wallet or a QR code to give to the
person sending the bitcoin,
◦ give the public address or QR code to the person — or create a payment request
in the wallet,
◦ monitor wallet for incoming transactions, and
◦ wait for confirmation of transaction.
To accept regular bitcoin payments (e.g. as a web retailer of goods):
◦ select a bitcoin payment processing provider, who manages and processes bitcoin payments for internet retailers,
◦ create an account with the payment processing provider and the merchant’s
business bank account so that bitcoin received in payment can be converted to
fiat currency, and
◦ integrate the payment processing provider to the merchant’s website so that it
can be used by customers.
To use bitcoin:
◦ obtain bitcoin through purchase or earning, and
◦ pay bitcoin from the user’s wallet to individuals or organizations that accept bitcoin.
Fiat currency
This is currency that
is issued by a government agency. For
example, United
States Dollar or Euro.
Wallet
In the same manner that a physical wallet holds physical currency, a cryptocurrency
wallet, also referred to as a digital wallet, is used to do the following:
•
•
•
Interact with the Bitcoin platform — Payments can be sent from the wallet and payments can be received into the wallet.
Track the bitcoin addresses of the wallet owner.
View all transactions to and from the wallet and each bitcoin address.
Wallet addresses
A bitcoin address is an identification (set of public/private keys) of a designation for a
bitcoin payment or a source from which a payment is being made. The following two
address formats are in use:
www.iubh.de
36
Unit 2
•
•
Pay-to-Pub-key-hash (P2PKH), common P2PKH type, has a number that begins with
1.
Pay-to-Script-hash (P2SH), newer P2SH type, has a number that begins with 3.
The recommended way to use bitcoin is for the person being paid to send a new
address to each person that they are expecting payment from. The person making the
payment will pay to that public address. The person being paid will receive the payment into that address. That address can then be used by the owner to spend bitcoins
that have been received into that address. When the bitcoins have been fully spent
from that address, the address should not be used again.
When person A sends person B bitcoins or any other type of digital currency, person A
is essentially signing off ownership of the coins from their wallet address to person B’s
wallet address. To be able to spend those coins and unlock the funds, the private key
stored in person B’s wallet must match the public address that the currency is assigned
to. If public and private keys match, the balance in person B’s digital wallet will
increase, and the wallet of person A will decrease accordingly (Rosic, n.d.-b).
To simplify the wallet holdings and facilitate the use of bitcoins, a wallet owner can
create a new address, transfer, and consolidate coins from multiple addresses into one
address.
Wallets fall into two categories — custodial and non-custodial. The difference is the
level of control the owner has over the funds.
Custodial wallet
A custodial wallet is a wallet in which an owner contracts with a third party service to
store the owner’s private keys.
The main advantage of a custodial wallet is that it eliminates the risk of losing the private keys and, therefore, losing access to the funds.
The disadvantages of a custodial wallet are that the custodian/vendor has control over
the owner’s funds, and, as a result, the centralization of wallets on a server or database
creates an opportunity for hackers. A custodial wallet is considered a “hot wallet,” as it
is connected to the internet. The internet connection makes the wallet more susceptible to hackers and other technical vulnerabilities. Should the wallet be hacked, cryptocurrencies may be lost.
Non-custodial wallet
Non-custodial wallets are fully controlled by the owner. The advantage is that the
owner has full control, however, the disadvantage is that a loss of private keys results
in a loss of access to the funds.
Non-custodial wallets fall into two categories of storage — hot and cold. As stated earlier, hot wallets are more susceptible to internet-based hackers while cold storage is
considered to be more secure.
www.iubh.de
Unit 2
37
Bitcoin
Hot storage
Hot wallets are more susceptible to internet-based hackers because of the direct connection to the internet. The advantage of hot wallets is their easy access to the internet
which makes it simpler to conduct transactions.
•
•
Desktop wallets are software programs that are installed on a computer and
accessed from that device. The user can create addresses for sending and receiving
cryptocurrency. The private keys are stored on the hard drive. As it is connected to
the internet, the desktop wallet is susceptible to hackers and malware. Hardware
failure could cause the wallet to be inaccessible.
Mobile wallets are apps that are installed on iOS and Android devices. Mobile wallets offer portability, allowing the user to make direct payments in cryptocurrencies
anywhere, including brick-and-mortar stores. Mobile wallets have risks similar to
those of desktop wallets.
Cold storage
Cold storage puts a buffer between the user’s cryptocurrencies and the internet, making them more secure. Cold storage is better for long-term, secure storage of cryptocurrencies.
•
•
Hardware wallets are hardware devices, typically with a USB connection, that can be
connected to an internet-enabled device to conduct cryptocurrency transactions.
Hardware wallets are secure, however, they can be stolen or lost, resulting in a loss
of the bitcoins associated with the private keys that are stored on the hardware.
Paper wallet is software that generates keys which are then printed onto physical
paper. The printed paper is also referred to as a paper wallet. To add cryptocurrency
funds to a paper wallet, cryptocurrency funds are transferred from the software wallet to the public address provided by the paper wallet. To spend cryptocurrency
funds, the funds are transferred from the paper wallet to the software wallet. Like
the hardware wallet, the printed paper can be lost, resulting in a loss of bitcoins.
Buying Bitcoins
Bitcoin users need bitcoins in order to conduct financial transactions. There are a number of ways in which a user can obtain bitcoins.
•
•
•
•
•
Cryptocurrency exchanges are commercial vendors who buy and sell bitcoins. The
fee for commercial exchanges is 1—5 percent or more.
Cryptocurrency ATMs are available throughout the world, and almost all of them
offer Bitcoins in addition to other cryptocurrencies. The fee for use of the ATM is 3—
6 percent or more.
Use a classified service where buyers and sellers can trade bitcoins for cash.
Sell a product or service for bitcoins.
Gift cards are a unique way to purchase bitcoins. Services exist where a gift card,
such as Amazon, Walmart, and many more, can be exchanged for bitcoins. Fees average 5 percent.
www.iubh.de
38
Unit 2
Fluctuating bitcoin value
Over its lifespan, the value of bitcoins has fluctuated greatly. From 2011 to early 2017,
the price of bitcoin was less than $1,000. In December 2017, it peaked at over $17,000.
Between then and late 2018, the price dropped to just over $3,000. In summer 2019, the
price has risen and hovers around $10,000.
Purchasing bitcoin is not like investing in stocks and bonds because corporate financial
statements do not exist. It is also unlike investing in traditional currencies because it is
not issued by a bank or backed by a government. Monetary policies, inflation rates, and
economic growth measurements do not influence bitcoin prices in the same manner
that they affect traditional currencies (Bloomenthal, 2020). However, as economies built
with fiat currencies show strength or weakness, investors may allocate more or fewer
assets to bitcoins (Reiff, 2020c). There are many other factors that affect bitcoin, which
will be explained in the following sections.
Supply and demand
The supply of bitcoins is controlled by two factors — the mining reward and the maximum number of bitcoins. The bitcoin protocol calls for bitcoins to be created and distributed when miners process blocks of transactions.
Competing currencies
Although bitcoin is the most well-known cryptocurrency, there are many others, including Ethereum and Litecoin, as well as other initial coin offerings (ICO) that are regularly
being introduced. An ICO is the initial offering of the cryptocurrency to investors or
speculators. Fiat currencies, or other more common cryptocurrencies, such as bitcoins,
are used as the exchange medium in an ICO.
www.iubh.de
Unit 2
39
Bitcoin
Internal governance
Changes to the Bitcoin software is consensus driven, resulting in long resolution periods. For example, scalability has been a concern for Bitcoin because of the consensus
algorithm. Originally, when the demand was low, there was little concern. However,
increased bitcoins in the market, together with greater acceptance of bitcoin, results in
increased use and lower processing speeds. The Bitcoin community has been divided
on how to address scalability.
Forks
Changes to the rules that are built into the underlying software are called “forks.” A soft
fork is a permanent change to the Bitcoin protocol that does not require all nodes to
upgrade in order to maintain consensus or result in new cryptocurrencies. All new
blocks being produced by nodes that have upgraded to the new protocol will also be
compatible with the previous protocol. Non-upgraded (legacy) nodes will see these
new transactions/blocks as valid. However, if legacy nodes try to mine blocks, the
blocks will be rejected by the upgraded nodes. All blocks being produced by legacy
nodes will violate the new protocol and be made stale by the upgraded mining majority. Therefore, a soft fork needs the majority of nodes to agree and accept the new protocol in order for the new protocol to become permanent for Bitcoin.
In comparison, a hard fork implements a protocol change that is not compatible with
the older protocol. Legacy nodes will see new transactions/blocks as invalid and, as a
result, the legacy nodes will not be able to successfully mine blocks. For example, a
hard fork of Bitcoin occurred in 2017 when a group of Bitcoin investors, developers,
miners, and activists went forward with an alternative to increase the block size limit,
creating Bitcoin Cash. Bitcoin Cash subsequently split in 2018, again over a block size
limit, to create Bitcoin SV. In some hard forks, the fork created two different cryptocurrencies from the activation block forward. When Bitcoin Cash was forked, each owner
received 1 Bitcoin Cash (BCH) for each bitcoin (BTC). When Bitcoin SV was forked, each
owner received 1 Bitcoin SV (BSV) for each Bitcoin Cash (BCH).
Negative events
The bankruptcy of cryptocurrency exchanges that actively transact bitcoins, such as the
bankruptcies of Mt. Gox and Yapian Youbit, caused by security breaches, has caused
fear in investors. Additionally, the use of Bitcoin in some illegal transactions on Silk
Road, an online black market and darknet market, generated further panic among
investors.
Government uncertainty
Governments around the world demonstrate their level of tolerance from full rejection
to full acceptance. As governments continue to evolve a documented position on the
use of cryptocurrencies and cryptocurrency technologies, fear will continue to simmer.
•
•
United States: As of mid-2019, the federal government has not established regulations and have left the decisions to the individual states.
Europe: As of mid-2019, inside the 19-country monetary union, blockchain is almost
purpose-built for new regulations demanding transparency of information and
shared data between markets and institutions and is quickly becoming the biggest
Black market
This is an underground economy
that is characterized
by illegal activities.
Darknet market
This is a black market that conducts
changes in cryptocurrencies.
www.iubh.de
40
Unit 2
•
new startup sector in the region. Even outside the monetary union, central banks
have followed suit, and recognize the immense potential of early adoption for their
individual territories (Liebkind, 2019a).
Asia: As of mid-2019, while Japan recognizes bitcoin as a legal means of payment,
other countries like Bangladesh, Nepal, and Kyrgystan consider the trading of virtual
currencies to be highly illegal. China has imposed strict regulations on bitcoin trading (Liebkind, 2019a).
Large holder risks
As of mid-2019, there are 2,119 addresses that each hold bitcoins valued greater than
$10M with 4 addresses holding a total of $5B. Divestiture of their bitcoin would likely
cause a significant impact on the market. As an example, in May 2019, the sale of 5,000
bitcoins on the Bitstamp exchange, worth approximately $40M, resulted in a crash that
wiped out more than $10B of bitcoin’s market capitalization in 20 minutes. The borderless and semi-anonymous nature of bitcoin means that it is difficult to police instances
of market manipulation, while the lack of regulation compared to other commodity
markets means that a handful of bad actors are able to exploit it for financial gain
(Cuthbertson, 2019).
Spending Bitcoin
Once a user has established a wallet and obtained bitcoins in the wallet, bitcoins can
be spent on goods or services for which they are accepted. There are a number of web
retailers, services, and charities that accept payment in bitcoins.
Cryptocurrencies, such as bitcoin, can also be connected to debit cards that can be
used in the same manner as debit cards that are funded by fiat currency.
Fees for Using Bitcoin
The miners are primarily rewarded for processing transactions in bitcoins as established by the Bitcoin protocol. In addition, the bitcoin sender can pay an optional
transaction fee that is included with the transaction.
The purpose of the additional transaction fee is to provide an incentive to the miner so
that the sender's transaction(s) will be processed faster. Transactions that are accompanied by higher transaction fees are processed more immediately, while lower or no
transactions fees may result in slower processing. Since transactions are gathered
every ten minutes, and a block has a maximum size limit, the level of transaction activity dictates the size of the queue, while the transaction fees dictate placement in the
queue. A transaction without an additional transaction fee, in a period of low transaction activity, might be processed in the next block, while in a period of high transaction
activity, might be significantly delayed.
www.iubh.de
Unit 2
41
Bitcoin
As a result, fees paid to bitcoin miners rise or fall as a result of the network demand
and the network space. As transactions increase, the cost for having a bitcoin transaction included in the next block rises higher and higher. Many bitcoin wallets include a
dynamically-calculated bitcoin miner fee in outgoing transactions. This will generate a
miner fee that will make sure the transaction is processed in a timely manner.
The advantage of recording a transaction sooner, rather than later, is that you can then
spend or sell the coins received and a merchant will consider a deal completed. Speed
can be a matter of necessity when using bitcoin to buy high-demand goods, for example in the purchase of event tickets. Also, for bitcoin traders that would be heavily
impacted by the fluctuating price of bitcoin, minutes matter when buying and selling
bitcoins.
If a transaction is not confirmed for a long period of time, it will be erased from a
node’s mempool. The current default timeout is 72 hours. The transactions with the
lowest value will be dropped from the mempool and the funds are returned to the
owner’s wallet.
As can be seen in the chart below, transaction fees, which had been less than $1,
peaked to over $40 in December 2017. The surge was a situation of supply and demand.
At the same time, bitcoin’s price had surged from $10K to $20K, leading to an increase
in investors. More users and more transactions increased the demand for timely miners’ services, resulting in the surge in price.
www.iubh.de
42
Unit 2
2.2 The Technology Behind Bitcoin
Bitcoin is an implementation of distributed ledger technology (DLT) built on a blockchain architecture. The following section covers the implementation of blockchain
attributes that have built out Bitcoin as the innovator and leader in the field of payment networks.
The Bitcoin network is built on a decentralized peer-to-peer (P2P) network. Bitcoin
users send and receive bitcoins, creating transactions that are gathered and validated
by miners using the consensus rules.
Blockchain
A blockchain is the transaction database that is used by all Bitcoin nodes. A full blockchain contains every block and every transaction since the genesis block, which was
the first Bitcoin block created on January 3, 2009.
Block Structure
A block is a data structure comprised of a header, containing metadata, and a number
of transactions.
www.iubh.de
Unit 2
43
Bitcoin
Some of the metadata include the following:
www.iubh.de
44
Unit 2
•
•
•
mining data — timestamp, nonce, difficulty
block size — indicates the size of the block
block height — the position of the block in the blockchain
There are three hashes.
•
•
•
Hash — This hash is created by hashing the block header twice with the SHA256
algorithm. The previous block’s hash is used to create the hash of the new block. In
the example above, the hash of the previous block
(000000000000000000135099aff910dc138ae7131c56409c96d433cd32495f0f) is used to
create the hash of block #591990
(00000000000000000002e19f31933bdb6dcb8722abcb4bae282ed08f6c8fd14f).
Previous block — This is the hash of the previous block, also known as the parent
block, in the chain. This hash is what ensures the linkages of the blockchain as
blocks are linked backwards by referencing the hash of the previous block in the
chain.
Merkle root — This hash is from the data structure to summarize the transactions in
the block, producing an overall digital fingerprint of the entire set of transactions
and an efficient means by which to verify that a transaction is included in the block
(Antonopoulos, 2014). The node at the top of the Merkle tree is called the root. It is
the root hash that is stored in the block header of each block on the blockchain.
Remainder of block
The main part of the block are the transactions. A segment of the list of transactions in
the block can be seen below.
An example of a transaction is shown below. Some of the fields contained in the transaction are described in more detail.
www.iubh.de
Unit 2
45
Bitcoin
Block size
Miners gather outstanding transactions into blocks with the size of a Bitcoin block having been limited to 1MB by Satoshi Nakamoto in 2010. Although there is no documented
reason as to why Nakamoto chose a 1MB limit, it is theorized that a large block size
allows for denial of service (DoS) attacks that could have been achieved by flooding the
network and splitting up a small number of transactions into a larger number in order
to occupy additional space in a block and/or by sending lots of transactions containing
large amounts of data.
The ten minute block creation time and the 1MB limit created a limitation on the scalability of Bitcoin as the volume of Bitcoin transactions were increasing. A number of
potential solutions were presented including the increase of block sizes, incremental
annual percentage increase of block size, and a separation of transaction data from
header data. BIP (Bitcoin improvement proposal) 102 proposed an increase of the block
size limit to 2MB, but it was rejected. BIP 103 proposed an annual percentage increase
of the block size limit and is still in the draft stage.
BIP 141, known as Segregated Witness (SegWit), was accepted into deployment in 2017
as a soft fork. SegWit essentially increases the capacity of the block to 2—4MB by separating the data for the digital signature from the transaction data. The majority of space
in a transaction is taken up by a signature (which verifies that the sender has the funds
to make a payment). This signature can be up to 60 percent of each transaction. SegWit
removes the signature from the transactions and moves it to a structure at the end of
www.iubh.de
46
Unit 2
the transaction. With SegWit, the removal of the signature from transactions resulted in
blocks containing transaction data of 1MB and signature data that increases the total
block size up to 4MB.
SegWit restricts size by using a maximum “block weight” of 4MB. The formula to calculate block weight is:
transaction size with witness data stripped · 3 + transaction size
SegWit transactions have witness data so the weight is less than four times the size of
the transaction (e.g. Using 600 bytes of witness data).
Transactions = 1MB
Block Weight = 400KB · 3 + 1MB = 2 . 2 MB
Using this example, a previous block of 1MB of transactions would have 2.2MB of block
weight, allowing space for additional transactions to be included in the block without
exceeding the maximum block weight of 4MB.
Software
Client software
The client software for Bitcoin is the wallet that facilitates private key generation and
security, payment sending, and payment receipt. There are a number of wallets, each
offering a mix of capabilities including the type of wallet and security, automated backups, disk space, multi-user capability, and OS compatibility.
ASIC
Application-specific
integrated circuit is
hardware customized for a particular
use.
FPGA
Field programmable
gate array is an integrated circuit
designed to be configured by a customer.
www.iubh.de
Mining software
The mining process requires dedicated hardware (ASICs, FPGAs) as well as software
applications that implement the Bitcoin protocol. There are a number of mining software applications. The mining software applications each offer a mix of capabilities
including OS compatibility, hardware support, cryptocurrency support, command line
versus menu driven, inclusion in a mining pool of other miners, cloud inclusion in a
mining pool of other miners, support for multiple mining hardware environments, and
more.
Other Aspects of Bitcoin Technology
Mining rewards
When Satoshi Nakamoto created Bitcoin, the reward was 50 bitcoins. That mining
reward amount is halved with every 210,000 blocks added. At the average rate of block
mining, 210,000 blocks take approximately four years to mine. In mid-2019, the block
reward was at 12.5 bitcoins (approximately $12.5K). Mining rewards will continue until
the maximum number of bitcoins (as per the protocol) of 21 million has been distributed, which is expected to be in 2140.
Unit 2
47
Bitcoin
Cryptography
Cryptographic technologies are at the core of the Bitcoin process.
Public key cryptography
Every coin is connected to its current owner’s public key. The owner’s digital signature
with their private key verifies the ownership of the bitcoins and whether or not the
transaction details were sent as intended. If the digital signature is missing or doesn’t
match the public key, the transaction will be invalidated and will not be added to the
blockchain.
Blockchain
Each block’s previous block hash preserves the integrity of the chain by linking back to
the previous one, all the way back to the genesis block. Any change to a transaction in
the transaction history would change the block hash of all the following blocks in the
chain, otherwise there would be a mismatch in the expected block hash and the next
block’s “previous block hash.”
Proof of work
Bitcoin uses the Hashcash proof of work algorithm, which was invented in 1997 by
Adam Back. To determine the node that will publish the block to the network, Bitcoin
miners compute hashes until they find a hash that is less than the difficulty target. To
find the correct hash, miners must find the right nonce that, together with the data in
the block, produces a hash that is less than the difficulty target. The node will hash the
block header repeatedly, changing the nonce, until the hash output is less than the target hash.
2.3 Security of Bitcoin
Bitcoin security resides in a combination of the inherent characteristics of the blockchain technology and Bitcoin’s implementation of blockchain. It is stated that there
have been “thefts and security breaches that happened on diverse exchanges and
businesses. Although these events are unfortunate, none of them involve Bitcoin itself
being hacked, nor imply inherent flaws in Bitcoin” (Bitcoin, n.d., Security, para. 3).
Possible Attack Vectors
Possible attack vectors in the Bitcoin environment are described in the following sections.
Double-spending attacks
Double-spending is when someone makes more than one payment using the same bitcoins. The design of the Bitcoin platform virtually eliminates this situation through the
complex process of mining. Users are advised to wait until a transaction has been con-
www.iubh.de
48
Unit 2
firmed six times (approximately 60 minutes) before accepting it as payment and transferring the goods. However, some specific scenarios have been described that might
allow a double-spending attack to be successful. All of them rely on the merchant
delivering the goods or services without waiting for a successfully confirmed transaction.
Race attack
A race attack is a double-spending attack when a malicious actor (MA) creates two
transactions. One transaction is sent to the merchant’s address in payment for the digital asset, while a second transaction spending the coin on the MA is sent to the rest of
the network. If successful, the MA retains the bitcoin and receives the merchant’s goods
or services.
Finney attack
A Finney attack is named after Hal Finney who described it in 2011. In a Finney attack,
the MA mines a block that includes a transaction in which they send some of the coins
back to themselves, however, they do not broadcast this transaction. The MA then
sends the same coins to a merchant for goods or services. After the merchant accepts
payment and provides the goods or services, the MA broadcasts the block with the
transaction that sends the coins back to themselves. This earlier transaction will override the unconfirmed payment to the merchant.
Withhold attack
A withhold attack expands upon the Finney and race attacks. Like the race attack, the
MA sends a transaction to the merchant, but also sends a duplicate transaction to
themselves. The duplicate transaction, however, is sent on a private alternate blockchain fork that they are mining. The merchant releases the goods or services after the
recommended number of confirmations. Then the MA publishes the alternative chain
to the wider network. If the MA had been able to mine more blocks than the wider network, then the alternative chain would become the legitimate chain and the transaction that sent payment to the merchant would be designated as invalid. The withhold
attack is more resource intensive as the MA needs a significant amount of network
hash power to have mined more blocks than the wider network (Radix, 2018b).
51% attack
The situation outlined in the withhold attack is generalized as a 51% attack, or majority
attack, if the MA has greater than 50 percent of the network hash power. The MA can
impose their will even if all the other miners on the network were to band together and
act as one. A 51% attack is based on the premise that the MA can mine and create
blocks faster than the rest of the network combined. The chain of the MA would
become the legitimate chain with the MA’s chain history overriding all of their published transactions to date. From the Bitcoin wiki, a MA with greater than 50 percent of
the network’s computing power could
www.iubh.de
Unit 2
49
Bitcoin
•
•
•
•
reverse transactions that they send while they are in control. This has the potential
to double-spend transactions that had been previously seen in the blockchain,
affecting all coins that share a history with the reversed transaction.
reverse confirmations for any transaction that had previously been seen in the
blockchain while the MA is in control.
prevent some or all transactions from gaining any confirmations.
prevent some or all other miners from mining any valid blocks (Weaknesses (2.6),
n.d.).
Cryptocurrency miners have joined together into mining pools. A mining pool is when
miners join together to share their processing power and split the reward equally
based on the work they contribute to the finding of a block. It is estimated that “over
80 percent of Bitcoin mining is performed by six mining pools,” (Kaiser et al., 2018, p.2)
with five of those managed by entities in China. With Chinese mining pools accounting
for 74 percent of Bitcoin’s hashpower, China holds the ability to threaten the security,
stability, and viability of Bitcoin (Canellis, 2018).
Network attack — Sybil
A Sybil attack is an attempt by an MA to control the Bitcoin mining network by creating
multiple new nodes (identities). The new nodes would be the MA, a single entity who is
controlling the new nodes, resulting in the ability to have undue influence on the network as a whole. This influence can be used to provide false information (like in a 51%
attack) or to manufacture support for something. This network attack can be controlled
in the following ways:
•
•
•
•
the MA can refuse to relay blocks and transactions from everyone,
the MA can relay only blocks that they create,
the MA can filter out certain transactions, and
low-latency encryption or anonymization of Bitcoin transmissions, (with Tor, for
example, which provides anonymous connections that are resistant to eavesdropping and traffic analysis) can be defeated relatively easily with a timing attack if the
user is connected to several of the MA’s nodes and the MA is watching the user’s
transmissions through their internet service provider (ISP) (Weaknesses (1.3), n.d.).
Because of the number of Bitcoin miners, together with the compute power required by
a Bitcoin miner, adding tens of thousands of highly-powered nodes is a very expensive
venture.
Deanonymizing users
Tor is a free and open-source software for enabling anonymous communications by
directing internet traffic through a worldwide, volunteer overlay network consisting of
more than seven thousand relays to conceal a user’s location and usage from anyone
conducting network surveillance or traffic analysis. Tor is used by some Bitcoin users
for this purpose.
Bitcoin, when used as a payment method for Tor hidden services, leaks information
that can be used to deanonymize their users. The deanonymization is caused by a lack
of retroactive operational security present in Bitcoin’s pseudonymity model. By inspect-
www.iubh.de
50
Unit 2
ing historical transactions in the Blockchain, a malicious actor can link users who publicly share their Bitcoin addresses on online social networks, with hidden services that
publicly share their Bitcoin addresses on their Tor landing pages. In over 100 cases, the
authors of “Deanonymizing Tor Hidden Service Users through Bitcoin Transactions Analysis” connected bitcoin payments on a dark web site to a public account. In more than
20 cases, the public accounts were transactions on Silk Road, an online black market.
Lack of privacy
Similar, but simpler, is the vulnerability of Bitcoin where a user’s public address could
provide a tracking mechanism. For instance, if a user purchased bitcoin through an
exchange, the exchange would have the user’s public address, and that public address
could be used to track the user’s Bitcoin’s transactions on the Bitcoin platform where
the public address is readily available.
Bitcoin Security Breaches
Over the years, there have been a number of security breaches related to the bitcoin
holdings of customers. The following chart shows the breaches in reverse chronological
order. A few will be discussed following the chart.
Bitcoin Security Breaches
www.iubh.de
Year
Month
Exchange
Number of Bitcoins Missing
2011
October
Bitcoin7
5,000
2012
March
Bitcoinica
43,554
2012
May
Bitcoinica
18,547
2012
July
Mt. Gox
1,852
2012
July
Bitcoinica
40,000
2012
July
BTC-e
4,500
2012
September
Bitfloor
24,000
2012
December
BitMarket.eu
18,788
2013
May
Vircurex
1,454
Unit 2
51
Bitcoin
Year
Month
Exchange
Number of Bitcoins Missing
2013
November
BIPS
1,295
2014
February
Mt. Gox
650,000
2014
March
Poloniex
97
2014
July
Moolah/Mintpal
>3,700
2014
July
Cryptsy
11,325
2014
August
BitNZ
39
2015
January
Bitstamp
<19,000
2015
January
796 Exchange
1,000
2015
February
Bter
7,170
2015
February
KipCoin
>3,000
2015
March
Allcrypt
42
2016
March-April
ShapeShift
469
2016
March
CoinTrader
81
2016
May
Gatecoin
250
2016
August
Bitfinex
119,756
2016
October
Bitcurex
2,300
2017
April
Yapizon
3,816
2017
December
NiceHash
4,700
2018
April
CoinSecure
438
www.iubh.de
52
Unit 2
Year
Month
Exchange
Number of Bitcoins Missing
2018
September
Zaif
5,966
2018
October
MapleChange
913
2018
December
QuadrigaCX
26,350
2019
May
Binance
7,000
Mt. Gox was hacked twice, in 2012 and 2014. In 2012, a hacker gained access to Mt. Gox’s
auditor’s credentials and transferred bitcoins to an address for which Mt. Gox did not
have a key. In 2014, when Mt. Gox was handling almost 70 percent of the worldwide bitcoin transactions, the 650,000 loss of bitcoins caused Mt. Gox to file for bankruptcy
(Agrawal, 2019a).
Bitfloor was hacked when hackers accessed unencrypted private keys kept online for
backups (Agrawal, 2019a).
Bitfinex hackers, in the second largest bitcoin hack, exploited a vulnerability in the wallet architecture of Bitfinex and BitGo. Bitfinex customers were refunded their money
over 244 days following the breach. Bitfinex continues to operate (Agrawal, 2019a).
QuadrigaCX founder and CEO used customer funds to trade on his own account, stealing more than $200M USD from customers.
API keys
An application programming interface
key is transmitted
with an API request
to authenticate the
source of the
request.
2FA codes
Two factor authentication requiring two
means of identification before accessing an account.
www.iubh.de
The most recent incident, as of this writing, was in May 2019 when Binance was hacked.
Hackers obtained a large number of “API keys, 2FA codes, and potentially other info […]
using a variety of techniques, including phishing, viruses, and other attacks” (Binance,
as cited in Agrawal, 2019a).
In all cases, the security breaches were at centralized exchanges. The majority of the
breaches were a result of careless handling of private data or exploitation of wallet vulnerabilities. This supports the concern that using a custodial wallet may not be secure
for cryptocurrencies.
2.4 Scalability and Other Limitations of Bitcoin
Blockchain is the technical platform on which Bitcoin is built. Blockchain has limitations that may affect any implementation of its technology while Bitcoin has additional
limitations that are specific to the Bitcoin implementation of blockchain.
Unit 2
53
Bitcoin
Blockchain Limitations
Security flaws
The security concerns that have been previously discussed generally apply to blockchain implementations. Double-spending, 51%, and Sybil attacks, as well as deanonymizing users and lack of privacy are all security flaws of blockchain as a whole.
Loss of private key
A user’s loss of private keys results in a loss of access to the cryptocurrency funds. As
stated by Allison Berke, executive director of the Stanford Cyber Initiative: “The loss of a
private key is probably the biggest threat to blockchain systems. People have lost millions in bitcoin after losing their private keys” (as cited in Hintze, 2018, para. 3). This
limitation can be mitigated by selecting a wallet solution for the storage of cryptocurrency that minimizes the likelihood of key loss.
Complexity, maintenance, and supportability
There is a lack of deep understanding, educational resources, and experience when it
comes to this nascent technology. This applies to the following:
•
•
Development of the Blockchain platforms: There have been significant disagreements over the direction of the Bitcoin platform. This has also been true for other
cryptocurrency platforms, such as Ethereum. The block size disagreement and eventual fork of the Bitcoin platform is an example of the potential for fragmentation
when disagreements cannot be resolved.
Administration of the Blockchain environment: Lack of available talent to provide
stewardship to the environment is a concern for organizations considering a blockchain solution. Best practices are evolving, and the full cost of sustaining a permissioned blockchain remains unknown (Haley & Whitaker, 2017).
Legal and regulatory issues
Legal and regulatory issues include:
•
•
•
•
•
Jurisdictional boundaries: Nodes and users reside in many different countries, which
may have different restrictions and regulations.
Financial services regulations: Regulations specific to an industry differ from country
to country.
Service levels and performance: Contracted or expected assurances of performance
are lacking or difficult to develop.
Liability: Risk of a systemic issue that causes a transaction to settle incorrectly.
Intellectual property (IP): Blockchain vendors need to determine their IP strategy to
address ownership of blockchain software developments (McKinlay et al., 2018).
www.iubh.de
54
Unit 2
Bitcoin Specific Limitations
Scalability
Scalability has been a concern for Bitcoin because of the consensus algorithm. Originally, when the transactional demand was low, there was little concern. However,
increased bitcoins in the market, together with greater acceptance of Bitcoin, has
increased use, resulting in lower processing speeds. The Bitcoin community remains
divided on how to address scalability, whether to increase the block size and/or change
the consensus mechanism.
Since transactions are gathered every 10 minutes, and a block has a maximum size
limit, the level of transaction activity dictates the size of the queue, while the transaction fee dictates placement in the queue. A transaction without an additional transaction fee, in a period of low transaction activity, might be processed in the next block,
while in a period of high transaction activity, the transaction might be significantly
delayed. However, there is no guarantee as to when a transaction might be processed,
with or without a transaction fee.
On average, Bitcoin processes 4.6 transactions per second, while Visa processes 1,700
transactions per second, based on a calculation derived from the claim of 150M transactions per day. Adoption of Bitcoin is bottlenecked unless the scalability factors are
mitigated.
Energy consumption
The electricity needed to power the computing resources of Bitcoin nodes is a significant concern. Because of the increasing level of difficulty over time, which is an inherent factor in the proof of work (PoW) consensus mechanism, miners need an increasing
amount of processing power. In turn, this consumes a higher amount of electricity.
Although the Cambridge Centre for Alternative Finance states that “reliable estimates of
Bitcoin’s electricity usage are rare,” it is estimated that the lower bound is currently
around 22TWh while the upper bound is just under 150TWh. A popular estimate of the
network’s yearly consumption is 70 TWh. Compare these numbers to the entire nation
of Switzerland, which uses 58.46TWh and Columbia, which uses 68.25TWh (Vincent,
2019).
Chargebacks or refunds
Unlike a credit card purchase, buyer protection is not a benefit of a purchase made
with bitcoins. If the seller does not deliver the goods as promised, there is no central
dispute procedure or manner in which a consumer can file complaints. Unlike disputed
credit card charges, there is no possibility to charge back the payment and hold it until
resolution. Although this may be attractive to the merchant, it is seen as a limitation for
the consumer.
www.iubh.de
Unit 2
55
Bitcoin
Limited acceptance
An article in mid-2018 stated that 52 major companies accepted bitcoin as a method of
payment, and over 5,000 businesses and retailers of all sizes accept bitcoin (Chandler,
2018). Most merchants who do accept bitcoin use intermediaries like BitPay to convert
the bitcoin to fiat currencies. Lack of stability and scalability are believed to be the reasons that the value of bitcoins handled by major payment processors declined nearly
80 percent in 2018 (Wilson, 2018).
2.5 Bitcoin Derivatives and Alternatives
Cryptocurrency is the internet-based use of cryptography to secure currency used for
financial transactions. Bitcoin is considered a cryptocurrency “coin,” with the term
“coin” denoting that bitcoins have the same features as money — fungible, divisible,
portable, and limited in supply. Cryptocurrency coins are intended to be used in the
same manner as fiat currencies. “Alternative coins,” or “altcoins,” refer to other cryptocurrencies that are alternatives to bitcoins. Many altcoins are a fork of the Bitcoin
blockchain while others are built on new blockchains (O’Neal, 2019). Each altcoin functions within their own independent blockchain where transactions occur.
From the Total Crypto Market Capitalization and Volume, $ chart, published by TradingView (TradingView, n.d.), the following are a sample of the leading coins. The value of
market capitalization as of September 2019, is shown for comparison purposes. As a
point of reference, with a total cryptocurrency market cap of $272.61B, Bitcoin Core (BTC)
has the largest market capitalization and volume, at $190.46B of September 2019 (Bitcoin.com, n.d.).
Altcoins — Forks of Bitcoin
Although there are over 100 Bitcoin fork projects, three cryptocurrencies are notable
and described below.
Rank 4. BCH — Bitcoin Cash ($5.34B)
Bitcoin Cash is a hard fork from Bitcoin as of August, 2017, that increased the block size
to 8MB, which then subsequently increased to 32MB. In addition to the blocksize, Bitcoin Cash has an adjustable level of difficulty to ensure the chain’s survival and transaction verification speed (Reiff, 2020a).
Rank 9. BSV — Bitcoin SV ($2.39B)
Bitcoin SV is a hard fork from Bitcoin Cash, created in August, 2018. The chain leader of
Bitcoin SV is Craig Wright, who claims to be Satoshi Nakamoto. With an acronym of SV,
for Satoshi Vision, Bitcoin SV intends to return to the intent of the original Bitcoin. The
block size of Bitcoin SV is 128MB with a goal of minimizing transaction costs.
www.iubh.de
56
Unit 2
Rank 38. BTG — Bitcoin Gold ($189.7M)
Bitcoin Gold is a hard fork of Bitcoin as of October, 2017. The goal of Bitcoin Gold is to
implement a new algorithm for the mining process, a proof of work (PoW) algorithm
called Equihash that would not disproportionally favor major mining operations. The
algorithm restricted the mining to GPUs, instead of specialty ASICs, which tend to
monopolize mining by a few big players (Reiff, 2019a).
BTG is a cryptocurrency with Bitcoin fundamentals, mined on common GPUs instead of
specialty ASICs. ASICs tend to monopolize mining to a few big players, but GPU mining
means anyone can mine again — restoring decentralization and independence. GPU
mining rewards go to individuals worldwide. In addition, “bitcoin gold's developers were
also focused on issues relating to distribution, protection, and transparency” (Reiff,
2019a, Distribution section, para. 1).
Altcoins — Built on New Blockchains
There are altcoins that did not derive from Bitcoin’s open-source protocol. Rather, they
have created their own blockchain and protocol that support their native currencies.
The following altcoins are the three leading altcoins by market capitalization.
ETH — Ethereum — ($19.05B)
Ethereum launched in 2015 as a blockchain based platform with smart contract functionality. Ethereum’s key improvement on Bitcoin was to utilize “smart contracts” that
enforce the performance of a given transaction, compel parties not to renege on their
agreements, and contain mechanisms for refunds should one party violate the agreement (Martucci, n.d.). Smart contracts and distributed applications can be built and run
on the Ethereum platform.
Ether is the cryptocurrency token used in Ethereum to pay transaction fees for the
activities conducted in the applications. The price of the transaction fee is based on
the transaction’s complexity, bandwidth, and storage requirements. The average transaction fee is $0.14 as of September 2019.
Ethereum uses the PoW Ethash consensus algorithm which reduces the advantages of
ASICs in the mining process.
Ethereum Classic (ETC) is the original Ethereum blockchain, while Ethereum (ETH) is a
fork. In 2016, the Ethereum community launched the Decentralized Autonomous Organization (DAO) to build an application on Ethereum, a decentralized venture capital fund
for decentralized crypto projects, using independent investors as key actors. The DAO
obtained a crowd token sale to fund its development, raising $150M. Shortly after, a
flaw in DAO’s application code was exploited by attackers and more than $50M was stolen. Many assumed that the Ethereum blockchain itself was hacked and Ethereum’s prices dropped. It is key to understand here that the application was the source of the
problem, not the Ethereum platform. Ethereum’s community decided to execute a hard
fork to restore investors’ financial losses and ruined reputation. Some in the Ethereum
www.iubh.de
Unit 2
57
Bitcoin
community continued on the old blockchain, which become known as Ethereum Classic, ETC. The majority of the Ethereum community of miners and users followed the
Ethereum fork, which is known as Ethereum, ETH.
XRP — XRP ($11.24B)
Ripple released the XRP ledger in 2012. Ripple is known for its digital payment protocol,
allowing for the transfer of money in any form, including USD, Yen, litecoin, and bitcoin.
Ripple offers a payment settlement asset exchange and payment system similar to the
SWIFT system that is used for international money and security transfers by banks and
financial middlemen (Frankenfield, 2019). A consortium of 61 Japanese banks, in addition to a few other global banks such as American Express, Santander, and Fidor Bank,
are reported to be testing the implementation of Ripple’s payment system (Reiff,
2020b). The improvement on SWIFT is faster transaction confirmation times and lower
transaction fees. Ripple improves on some of the drawbacks attributed to traditional
banks. Transactions are settled within seconds on the Ripple network, even though the
platform handles millions of transactions frequently (Frankenfield, 2019).
XRP is the currency of Ripple. The fee to conduct transactions on Ripple is also minimal, with the minimum transaction cost required for a standard transaction set at
0.00001 XRP (equivalent to approximately $0.25 as of September 2019), compared to the
large fees charged by banks for conducting cross-border payments (Frankenfield, 2019).
The average transaction fee is $0.0002 as of September 2019.
Ripple uses a unique distributed consensus mechanism, Ripple Protocol Consensus
Algorithm (RPCA), through a network of servers to validate transactions. By conducting
a poll, the servers or nodes on the network decide the validity and authenticity of the
transaction via consensus. This enables almost instant confirmations without any central authority, which helps to keep Ripple decentralized, yet faster and reliable (Reiff,
2020b).
LTC — Litecoin ($4.27B)
Started in 2011, Litecoin’s project code was copied from Bitcoin and then modified.
Although the code was used as a starting point, the Litecoin and Bitcoin blockchains do
not share a common ancestor, so Litecoin is not considered a fork of Bitcoin. Litecoin’s
advantages over Bitcoin include a higher crypto supply limit of 84M (versus 21M in the
Bitcoin network) and a shorter target block creation time of two and a half minutes versus ten minutes in the Bitcoin network. The block reward for miners is halved with the
processing of every 840K blocks in comparison to every 210K blocks for Bitcoin miners.
Litecoin is also the name of the currency used by Litecoin. The minimum transaction
fee for a Litecoin transaction is 0.0001 LTC/kb (equivalent to approximately $0.01 as of
September 2019). The average transaction fee is $0.03.
Litecoin’s consensus algorithm is Scrypt. Scrypt is a PoW algorithm, which originally
prevented ASICs from being used by miners on the Litecoin network, allowing miners
who use CPUs and GPUs to remain competitive. Scrypt-capable ASICs have been developed for efficient mining, and are being used by Litecoin miners (Asolo, 2018).
www.iubh.de
58
Unit 2
Summary
Bitcoin is the leading blockchain cryptocurrency platform. Invented in 2008 by
Satoshi Nakamoto and released in 2009, Bitcoin has a limit of 21M coins, and implements the principles of being open source, permissionless, fungible, pseudonymous, and having no censorship or irreversible transactions. Wallets are the means
by which users interact with the platform. A variety of forms of wallets offer alternative features to best meet the needs of the user. A number of options exist for
the purchase of bitcoins, and a broad number of merchants will accept bitcoins as
payment.
As a Blockchain platform, bitcoin transactions are gathered into blocks by miners,
validated using the proof of work consensus algorithm, and propagated to the network of nodes.
A number of possible attack vectors exist including double-spending attacks, 51%
attacks, and Sybil network attacks.
Other concerns include the potential for information to be leaked which would
mean that users are not fully anonymous. The potential exists for loss of privacy
and the user’s activity being tracked.
Although there have been a number of security breaches that resulted in the loss
of users’ bitcoin holdings, the breaches did not happen on the Bitcoin Platform
itself, but rather in the users’ wallets during centralized exchanges.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 3
Smart Contracts and Decentralized Apps
STUDY GOALS
On completion of this unit, you will have learned …
… how smart contracts automate the terms of a virtual contract.
… how decentralized applications (DApps) bring a front end interface together with smart
contracts and blockchain technology to provide a full-functioned application.
… examples of smart contract and DApps implementations.
… about Hyperledger and Ethereum, two of the leading platforms, as well as alternative
platforms for smart contracts and DApps implementations.
DL-E-DLMCSEBCQC01-U03
60
Unit 3
3. Smart Contracts and Decentralized Apps
Introduction
A blockchain is a type of distributed ledger that organizes transactions into blocks and
links them together by cryptographic validation. Smart contracts automate a contractual agreement between two or more parties by writing the terms of the contract into
lines of programmed logic (code). These lines of code execute and record information
onto the blockchain ledger. Decentralized applications (DApps) are software applications created for a specific purpose, providing a front end interface that uses smart
contracts to handle the execution of blockchain activities, and, therefore, using blockchain as the underlying technology.
Hyperledger and Ethereum are leading providers of DApp platforms. Their features will
be compared and DApp examples, which span multiple industries, will be presented.
3.1 Smart Contracts
A smart contract is an automated process that is executed when certain criteria have
been met; it is self-executing and self-enforcing. In 1997, Nick Szabo defined the term
“smart contracts” in “Formalizing and Securing Relationships on Public Networks” as a
combination of protocols which use interfaces to formalize and secure relationships
over computer networks with the benefit of reduced costs for the development and
execution of contracts (Szabo, 1997).
In the physical world, a contract between two parties is an agreement that typically
results in the exchange of currency, goods, and/or services. A contract can be verbal or
written. For example, a contract is established to buy a house, or to rent a car, or to
provide consulting services.
In the virtual world, a smart contract can also support the exchange of currency, goods,
and/or services. Unlike physical contracts, smart contracts, or self-executing contracts,
are written in a high-level programming language to describe the “if-then-else” condition of the terms of the contract. The code is then written onto a blockchain, and the
network executes the actions defined in the smart contract when each of the conditions have been met and verified. “To establish the terms, participants to a blockchain
platform must determine how transactions and their data are represented, agree on
the rules that govern those transactions, explore all possible exceptions, and define a
framework for resolving disputes. It’s usually an iterative process that involves both
developers and business stakeholders” (Gopie, 2018, How do, para. 3).
In the example of renting a car, once a renter has paid the funds for the rental car, a
digital key can be sent to the renter to unlock and operate the vehicle.
www.iubh.de
Unit 3
61
Smart Contracts and Decentralized Apps
Multi-signature
Multi-signature, or multisig, capability can be built into smart contracts, requiring multiple parties to sign a transaction to invoke a step of the smart contract. For example, a
publication registry like arXiv might require the permission of all authors of an article
to add, update, or delete the publication’s entry on arXiv (Xu et al., 2019). Multi-sig can
also be used to approve transactions before funds are released from a wallet.
Oracle
Smart contracts can be written so that they are dependent upon price, performance, or
some other contractual parameter, that exists outside of the specific transaction. “Oracles” can monitor these data points and be the interface that brings data from outside
of the blockchain into the execution of a step of the smart contract. For example, a
smart loan agreement may automatically deposit funds in a borrower’s bank account
once an oracle obtains confirmation that the borrower’s loan request has been
approved. A second example is that the stars of a television show might want to renegotiate a contract with a studio if a pilot episode proves popular and the studio wants
to make it into a series (Gopal et al., 2018). The oracle can monitor television ratings’
sites in order to determine whether a specified threshold has been reached. There are
software and hardware oracles.
Software oracles access data provided by a third-party API, such as the price of a product or the availability of a hotel room. Inbound oracles obtain data through an API and
provide that data, such as a gambling payout based on a win of sporting event, to the
smart contract. An outbound oracle is when internal blockchain data is used to trigger
an external event, such as a lottery payout, based on the last block published (Najera,
2018).
Hardware oracles interact with the physical world, for example reading a barcode or
sensing an RFID. Najera (2018) states that “an interesting use case comes in the form of
environmental data transcribed at the point of measuring. This way, scientific research
can progress globally without giving power to any one single government institution to
alter or delete said data” (Oracle section, para. 3).
Benefits
In addition to the inherent benefits of the blockchain platform, the automation of the
terms of a contract in the form of a smart contract results in a number of benefits.
•
•
•
•
API
Also known as application programming
interface, API is a
programmed function that allows an
application to access
the capabilities or
data of an application.
RFID
Also known as radiofrequency identification, RFID uses electromagnetic fields to
read tags that are
attached to physical
objects.
The ability to create and execute contracts without third parties, such as lawyers,
real estate agents, etc.
Reduced errors because computer code is more exact than the legal jargon that is
found in a traditional contract. The code needs to record all terms and conditions in
explicit detail.
Transparency resulting from the terms and conditions, in the form of the computer
code, which is fully visible and accessible to all parties.
Allows for the reuse of code, as appropriate, across multiple smart contracts.
www.iubh.de
62
Unit 3
•
•
•
•
•
•
•
Speed is increased by removing the need for intermediaries, providing assurance
that blockchain will execute the code in a timely manner.
Lower operating costs are incurred by removing the need for intermediaries.
Paper free respects “go-green” initiatives.
There is the potential to reduce need for litigation and courts. Parties commit themselves to be bound by the rules and results of the agreed-upon code. Szabo described what may happen to someone who breaches a smart contract car lease bond:
“If the owner fails to make payments, the smart contract invokes the lien protocol,
which [automatically] returns control of the car keys to the bank” (as cited in Gopal
et al., 2018, p.28).
More effective dealings and a higher level of trust are achieved because smart contracts execute transactions in accordance with predetermined rules and the encrypted records of those transactions are shared across participants. The transparent,
autonomous, and secure characteristics of smart contracts ensure that information
cannot be altered for personal benefit.
Contracts can be monitored for performance, and enforcement of contractual terms
can be done without human involvement.
Smart contract transactions are stored on the blockchain in perpetuity.
Challenges
Smart contracts are an implementation upon the blockchain technology. In addition to
any limitations of the blockchain platform, the automation of the terms of a contract in
the form of a smart contract raises challenges specific to the construction of smart
contracts.
Contract language
Smart contract programmers/developers are the resources that are required in order to
create smart contracts. Developers will need to interact with third parties, such as lawyers and real estate agents, to understand how to program the terms of the contract.
Computer code requires a definitive if-then-else structure. The complexity of understanding what needs to be coded and writing the code is significant. Errors in the
requirements definition, definition of logic, and/or errors in the computer code could
be far worse than the ambiguous contract language of physical contracts. Although
elimination of third parties is an identified advantage of smart contracts, it is likely that
the role of third parties is changed rather than eliminated since developers will need
guidance from experts.
Should there be a problem with the smart contract, changes cannot be made and
deployed midstream to the blockchain. Physical contracts can be renegotiated and
changed based on agreement of the parties. Centralized software code can be quickly
modified and deployed. However, smart contracts do not afford the user these benefits
to correct contractual terms.
www.iubh.de
Unit 3
63
Smart Contracts and Decentralized Apps
Should there be a dispute, arbitration and settlement must include the parties to the
contract, the developer (and/or technologist who can interpret the computer code),
and third parties who assisted the developer in understanding and programming the
terms of the contract.
Coding errors
As with all new technologies, acceptance is a concern. Inflated expectations and unrealistic use cases need to be managed in order to build smart contract solutions that
are successful for the users.
Once built, as stated by Lee (2018), “blockchain itself may be trustless, immutable, and
incorruptible, but if we ignore the bugs present in them, they are as good as multi-billion dollar safes with faulty locks” (Solutions section, para. 7.).
Smart contract code, as with centralized code, is likely to contain errors in the code,
such as bugs, whether this is intentional or not. Sedgwick (2018) states that 25 percent
of the smart contracts, audited by the security firm Hosho, contained bugs that will critically affect the execution of the smart contract, and 60 percent of the smart contracts
had at least one security issue.
In the development of the smart contract, use of experienced patterns and observance
of anti-patterns is highly recommended. For example, best practices recommended in
the Ethereum Smart Contract Best Practices include pausing the contract when things
are going wrong, managing the amount of money at risk, and having an effective
upgrade path for bugfixes and improvements in order to be able to respond to bugs
and vulnerabilities gracefully.
After development, Sedgwick (2018) states that Hosho recommends the use of a third
party to conduct an audit of the smart contract before deployment. Furthermore, automated solutions that will mathematically prove smart contracts and DApps free of bugs
and hacker-resistant are in development (Lee, 2018).
Bad data
Smart contracts that use oracles risk that the sources of data used by oracles are centralized and contrary to the purpose of the blockchain. Centralized data sources can be
tampered with and data can be manipulated. This “oracle problem” can be mitigated by
sourcing data from multiple nodes, and verifying the nodes for reliability and trust
before including them in the blockchain network. As an example, statistics from sporting events or financial market information can be sourced from multiple nodes.
Regulations
From a legal perspective, there is a lack of regulation and policies for smart contracts.
Government approval and regulations are lacking in many countries, leading to issues
regarding enforceability and jurisdiction. Regulating smart contracts in one jurisdiction
but not the other creates more questions when parties to the smart contract straddle
multiple states, countries, or continents. Additionally, in the event of a dispute, judicial
enforcement is also uncertain.
www.iubh.de
64
Unit 3
Other challenges
Smart contracts are not able to determine the quality of a product or service, and
human intervention is still required to provide the qualitative knowledge.
Opportunities for Smart Contracts
A number of industries present opportunities for smart contracts. As previously noted,
realistic use cases with realistic expectations need to be established for the successful
implementation of a smart contract solution.
Healthcare
Healthcare professionals can use smart contracts to access and share patients’ medical
records. The multi-signature feature of smart contracts enables control to be managed
by both patients and providers.
Medical research procedures can be enhanced with smart contracts that enable access
by researchers to the health data of participants in exchange for micropayments made
to patients for their participation.
Patient health can be tracked using Internet of Things (IoT) devices for the capture of
health-related events. Patients can be rewarded based on this data.
Financial services
Banks could potentially use smart contracts to streamline clearing and settlement processes. Forty global banks participated in a consortium to test smart contracts for this
use case (Ream et al., 2016).
Smart contracts can simplify the letter of credit process used for the international
transfer of products and services.
Trade clearing approval workflow can be managed between counterparties and funds
can be transferred once the settlement amounts are computed (Bhardwaj, 2018).
Supply chain
Smart contracts can aid in the understanding of the movement and location of products through every stage of the supply chain. They can provide transparency and visibility from the supplier of inventory components to the delivery of the finished goods.
IoT devices on materials can provide input to the smart contract.
Voting
Voting is also an opportunity to use smart contracts. Assured by the PKI-based security,
voting can be conducted in a suitable blockchain. Statistics have shown that public
blockchains are more feasible for small polls whereas permissioned blockchains will be
required to run national scale elections (Hu et al., 2018). An example of a smart contract
is for voting in the United States. The ballot would go through several states, from the
point it is created, open for voting, to the ballot being closed and the votes counted. In
each state, the contract dictates what the chairman and voters are allowed, or not
www.iubh.de
Unit 3
65
Smart Contracts and Decentralized Apps
allowed, to do. For example, the contract does not allow voting to start until the chairman starts the voting process. It does not allow the chairman to add new voters once
voting begins (Ng, 2019).
Music/media
Blockchain networks with smart contracts have the potential to restructure the rights
and royalties systems in the music industry. There are a number of startups, including
Ujo Music and Voise, which use blockchain technology to allow musicians to monetize
their work, manage their rights, and accept peer-to-peer payments. A song streamed by
a user triggers a smart contract that will make an instant payment to the artist, songwriters, or rights holders. In addition, it also allows the participants to gather, store, and
analyze useful consumption data. The smart contracts have the potential to treat the
artists as entrepreneurs and also as partners. The transparent distributed ledger of the
blockchain will expose the distribution of revenue generated on a song. It can be automated as a micropayment in which the streaming of any song will immediately distribute the revenues according to the percentages predefined in the smart contract (Gopal
et al., 2018).
Insurance
Smart contracts could calculate payouts based on the policy and claim. In the example
of travel insurance that pays an amount for flight delays or cancellations, a smart contract, using an oracle to gather flight status, can issue a benefit if the flight is delayed
or cancelled in excess of the tolerance specified in the insurance policy.
E-commerce
In a common e-commerce scenario, the customer purchases a product from a supplier,
and the customer pays for the product via credit card, PayPal, or EFT. With smart contracts, the purchase will be made, and the cost of the product will be deducted from
the customer’s wallet and placed in escrow. The supplier ships the product, and when
an oracle obtains the delivery data from the carrier, the smart contract logic then releases the escrowed funds to the supplier.
3.2 Decentralized Apps (DApps)
EFT
This stands for electronic funds transfer,
which is the transfer
of funds from one
bank account to
another without the
direct intervention of
bank personnel.
A decentralized application, or DApp, is an application that uses smart contracts, for
example, blockchain, as the backend mechanism for the processing, security, and storage of the transaction data. The DApp is similar to a web application with the front end
using the same technologies to render the web page. Instead of connecting to a database, the DApp connects to a smart contract which then connects to the blockchain.
DApp Criteria
The criteria for a DApp is as follows:
www.iubh.de
66
Unit 3
•
•
•
•
Open source: The DApp is not controlled by an organization. Any change to a DApp is
approved via the consensus protocols on the blockchain.
Decentralized: The DApp’s transactions (data) should be stored cryptographically
and be publicly accessible on a decentralized public blockchain.
Incentive: The DApp has crypto-tokens/digital assets for fueling itself.
Algorithm/protocol: Tokens must be generated by the DApp according to a standard
algorithm. The tokens must be distributed during operation, and the token is necessary for using the application in order to reward the miners.
Bitcoin is considered to be a DApp as it satisfies all of the above criteria.
Technical Aspects
DApps are applications that run without servers. They run jointly on the client side and
on a distributed blockchain network. The backend, the blockchain, runs on a distributed network that is responsible for the processing and storage of the transactions. The
DApp data and its logic, in the form of a smart contract, is replicated across the network’s nodes. The client’s device manages the user credentials and the front end. In
the same manner that separation is done with traditional software, this architecture
allows the user interface to be decoupled from the business logic and data layers
(Samuel, 2018). The benefits of decoupling include easier maintenance of code, independent releases of code, and the ability to scale specifically to the layer.
Benefits
The advantages of DApps above and beyond the benefits achieved by blockchain and
smart contracts are that DApps economize digital resources, monetizing capabilities
that had not previously been monetized in the digital world. Processes and new ways to
work and conduct transactions enable a greater range of value to serve a wider market
of users. For example, Brown (2016), identifies that DApps can be used to
•
•
•
www.iubh.de
enable embeddable records like smart contracts.
prevent fraud through the use of tokens: Tokens replace account and credit card
information on the blockchain with non-sensitive tokens which are used as the
identifier during the payment process. The tokens can only be traced back to the
original account or card data with a master key as part of the tokenization service
(Chargebacks.com, n.d.).
build Distributed Autonomous Organization (DAOs). DAOs are organized groups of
people who interact with each other by using smart contracts for its processes. The
smart contracts are the electronic representation of the rules upon which the company functions. Other decisions can be made by participants who control a certain
amount of the tokens and can therefore vote for decisions. Other things like determining which project will receive money is decided by letting token holders cast
their vote (Universa, 2017). Dash is an example of a DAO. It is an open-source, peerto-peer cryptocurrency, which offers instant payments and private transactions.
Unit 3
67
Smart Contracts and Decentralized Apps
Challenges
The implementation of DApps presents a number of challenges that need to be taken
in to account when considering a DApp as a solution platform.
Bug fixes or updating DApps require that all nodes in the network accept and agree to
the update. Unlike a centralized application where approval given to an update can
result in an immediate or scheduled update, the update of a DApp is based on the
coordination of the nodes.
With the complexity of implementing DApp updates, scalability and functionality need
to be considered in the initial release in order to gain acceptance. Unlike a DApp, a centralized application often starts its life as a minimum viable product. As the application
is proven and acceptance is gained, additional functionality and additional components that allow it to scale in order to meet needs can be added. The incremental
approach of a centralized application allows for investment based on proven return.
Because implementing a DApp requires larger coordination and acceptance by the network, reducing the number of releases is key.
Knowing your customer is not easy in blockchain. The inherent properties of blockchain
are that users are not directly identifiable. As a result, there is a limited understanding
of the customer demographics and attributes that might help to provide the best DApp
features.
Opportunities for DApps
The following is a list of some of the leading DApp projects:
•
•
•
•
•
•
The SAFE Network is a decentralized data storage and communications network
focused on providing the greatest level of security for all internet users. It uses
SafeCoin on the Bitcoin blockchain.
Factom simplifies the process of enhanced big data management recordkeeping.
Factom creates digital fingerprint data and publishes that digital fingerprint in a
blockchain, resulting in a permanent ledger distributed across the globe. Factom
uses Factoids, Factom coins, and is operated on the the Bitcoin network.
BURST delivers the CloudBurst DApp which provides cloud-based data storage.
CloudBurst uses Burstcoin on the Burstcoin blockchain.
Golem is a decentralized application that offers a global market for idle computer
power. Golem uses Golem tokens on Ethereum’s blockchain.
Augur is a decentralized prediction market that rewards its users for forecasting
events. Augur uses an Augur token on Ethereum’s blockchain.
Counterparty is a decentralized financial platform for creating peer-to-peer financial
applications. Counterparty uses Counterparty tokens on the Bitcoin blockchain
(Brown, 2016, and Agrawal, 2019b).
www.iubh.de
68
Unit 3
3.3 Ethereum
Ethereum is a public, open source blockchain-based distributed computing platform
that enables developers to build and deploy DApps. It was launched in 2015 by Vitalik
Buterin after he analyzed the Bitcoin blockchain and posed the idea that improvement
could be made by creating a blockchain that includes a Turing-complete programming
language that is able to run applications in a trustless manner.
Turing-complete, named after computer scientist Alan Turing, is a term given to a system of rules that manipulates data. A Turing-complete system can be proven mathematically to be able to perform any possible calculation or computer program given the
correct algorithm together with the necessary time and memory. CPU instruction sets
and programming languages such as C, Pascal, Java, and C++ are all examples of formal
rule systems that are Turing-complete.
Tokens
The Ethereum blockchain uses ether and gas.
Ether (ETH) is the cryptocurrency which runs on Ethereum. Ether is issued at a constant
annual linear rate via the block mining process. A new Ethereum block is mined every
12—14 seconds and a reward of five ether given to its miner falls within the limit of 18M
ether allowed to be released each year (Ethereum, 2019).
Gas is the value required to successfully conduct a transaction or execute a smart contract on the Ethereum blockchain. Gas is a unit that measures the amount of computational effort that it will take to execute operations on the Ethereum blockchain. Every
operation requires some amount of gas. Miners get paid an incentive amount in Ether
which is equal to the amount of gas that was required to execute the necessary operations on the Ethereum blockchain (Rosic, n.d.-c).
There is not a fixed conversion rate between gas and ether. The average gas price is
typically about 0.00000002 ETH but this can increase during times of high traffic on the
network (Rosic, n.d.-c).
Ethereum Platform
Ethereum consists of a number of key components.
The Ethereum virtual machine (EVM) is the Ethereum platform that runs on the Ethereum network. EVM allows smart contracts to be compiled into EMB compatible bytecode and deployed to the blockchain for execution. The EVM executes the computations and tracks the state of the ether balances in customers’ accounts.
Ethereum uses a proof of work algorithm for miners to come to consensus.
www.iubh.de
Unit 3
69
Smart Contracts and Decentralized Apps
The Solidity programming language is used by Ethereum developers. Solidity is an
object-oriented, high-level language (influenced by C++, Python, and JavaScript) used
for implementing smart contracts. Solidity is statically typed, supports inheritance,
libraries, and complex user-defined types among other features. With Solidity, you can
create contracts for uses such as voting, crowdfunding, blind auctions, and multi-signature wallets (Solidity, n.d.).
Whisper is used for messaging so that DApps can communicate with each other.
Swarm is a distributed storage platform and provides content distribution services.
Using Ethereum
In Ethereum, the state is comprised of objects called “accounts.” There are two types of
accounts.
Externally owned accounts: Externally owned accounts are owned by a person or an
external server, and have no code associated with them. Externally owned accounts
contain a balance and can send transactions.
Contract accounts: Contract accounts are not controlled by a person. They are controlled by code associated with them. A contract account has a balance and its own persistent state.
Externally owned accounts can send messages to other externally owned accounts (a
value transfer) or to other contract accounts by creating and signing a transaction
using its private key. A message sent from an externally owned account to a contract
account activates the contract account’s code, triggering it to perform various actions
(e.g. Transfer tokens, write to internal storage, perform a calculation).
Contract accounts cannot initiate new transactions, they can only respond to transactions they have received.
DApps on Ethereum
The following list contains five of the leading DApps that operate on Ethereum:
•
•
IDEX is a decentralized exchange that leverages smart contracts to manage trading
of Ethereum and ERC-20 token trading pairs. ERC-20 is a protocol that defines rules
and standards for issuing tokens which are traded on Ethereum, rather than on their
own blockchain. IDEX charges fees to the sellers and the buyers.
Forkdelta is a decentralized exchange to trace ERC-20 compatible tokens. Forkdelta
separated from Etherdelta in 2017 when Forkdelta combined the smart contract of
Etherdelta with a new frontend user interface (UI) that is easier to use. Forkdelta
charges fees to the sellers and buyers.
www.iubh.de
70
Unit 3
•
•
•
CryptoKitties is a gaming DApp in which players collect and breed virtual kitties.
CryptoKitties charges Ether for the breeding and sales of kitties.
Gnosis is a prediction market platform where users speculate about future realworld events such as presidential elections, commodity prices, etc. Users trade
tokens that represent the outcome of a certain event. As time passes and the outcome is refined, the value of tokens change. Tokens representing a more likely outcome will increase in value while other tokens will decrease to no value. Accurate
predictions are rewarded. Some users will also trade tokens for a profit as the market conditions change and the perceived outcome shifts.
UPort is an identity management platform which allows users to register their own
identity on Ethereum, send and request credentials, sign transactions, and securely
manage keys and data.
3.4 Hyperledger
Hyperledger was established by the Linux Foundation, which has brought many open
source projects to fruition. Hyperledger is governed by a diverse technical steering
committee with the key project, Hyperledger Fabric, being supported by a broad set of
over 200 maintainers from over 35 organizations. Unlike Ethereum, which is a platform,
Hyperledger is an umbrella of multiple platforms for the building of cross-industry
enterprise solutions (DApps) based on blockchain technologies.
Hyperledger Umbrella
Category
Hyperledger offerings
Distributed ledgers
•
•
•
•
•
•
Besu: Java-based Ethereum client
Burrow: permissionable smart contract machine
Fabric: enterprise grade DLT with privacy support
Indy: decentralized identity
Iroha: mobile application focus
Sawtooth: permissioned and permissionless support
Libraries
•
Aries: focused on creating, transmitting, and storing
verifiable digital credentials
Quilt: Java implementation of the Interledger protocol, enabling payments across any payment network,
fiat or crypto
Transact: focused on software for the scheduling,
transaction dispatch, and state management of smart
contracts
Ursa: cryptographic library
•
•
•
www.iubh.de
Unit 3
71
Smart Contracts and Decentralized Apps
Category
Hyperledger offerings
Tools
•
•
•
Domain-specific
•
Caliper: used to measure the performance of a blockchain implementation with predefined use cases
Cello: used for “as-a-service” deployment model
Explorer: used to create user-friendly, web-based
applications
Grid: to build supply chain solutions. Includes libraries, data models, and a software development kit
(SDK)
Hyperledger libraries and tools provide capabilities to aid in the development of the
Hyperledger distributed ledger platforms. All libraries and tools are in an incubation
phase of production. Some distributed ledgers are in an active status, while some are
still in an incubation status.
For Hyperledger projects to graduate from incubation to active status, they must
•
•
•
•
have a fully functional code base,
have test coverage commensurate with other active projects,
have an active and diverse community of developers, and
have a history of releases that follow the active release process (Kuhrt, 2019).
The active Hyperledger distributed ledger platforms used for smart contract development are described below.
Fabric
Hyperledger Fabric, backed by IBM, is an enterprise-grade permissioned distributed
ledger framework that provides developers with a platform for building blockchainbased solutions and applications. Fabric is intended for a broad range of industry solutions use cases including banking, finance, insurance, healthcare, human resources,
supply chain, and digital music delivery.
Designers can plug in chosen components such as consensus, key management, identity management, or cryptographic libraries. This allows Fabric to be configured in multiple ways that satisfy the uniqueness of the solution requirements. A Fabric channel
provides privacy to participants in the network, establishing a private communication
between two or more specific network members for purposes of conducting private
www.iubh.de
72
Unit 3
and confidential transactions. Participants who are not a member of a channel do not
have access to transactions associated with that channel. Participants can be members
of more than one channel.
At a high level, Fabric is comprised of the modular components listed below.
A pluggable membership service provider is responsible for associating entities in the
network with cryptographic identities. As a permissioned distributed ledger, only
authorized parties enroll through a membership service provider so that they can work
within the system. The result is that a network can be operated under a governance
model built on the trust that exists between participants, such as a legal agreement for
dispute handling.
An optional peer-to-peer gossip service disseminates the block’s output by ordering
service to other peers.
Smart contracts within Fabric are referred to as chaincode. A DApp invokes the chaincode to interact with the world state of the ledger. Chaincode can be run within a container environment (e.g. Docker) for isolation. Smart contracts can be written in general-purpose programming languages such as Java, Go, and Node.js.
DBMS
A database management system is system software that
creates and manages the storage of
data.
The ledger can be configured to support a variety of DBMSs. The ledger subsystem of
Fabric consists of the world state log and the transaction log. The world state component is the database of the ledger and describes the state of the ledger at a point in
time. The transaction log records all transactions that have resulted in the current state
of the database, the world state. Every participant has a copy of the ledger (the world
state and the transaction log) for every Fabric network that they belong to.
A pluggable endorsement can be independently configured for each application. The
endorsement executes a transaction and checks its correctness.
A pluggable ordering service establishes consensus on the order of transactions and
then broadcasts blocks to peers. The ordering service orders transactions via a consensus protocol. Therefore, any block a peer validates as generated by the ordering service
is final and correct. Because Fabric is a permissioned blockchain and relies on the
identities of participants, it can use more traditional crash fault tolerant (CFT) or byzantine fault tolerant (BFT) consensus protocols that do not require costly mining.
A pluggable validation policy enforcement that can be independently configured per
application. The validation policy is used to validate transactions against an application-specific endorsement policy before committing them to the ledger.
Fabric implementations
•
www.iubh.de
Food source tracking: IBM Food Trust is powered by Hyperledger Fabric to create visibility and accountability in the food supply chain. It connects growers, processors,
distributors, and retailers through a permissioned, permanent, and shared record of
food system data to ensure the safety and quality of the food supply. A consortium
Unit 3
73
Smart Contracts and Decentralized Apps
•
•
•
in collaboration with IBM includes major retailers and food suppliers Golden State
Foods, McCormick and Co., Nestlé, Tyson Foods, and Wal-Mart Stores Inc. The solution provides authorized users with immediate access to actionable food supply
chain data, from farm to store and ultimately the consumer. The complete history
and current location of any individual food item, as well as accompanying information such as certifications, test data, and temperature data, are readily available in
seconds once uploaded onto the blockchain.
Airlines: To help airlines improve passenger ticketing processes, NIIT Technologies’
Chain-m blockchain application reports on a wide range of critical information, from
the number of tickets sold to fare amounts, commissions, taxes collected and more.
This added transparency is expected to help improve record-keeping, save money,
and improve security and agility in a complex business.
Enterprise operations management: China’s largest retailer, JD.com, created JD Blockchain Open Platform to help enterprise customers streamline a wide range of
operational procedures by creating, hosting and using their own blockchain applications in a Retail-as-a-Service strategy. The platform allows users to create and
update smart contracts on public and private enterprise clouds, while enabling
companies to track and trace the movement of goods, charity donations, authenticity certification, property assessment, transaction settlements, digital copyrights,
and more. The China Pacific Insurance Company is using the platform to deploy a
traceable system for e-invoices, which are official receipts required in China for
business.
Insurance Compliance: The American Association of Insurance Services, an insurance
advisory organization, created openIDL (open Insurance Data Link), which is
designed to automate insurance regulatory reporting. This platform collects and
shares statistical data between insurance carriers and regulators, satisfying state
regulatory requirements, while storing historical and current data on an immutable
blockchain ledger. Regulators are then given permissioned access to view only the
information they need to see for compliance purposes (Hyperledger, n.d.).
Iroha
Hyperledger Iroha offers a small set of commands and queries focused on writing
smart contracts for financial applications, digital asset management, and digital identity use cases for enterprises. Hyperledger Iroha complements other Hyperledger
projects by providing an alternative design solution for mobile-oriented use cases.
Key features of Iroha’s core architecture are inspired by Hyperledger Fabric, for example:
•
•
•
•
•
permission-based structure,
variety of libraries for developers,
role-based access control,
assets and identity management,
blocks are stored in files while the ledger state is stored in the PostgreSQL database,
www.iubh.de
74
Unit 3
•
•
DApps can be written in Python, Java, JavaScript and C++ as well as for the Android
and iOS mobile platforms, and
consensus algorithm is Yet Another Consensus (YAC), which is a Byzantine-fault tolerant algorithm for decentralized consensus.
Iroha implementations
•
•
•
Finance: Project Bakong, a core banking system developed for the National Bank of
Cambodia and deployed in the central bank, provides real-time financial system
support for asset management between Cambodian banks.
Insurance: Sompo Japan used Hyperledger Iroha to manage weather derivative contracts.
Identity management: Sora (XOR) developed a decentralized autonomous economy
and identity platform, Sora Passport.
Sawtooth
Contributed by IBM, Sawtooth is also a modular platform for building, deploying, and
running distributed ledgers. At a high level, Sawtooth’s distinctive characteristics are
listed below.
Isolation between the core system and the application level: Sawtooth separates the
application level from the core system level allowing developers to build applications
in a programming language of choice that can be hosted, operated, and run without
interfering with the core blockchain system. Supported languages include C++, Go, Java,
JavaScript, Python, and Rust.
Modular: Each application can select transaction rules, define the consensus mechanisms, and select the required permissioning to decide the working of the digital ledger
in a way that meets and supports the unique business needs.
Private networks with the permissioning features: Sawtooth supports permissionless
and permissioned infrastructure. Select clusters of nodes can be deployed with different permissions on the same blockchain. This flexibility allows the building of private,
consortium, or public networks by specifying which nodes are allowed to join the validator network and participate in the consensus, and which clients are allowed to submit batches and transactions.
Parallel transaction execution: Sawtooth contains an advanced parallel scheduler that
classifies transactions into parallel flows. When possible, transactions are executed
parallelly while preventing double spending. The result is a potential increase in performance over serial execution.
Fast transaction performance: Sawtooth keeps the latest version of assets in the global
state and transactions in the blockchain on each network node. This means that you
can look up the state quickly to carry out CRUD actions, which provides fast transaction
processing (Linux.com Editorial Staff, 2019).
www.iubh.de
Unit 3
75
Smart Contracts and Decentralized Apps
Consensus Mechanisms: Sawtooth supports proof of elapsed time (PoET), a Nakamotostyle consensus invented by Intel. PoET is a Byzantine Fault-tolerance (BFT) consensus
algorithm that supports large-scale networks with minimal computing and much more
efficient resource consumption compared to proof of work algorithms. PoET can achieve the scalability of Nakamoto-style consensus mechanism without the drawbacks of
power consumption of the PoW algorithm. Each node waits for a random period of
time, and the first node to finish is the leader and commits the next block (Linux.com
Editorial Staff, 2019).
CRUD
Create, read, update,
and delete is typically used to refer to
activities that can be
conducted upon
data.
Sawtooth implementation
Direct trade organic coffee seller Cambio Coffee provides a clear, traceable supply chain
path for its products — from harvesting to roasting, packaging, and shipping — so customers can learn the exact details of what they are buying and drinking. To do that, the
company began adding QR scan codes from ScanTrust to its coffee packaging, which,
when scanned, records those details onto a Hyperledger Sawtooth blockchain network.
Tying the QR codes together with the blockchain data lets coffee buyers scan the codes
to see exactly where their coffee originated and how it arrived in their local store and
into their grocery carts. The idea, according to Cambio Coffee, was to give its customers
trust in its products and to provide transparency and traceability throughout their journey to customers (Hyperledger, n.d.).
In summary, the following table identifies some of the key differentiators of the active
Hyperledger platforms.
Comparison of Hyperledger Platforms
Fabric
Iroha
Sawtooth
Backed by
IBM
Soramitsu, Hitachi, NTT Data,
Colu
IBM, Consensus
mechanism PoET
from Intel
Industry use
cases
banking, finance,
insurance,
healthcare, HR,
supply chain, digital music delivery
financial applications, digital
asset management, digital
identity use cases
financial, supply
chain, access
control management
Specialization
Mode of operation
mobile-oriented
use cases
permissioned or
private
permissioned
permissioned,
permissionless,
or private
www.iubh.de
76
Unit 3
Fabric
Component features
•
•
Iroha
Sawtooth
plug-in to Fabric channel
pluggable
membership
provider
Database
Variety
PostgreSQL database
Lightning Memory-mapped
database (LMDB)
Programming language
Java, JS, Go
DApps written in
Python, Java, JS, C
++
C++, Go, Java, JS,
Python, Rust
Consensus mechanism
pluggable
Yet Another Consensus (YAC)
PoET
Notes
•
small set of fast
commands and
queries
•
•
for high-scaling blockchain
applications
with flexible
degree of permission
transactions
are executed
using chaincode, in any
order, possibly
parallel
•
•
fast transaction performance
parallel transaction execution
supports
Ethereum Solidity-based
smart contracts
3.5 Alternative Platforms for Smart Contracts and DApps
EOS and Tron are platforms built with what they believe to be improved capabilities
compared to Ethereum.
www.iubh.de
Unit 3
77
Smart Contracts and Decentralized Apps
Tron
Tron became independent from Ethereum in June 2018 after the Tron Foundation had
generated $70 million in a token sale in 2017. TRX is the Tron token.
The Tron community of less than 1,300 nodes as of mid 2019, use the delegated proof of
stake (DPoS) consensus mechanism. DPoS is structured with twenty-seven super representatives (SR) producing blocks. The designation of the SRSs is done every 6 hours
when Tron account holders vote for SR candidates, resulting in the top twenty-seven
being selected as the SRs for the next period of time. Account holders (voters) may
choose SRs based on criteria such as projects sponsored by SRs to increase Tron adoption, or rewards distributed to voters.
In the first quarter of 2019, a study from DApp Review stated that 64 percent of the
DApps on Tron facilitate gambling (Cuen, 2019), making it the leading use case for the
Tron blockchain.
According to Agarwal (2019), as of 2019, the top Tron DApps are:
•
•
•
•
•
•
•
•
•
TRONbet — a gambling game,
P3T — a cryptocurrency exchange where a user can earn dividends from buying, selling, and all current and future games,
Fishing Master — a fishing game where fishermen try to catch as many fish as possible,
TRONlegend — the world’s first MMORPG (massively multiplayer online role-playing
games) game based on TRON,
CandyMoreBox — an advertising platform that offers free candy as tokens,
TronTrade — a decentralized exchange where a user can buy and sell TRC10 and
TRC20 cryptocurrencies,
888Tron — a roulette-style game,
Tron Village — an economic strategy game where users can earn cryptocurrency by
running a factory (business), and
Tron Vegas — a variety of Vegas-style games.
EOS
EOS was created by Block.one as a smart contract blockchain platform. EOS began as
an ICO in June 2017, raising over $4 billion, the largest in ICO history at the time. EOS is
the seventh largest blockchain by market cap, with a value topping $3 billion as of February 2019 (Dale, 2019). EOS is the EOS token.
Similar to TRON, EOS uses a consensus mechanism of delegated proof of stake (DPoS).
The EOS community, of less than 100 nodes as of mid 2019, selects 20 witnesses. The 20
witnesses, plus a random final producer, produce blocks to be added to the blockchain.
www.iubh.de
78
Unit 3
Scalability is intended to be a key strength of EOS. EOS can currently process 3K transactions per second and aim to process 50K transactions per second. A reminder that
Bitcoin processes 4.6 transactions per second, while Visa processes 1,700 transactions
per second.
EOS uses an ownership model for its developers. DApp developers use tokens to access
resources such as bandwidth and computational power, and to buy RAM. EOS transactions do not require payment of fees. However, transactions consume blockchain
resources which are often constrained and require careful allocation to prevent misuse.
The EOS.IO software allows each account to utilize a percentage of the available RAM
proportionate to the amount of token staked in the network. For example, if an account
staked five percent of all the EOS token distributed, then this account has the right to
use five percent of the RAM capacity. Developers can trade idle RAM to others on the
network (InfStones, n.d.).
This ownership model has led to fears that the structure was too centralized, with concerns further elevated because the majority of the nodes are in China, where state
intervention is a risk. Furthermore, EOS developers are making little or no money for
their work because they are limited by the excessive power of the largest EOS token
holders (Dale, 2019).
According to Maurya (2019), as of 2019, the top EOS DApps are:
•
•
•
•
•
•
•
•
•
•
PRA Candybox — EOS token distribution,
EOS Knights — mobile game, hire a knight to protect the town from goblins,
ENBank — bank,
Token Planet — game in which players can establish their own business system,
EOSBet — gaming platform,
KARMA — decentralized social network, rewarding positive human interactions,
BETX — gaming platform,
Endless Game — profit-sharing game,
EOSlots — gaming platform, and
FarmEOS — game platform.
Summary
Blockchain, smart contracts, and DApps are the components of a blockchain-based
application.
Smart contracts build upon the blockchain technology with programming logic that
automates virtual transactions between two or more parties. Smart contracts allow
parties to exchange currency, goods, and/or services with dependencies built into
the smart contract logic. Smart contracts leverage blockchain by writing transactional data to the blockchain where it can be processed as defined in the consensus mechanism.
www.iubh.de
Unit 3
79
Smart Contracts and Decentralized Apps
Decentralized applications, or DApps, provide a front end user interface to the
blockchain-based application. The DApp will execute the logic of one or more smart
contracts.
Hyperledger and Ethereum are the two leading platforms for DApp development.
Both platforms have been used to create DApps for a number of industries, including gaming and currency exchange. Tron and EOS are two more recent players with
their platforms, believed to be improvements on Hyperledger and/or Ethereum.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 4
Security of Blockchain and DLT
STUDY GOALS
On completion of this unit, you will have learned …
… about the multiple attack vectors that challenge the use of a blockchain platform.
… about examples of actual attacks on blockchain platforms.
… about safety mechanisms to improve security on a blockchain platform.
… about long range security concerns for blockchain.
DL-E-DLMCSEBCQC01-U04
82
Unit 4
4. Security of Blockchain and DLT
Introduction
The key attributes of blockchain are intended to ensure the security of transactions
conducted in a blockchain environment.
Data is stored across a network of computer nodes, rather than in a centralized environment, creating a distributed environment that complicates the activities that might
be conducted by hackers. All data is cryptographically hashed, hiding its true identity.
Private/public key encryption is used to conduct transactions. The consensus algorithms executed by the nodes of the network validate the transactions to be added to
the block, and the blocks to be added to the blockchain.
Despite the high level of security in blockchain environments, attack vectors have been
identified by experts. In some cases, hackers have been successful in their attacks. In
this section we will discuss these attack vectors as well as how blockchain participants
can reduce exposure. Finally, potential future security concerns will be discussed
together with alternative solutions.
4.1 Components of Security
The blockchain networks are secured by cryptography and hashing which is underlying
in digital signatures, mining, and Merkle trees. Together with the consensus mechanism, blockchain has been designed to ensure the immutability of transactional data.
Cryptography Basics
Cryptography is the method of using advanced mathematical principles in storing and
transmitting data so that only the intended recipients can read and process the data.
The message is encoded, or encrypted, in such a way that it cannot be read or understood by an unintended person. Today, coded messages use algorithms such as
Advanced Encryption Standard (AES) or Rivest-Shamir-Adleman (RSA). The encryption
and decryption processes are so highly complex and math intensive that computers are
required for them.
Cryptography algorithms are either symmetric or asymmetric. The differentiator
between these two forms of cryptography is that symmetric cryptography uses a single
key, while asymmetric cryptography uses two different but related keys.
Symmetric cryptography
Symmetric cryptography uses the same cryptographic key for both the encryption of
plaintext and the decryption of the ciphertext. The keys may be identical, or there may
be a simple transformation calculation to go between the two keys.
www.iubh.de
Unit 4
83
Security of Blockchain and DLT
Most symmetric algorithms use either a block cipher or a stream cipher. A block cipher
converts the plain text by taking one block at a time, while a stream cipher converts the
text by taking one byte at a time. Block cipher uses 64 bits or more, while a stream
cipher uses 8 bits.
AES is a symmetric block cipher developed in 1998 and chosen by the United States
government to protect classified information. AES can support 128 bit data and has a
key length of 128, 192, and 256 bits, being referred to as AES-128, AES-192, or AES-256,
respectively. AES uses progressively more cycles, referred to as rounds, in the encryption process to deliver the final cipher-text, or in the decryption process to retrieve the
original plain text.
Symmetric cryptography is faster and requires less computer power. However, symmetric cryptography relies on the distribution of keys, because the same key is used to
encrypt and decrypt the information, opening up a security risk. For example, if user A
sends user B data that is secured by symmetric cryptography, user A must share the
same key used for encryption with user B so that the message can be decrypted. If the
data and key are intercepted by a malicious actor, the malicious actor has the ability to
decrypt the data.
Asymmetric cryptography
Asymmetric cryptography, or public key cryptography, uses a pair of keys. The public
key is shared widely while the private key is known only to the owner. Either key can be
used to encrypt the message, while the other key is used to decrypt the message. In
asymmetric cryptography, a mathematical relationship or pattern exists between the
public and private keys. Because this pattern could potentially be exploited by attackers, asymmetric keys need to be much longer to result in a sufficient level of security.
For example, a 128-bit symmetric key and a 2,048-bit asymmetric key result in similar
levels of security.
www.iubh.de
84
Unit 4
RSA, founded in 1977, is an asymmetric block cipher. RSA uses a variable sized encryption block and a variable sized key. It uses two prime numbers to generate the public
and private keys. The sender encrypts the message using the receiver’s public key. The
receiver decrypts it with their private key.
Asymmetric cryptography does not rely on key distribution because public keys are
used for encryption and private keys are used for decryption. However, asymmetric
cryptography is slow and requires more computing power because of the longer key
lengths. With asymmetric cryptography, if user A sends data to user B encrypted with
user B’s public key, user B will be able to decrypt it with his private key. A malicious
actor would not be able to decrypt the data because they lack user B’s private key.
Asymmetric cryptography can be used for asymmetric encryption and for digital signatures, which may or may not include encryption.
Encryption
Encryption provides confidentiality. The encryption process encrypts the data with the
public key, and the data can only be decrypted with the corresponding private key. The
sender uses the recipient’s public key to encrypt, while the recipient uses their private
key to decrypt it.
Digital signing
Digital signing binds the identity of the sender to the data. The sender’s private key is
used to write the digital signature. The recipient uses the sender’s public key to verify
that the data is truly from the sender.
www.iubh.de
Unit 4
85
Security of Blockchain and DLT
Hashing
A cryptographic hash function is a third type of cryptographic algorithm. Hashing is a
mathematic algorithm that takes data of any length and produces a string of fixed
length, called a hash. Originally, hashing was introduced to create checksums and indices of data. In the current context, we are interested in cryptographic hashing which is
one-way. It is infeasible to use the output of the hash function to reconstruct the given
input.
Any change in data, no matter how slight, will generate a different hash output value.
The integrity of the data can be validated by using the signer’s public key to decrypt
the hash. The decrypted hash can then be matched to a computed hash of the same
data. If they match, then the data is the same. If they do not match, the integrity of the
data has been tampered with.
In summary, cryptographic hash functions have the following characteristics:
•
•
•
•
Deterministic — No matter how many times you give a function a specific input, the
output will always be the same.
Irreversible — The input cannot be determined from the output of the function.
Collision resistance — Every hash function has the potential to have collisions, the
same output being generated by two different inputs. The inputs to a hash function
can be of any length. This means there are infinite possible inputs that can be
entered into a hash function. However, outputs are of a fixed length. This means
that there are a finite number—an extremely large number— of outputs that a hash
function can produce. A fixed-length means a fixed number of possibilities. Since
the number of inputs are essentially infinite, but the outputs are limited to a specific number, it is a mathematical certainty that more than one input will produce
the same output (Daniel, 2018b). The odds of a collision are very low, especially for
functions with very large output sizes. As available computational power increases,
the ability to force hash collisions becomes more and more feasible (Privacy Canada, 2019).
Changing any bit of data in the input will significantly alter the output. For example
the hashed outputs of 111111 and 111112 are unrelated (Lai & O'Day, 2018b).
Cryptography and Blockchain
Digital signatures
Digital signatures use asymmetric cryptography to ensure that the message has the following features:
•
•
•
created by the claimed sender (authentication),
the sender cannot deny having sent the message (non-repudiation), and
the message was not altered in transit (integrity).
Digital signatures are created using the following three algorithms:
www.iubh.de
86
Unit 4
•
•
•
key generation algorithm to generate a private and public key,
signing algorithm that combines data and private key to create a signature, and
an algorithm that verifies the signature and determines the authenticity of the message based on the message, the public key, and the signature.
A digital signature can be used with any kind of message, whether encrypted or not.
Using the example of an encrypted digital signature, to create a digital signature, a one
way hash of the electronic data to be signed is created. The private key is then used to
encrypt the hash. The encrypted hash, along with other information such as the hashing algorithm, is the digital signature.
Using the crypto wallet as an example, the wallet address is a string of numbers and
letters generated using the public key. The private key associated with the wallet is kept
secret by the owner and is used to prove ownership of — and control the use of — the
wallet. A combination of an owner’s public key and private key encrypts the information, while the recipient’s private key and sender’s public key are needed for the
decryption.
The Bitcoin blockchain uses Elliptic Curve Digital Signature Algorithm (ECDSA) as its digital signature scheme for signing transactions. ECDSA requires smaller keys compared
to non-elliptic curve cryptography, such as RSA, to provide an equivalent level of security. As a result, it is the preferred algorithm when there is a requirement for faster processing.
ECDSA is based on the algebraic structure of elliptic curves over finite fields. An elliptic
curve has the equation of y2 = X3 + ax + b with a chosen a and b. There are a number
of curves that are known, with Bitcoin using the secp256k1 curve along with the ECDSA
algorithm to generate a 256 bit digital signature.
www.iubh.de
Unit 4
87
Security of Blockchain and DLT
Hashing
Cryptographic hashing is the component of blockchain technology responsible for the
immutability, or inability to change previous blocks, of the blockchain.
Hashes are used in blockchains to represent the current state. The input to the hash
process is the entire state of the blockchain, meaning all the transactions that have
taken place so far. The produced output hash represents the new current state which
includes the additional transaction.
Hashing is involved in four main processes:
•
•
•
•
verifying and validating account balances of wallets,
encoding wallet addresses,
encoding transactions between wallets, and
making block mining possible (Seth, P. 2018). Hashes are used by the proof of work
consensus algorithm that is required to be solved to get a block.
Every block being added to the blockchain contains a hash output of all the data in the
previous block. For example, the 100th block of a blockchain contains a hash of all the
data in block 99, while block 99 contains a hash of the data in block 98, etc. Every block
from the 100th to the 1st is linked by cryptographic hashing.
If someone changed data in any block, it would result in a change to the hash output
of that block’s data as well as every block higher in the chain. Miners would identify
that hashes don’t match their version of the chain and will reject the change.
Bitcoin uses the hash function SHA-256, while Ethereum uses keccak256. SHA (Secure
Hash Algorithm) is part of a group of hash functions called SHA-2. The SHA-256 algorithm generates a fixed-size 256-bit (32-byte) hash. Keccak256 is the Ethereum-SHA-3
hash, generating an output 32-byte hash. SHA-2 and SHA-3 hash functions are both
considered to be secure standardized hash functions.
Mining
Mining is the process by which transactions are retrieved and added to the blockchain.
In order for a miner to create the previous block hash parameter in the block header,
the block header of the previous block must be processed through the SHA-256 algorithm twice, known as double-SHA-256. The SHA-256 algorithm is also used to produce
the Merkle root. This creates the block header of the new block, and the miner can
then begin the mining process. The block header (including the nonce) is then hashed
until the hash result is below the target, at which time the miner has succeeded in
mining the block.
Merkle trees
A tree, in computer terminology, is a term for storing data in a hierarchical tree-like
structure. The bits of data are called nodes. The topmost node has child nodes linked
under it, which each may also have child nodes. Groups of nodes are called sub-trees,
and a node with no children is called a leaf node. A Merkle tree stores hash outputs
instead of data in each node. The Merkle root is the topmost node of the Merkle tree,
www.iubh.de
88
Unit 4
meaning it represents a hash output of the combined hashes of the left and right subtrees. Using the Merkle root and applying the properties of cryptographic hash functions, it can be readily determined whether or not transactions in a given block have
been tampered with. Merkle trees allow blockchain users to verify that a transaction
has been included in a block without downloading the full blockchain.
In the example below, if you have the root hash (HABCDEFGH), you can confirm transaction (TH) by accounting for hashes (HG), (HEF) and (HABCD). If those three hashes are on a
blockchain, then transaction (TH) is valid.
Consensus
Consensus rules on the network are used by the network nodes to validate a block and
the transactions within it. Every transaction that is transmitted must be approved by a
majority of the network nodes through a consensus-based agreement. Consensus
mechanism allows a blockchain to be updated, keeps all nodes in a network synchronized with each other, ensures that every block is true, and keeps miners incentivized. It
also prevents a single miner from controlling the blockchain network. Consensus guarantees that the nodes agree on the same state of a blockchain and that a single chain
is used.
www.iubh.de
Unit 4
89
Security of Blockchain and DLT
4.2 Attacks on Blockchain and DLT
Blockchain technology incorporates many factors that enhance security; however, it is
not immune from cyber-attacks. Users of blockchain technologies must understand the
security exposure in the mining process, at the end user level, and with the core blockchain code.
Manipulating the Mining Process
51% attack
The 51% attack is a technique that occurs when an attacker is in possession of at least
51% of the hashing power and uses that power to manipulate and modify blockchain
information. This attack starts by creating a chain of blocks privately, which is fully isolated from the real version of the chain. The attacker can defraud other users by sending them payments and then creating an alternative version of the blockchain in which
the payments never happened. At a later stage, the isolated chain is presented to the
network to be established as a genuine chain (Sayeed & Marco-Gisbert, 2019).
However, the computer power to conduct a 51% attack is quite expensive. Based on
numbers by TNW (Varshney, 2018), a one hour attack on Bitcoin would cost over $500K.
However, cryptocurrencies with a lower market cap could cost much less. For example,
the cost of a one hour attack on Litecoin would cost $68K, and Bytecoin would cost
$981. With the challenge of the cost of obtaining the necessary level of power, attackers
could band together as mining pools comprised of multiple well-powered miners, and
together, they would have more than half of the computing power of the network.
An attacker exploiting this vulnerability would have the ability to (Li et al., 2018):
•
•
•
•
reverse transactions and initiate double spending attacks,
exclude and modify the ordering of transactions,
hamper normal mining operations of other miners, and
impede the confirmation operation of normal transactions.
Toward the middle of 2018, attackers began springing 51% attacks on a series of relatively small, lightly traded coins including Verge, Monacoin, and Bitcoin Gold, stealing
an estimated $20M in total. In the fall, hackers stole approximaely $100K using a series
of attacks on the Vertcoin currency. In January 2019, hackers netted more than $1M from
Ethereum Classic, the first 51% attack against a top-20 currency (Orcutt, 2019).
Selfish mining
Selfish mining is when a miner or mining pool that comprises a large amount of the
network withholds blocks from the rest of the network. The selfish miner continues to
mine the next blocks, maintaining its lead. When the rest of the network is close to
becoming current with the selfish miner, the selfish miner releases the solved blocks
www.iubh.de
90
Unit 4
into the network. The result is that the chain of the selfish miner is longer and more
difficult so that the rest of the networks adopts their blocks and the selfish miner
claims the block awards.
Majority hash attacks and mining centralization
As described in the 51% and selfish mining attacks, a group, or pool of miners is stronger than any one miner. Mining centralization is a significant concern in the proof of
work (PoW) mining pools as a mining pool can compute more hashes and, therefore,
have a better chance of solving problems than single miners. Pools with immense
hashing power can make the network more vulnerable to attacks. Seven out of ten of
the major Bitcoin mining pools are based in China. The domination of the few mining
pools has structured the blockchain so that it is comparable to a centralized network
(Sayeed & Marco-Gisbert, 2019).
Double spending
Double spending is when a user purposely uses the same cryptocurrency multiple
times for blockchain transactions. In order to accomplish double-spending, attackers
first spend the currency in a legitimate chain, then build another chain privately where
the attacker’s coins are not spent. Once the privately mined chain is sufficiently long,
the attackers present the new chain to the network. Since the new chain is longer than
the one being used, the new chain will be used by the network as the legitimate chain,
discarding the blocks where the attackers spent their coins. Blockchain recommends
the receipt of a minimum of six confirmations to assure that the currency is not double
spent. Various exchanges grant a transaction approval after six confirmations to mitigate the double-spending issue; nevertheless, attackers with 51% hashing power can
keep building blocks secretly at a faster pace and carry out double-spend regardless of
the number of confirmations set by the exchanges (Sayeed & Marco-Gisbert, 2019).
Distributed denial of service (DDoS)
A blockchain-based DDoS could occur if rogue wallets push a large number of spam
transactions to the network. This would increase the processing times, as nodes would
be consumed with checking the validity of the fraudulent spam transactions. In March
2016, the Bitcoin network was slowed as a result of a Bitcoin wallet pushing a large volume of transactions with a higher than average transaction fee. The high transaction
fee incented the miners to prioritize the fraudulent transactions.
Balance attack
In a balance attack, the attacker identifies subgroups of miners of equivalent mining
power and delays messages between them. After the attacker introduces the delay
between the subgroups, the attacker issues transactions into subgroup A. The attacker
then mines enough blocks in subgroup B to ensure that the subtree of subgroup B outweighs that of subgroup A. Even though the transactions of subgroup A are committed,
the attacker can rewrite the block that contains the transactions by outweighing the
subtree containing the transaction. In an example, let b2 be a block present only in the
blockchain viewed by subgroup B, but absent from the blockchain viewed by subgroup
A. In the meantime, the attacker issues transactions spending coins in subgroup A and
mines a blockchain starting from the block b2. Before the delay expires, the attacker
www.iubh.de
Unit 4
91
Security of Blockchain and DLT
sends their blockchain to subgroup B. After the delay expires, the two local views of the
blockchain are exchanged. Once the heaviest branch that the attacker contributed to is
adopted, the attacker can reuse the coins in new transactions.
Eclipse attack
An eclipse attack involves the attacker targeting a specific node in order to cut off the
targeted node’s communications with other nodes. The targeted node would receive an
incorrect view of the blockchain, which the attacker is using either to segregate the targeted node, or as a springboard for further attacks. It can be seen that an eclipse
attack might start the work towards a 51% attack. By isolating a group of rival miners
from the network, it enables the attacker to gain a larger percentage of the hash power.
If user A is the malicious actor, user B is the isolated node and user C is another network entity, then user A would be able to send a payment to user C and then send the
same transaction to user B. User B is unaware that those funds have already been
spent as all their outbound connections route through user A who is able to suppress
and manipulate the information that user B receives. User B will accept the coins and
only later, when they connect to the “true” blockchain, will they find out that they have
been lied to and in reality have received nothing (Radix, 2018a).
Sybil attack
A Sybil attack is an attempt to control a peer network by creating multiple fake identities. Fake identities may appear to be unique users, however, it is possible that a single
entity controls many identities. As a result, a single entity can influence the network
because the entity is working under many pseudonyms. Sybil attacks are subversive
and easy to conceal, and it can be difficult to tell when a single entity controls many
accounts (Garner, 2018a). Both proof of work (PoW) and proof of stake (PoS) consensus
mechanisms provide some inherent defense against Sybil attacks based on resource
demands. A Sybil attack on a proof of work (PoW) consensus network demands a large
amount of computing resources while a proof of stake (PoS) consensus network
requires large amounts of the underlying currency.
The first way to mitigate a Sybil attack is to raise the cost of creating a new identity. The
challenge is that there are many legitimate reasons, such as redundancy, resource
sharing, reliability, and anonymity, for an entity to have multiple identities (Garner,
2018a).
A second way is to require a form of trust before allowing a new identity to join the
network, for example, the implementation of a reputation system where only established, long-term users can invite or vouch for new entrants to the network (Garner,
2018a).
The third way is to weight user power based on reputation. Users that have been
around the longest and proven themselves receive more voting power on communal
decisions (Garner, 2018a).
www.iubh.de
92
Unit 4
Criminal Activity
One of the fundamental aspects of blockchain is anonymity. As a result of this anonymity, users can buy and/or sell any product or service, including ones that are illegal,
with minimal fear of being identified. Additionally, they are less likely to be subject to
legal sanctions.
A Bitcoin user, for example, will have multiple Bitcoin addresses, and there is no connection to their real identity. Actual criminal activities with Bitcoin have included the
following.
•
•
•
•
•
Pornography: In a study by Matzutt et al. (2018), files were discovered on Bitcoin that
contained objectionable content such as links to pornography. That data is distributed to all Bitcoin participants. The security of a blockchain is based on the fact that
past entries cannot be altered, so, blockchain nodes may not be able to delete the
objectionable data. Yet, having the blockchain could potentially put those in possession of it in an uncertain position that could be addressed differently by the laws of
different countries.
Ransomware: In 2014, ransomware CTB-Locker was spread as a mail attachment. The
victim had to pay the attacker a ransom amount in Bitcoin within 96 hours or lose
files that had been encrypted by the ransomware. In 2017, ransomware WannaCry
affected 230,000 victims in 150 countries in two days, exploiting a vulnerability in
Windows systems to encrypt users’ files and asking for a ransom in Bitcoin to
restore access to the files.
Underground market: Bitcoin is a common currency in the underground market. Silk
Road was an anonymous, international online marketplace that used Bitcoin as its
currency and was classified as the first modern darknet market, known as a platform
for the sale of contriband.
Money laundering: With anonymity and a worldwide presence, Bitcoin and other
currencies have become a platform for money laundering.
Criminal smart contracts: Criminals can leverage smart contracts for illegal activities,
such as the leakage of confidential information, theft of cryptographic keys, and real
world crimes, such as murder, arson, terrorism, etc.
End User Security Concerns
Private key security
If a user loses their private key, it cannot be recovered. If the private key is stolen, the
user’s blockchain account could be tampered with by the criminal who stole the key.
Some digital wallet providers are providing key management services to minimize
user’s risks. These services depend on passwords and authentication, adding yet
another area of vulnerability.
www.iubh.de
Unit 4
93
Security of Blockchain and DLT
Transaction privacy leakage
User behaviors can be inferred from the transactions conducted by the user. In order to
mitigate this, users are advised to assign a private key to each transaction so that
attackers cannot determine that transactions originated from the same user.
Platform Vulnerabilities
Blockchain code vulnerabilities
Like centralized applications, blockchain applications can unintentionally include coding errors that introduce risks. For example, hackers exploited a coding defect in the
source code of the decentralized autonomous organization (DAO), a virtual organization
using smart contracts on the Ethereum blockchain. Ethereum tokens valued at over
$50M were stolen when attackers exploited an unforeseen flaw in a smart contract that
governed the DAO. The flaw allowed the attacker to keep requesting money from
accounts without the system registering that the money had already been withdrawn.
Node platform vulnerabilities
Blockchain applications run on general purpose operating systems and servers that are
subject to hardware and software vulnerabilities. Organizations need to treat these
platforms with the same level of care as a business critical computing resources and
follow generally accepted cybersecurity practices.
External Resources
Oracles
Centralized data sources can be tampered with and data can be manipulated. This
“oracle problem” can be mitigated by sourcing data from multiple nodes, verifying the
nodes for reliability and trust before including them in the blockchain network.
Internet of Things sensor data
Dubbed the 4th Industrial Revolution, the Internet of Things (IoT) consists of a vast network of sensor nodes that will generate an unprecedented flow of global data. The
question is, how secure and trustworthy is the data? IoT devices are subject to significant threats and security attacks.
There are a number of potential problems with IoT data, including:
•
•
•
•
•
device connectivity,
corruptible/spoofable device identity,
the possibility to steal information from devices,
hacking into devices and spoofing data, and
physical tampering with devices.
Pollock (2018a) states that devices from well-known companies and other vendors have
serious breaches in their security systems with insufficient encryption and weak
authentication requirements.
www.iubh.de
94
Unit 4
A number of recommendations have been made to further secure the data provided by
IoT sensors.
•
•
•
Device firmware hashing: Device firmware can be hashed into a blockchain on a continual basis, so that any change to the firmware state due to malware can alert
device owners.
Device identity protocol: Each device has a blockchain public key. The devices
encrypt messages to each other (challenge/response) to ensure that the device is in
control of its own identity.
Device reputation system: A reputation scoring ecosystem with third-party auditors.
4.3 Resolving Bugs and Security Holes
Inherent Blockchain Transaction Security
Blockchain technology inherently provides stronger security than traditional, centralized computing.
Distributed ledger technologies increase resilience because there is no single point of
failure. An attack on one or a small number of nodes does not affect the other nodes.
They are able to maintain ledger integrity and availability and continue transacting with
each other.
Enhanced transparency makes it more difficult for attackers who are using malware or
manipulative actions. Each node has an identical copy of the ledger so that participants can detect the efforts of an attacker trying to corrupt or inappropriately modify
the historical transaction record. The encryption technologies that blockchain applications use to build and link blocks protects the individual transactions, the blocks, and
the ledger as a whole.
Consensus mechanisms protect new blocks by requiring network participants to validate new blocks, both individually and with past transactions.
Good Practices
A number of good practices are recommended to mitigate many of the security concerns of blockchain.
1. Key management
• stores keys securely
• uses multiple signatures when possible
• uses different keys to sign and encrypt
2. Privacy
www.iubh.de
Unit 4
95
Security of Blockchain and DLT
3.
4.
5.
6.
• encrypts transactions
• uses sharding to allow specific transactions to be validated by specific entities
• uses pruning to remove data from the ledger at certain period of time
• encrypts the ledger with more than one key
Code
• conducts code reviews
• applies software development life cycle principles
• does penetration testing
Consensus hijack
• monitors nodes to identify if one or more nodes increases processing power and
is executing a significantly high number of transactions
Reduce denial of service attacks
• restricts which nodes can offer new transactions for validation
• make it difficult for a node to issue a large number of transactions
• only accept transactions from authorized IP addresses
• have the possibility to block IP addresses as necessary
Governance
• uses smart contracts to allow certain entities to engage in certain activities
Sharding
This is the act of
partitioning data to
spread the load.
Pruning
This is the process of
removing non-critical blockchain information to have a
lighter data footprint.
Automated Solutions
Companies such as AnChain.ai are creating products that address blockchain hacking
threats. AnChain.ai uses artificial intelligence to detect suspicious activity. Additional
products scan smart contract codes and uncover vulnerabilities that can be resolved
through code changes.
ChainSecurity offers automated Ethereum token auditing services to ensure that Ethereum smart contracts behave exactly as specified to keep funds secure and compliant
with exchanges.
Correction with a Hard Fork
A hard fork is a major change to the network’s protocol that makes previously invalid
blocks and transactions valid, or vice versa. A hard fork requires all nodes or users to
upgrade to the latest version of the software. One path follows the new, upgraded
blockchain, while the other path is the old blockchain, hence the term fork. After a
short period of time, those on the old chain will likely realize their version of the blockchain is outdated and will upgrade to the new blockchain. Although many hard forks
are initiated as a result of implementation of improved features (for example, increasing block size or improving scalability), hard forks are also necessary when correcting
important security risks discovered in the old blockchain.
www.iubh.de
96
Unit 4
For example, the Ethereum blockchain created a hard fork to reverse the hack on the
Decentralized Autonomous Organization (DAO). After the hack, the Ethereum community almost unanimously voted in favor of a hard fork to roll back transactions made by
an anonymous hacker that siphoned off tens of millions of dollars of digital currency
(Frankenfield, 2019).
4.4 Long-Term Security
Blockchain as a Solution: Internet of Things
Internet of Things (IoT) is a fast-growing, cross-sector technology that may be
enhanced by blockchain technologies. Blockchain may offer security enhancements to
IoT devices, creating an internet of trusted things. Blockchain offers an IoT network,
including the following:
•
•
Device authentication: Devices can authenticate each other, ensure that communications with each other are valid, and detect and report rogue devices.
Network resilience: Devices can determine what normal device behavior is, identify
and quarantine devices engaging in unusual behavior, and flag outlier devices for
review (Butcher et al., 2019).
One-Way Functions and Quantum Computing
Blockchain relies on one-way mathematical functions to generate digital signatures.
These one-way functions are straightforward to run on a conventional computer and
difficult to calculate in reverse. One way that functions are used is to validate the history of transactions in the blockchain ledger. The hash is easy to create, however, finding a block that would yield a specific hash value would be quite difficult, time-consuming, and resource intensive (Federov et al., 2018).
Quantum computers exploit physical effects, such as superpositions of states and
entanglement to perform computational tasks. A wrongdoer equipped with a quantum
computer could use Shor’s algorithm to forge any digital signature, impersonate a user,
and appropriate their digital assets (Federov et al., 2018).
In 1994, Peter Shor, the Morss Professor of Applied Mathematics at MIT, came up with a
quantum algorithm that calculates the prime factors of a large number far more efficiently than a classical computer. However, the algorithm’s success depends on a computer with a large number of quantum bits. While others have attempted to implement
Shor’s algorithm in various quantum systems, none have been able to do so in a scalable way with more than a few quantum bits (Chu, 2016). Some specialists believe that
this ability is more than a decade away, while other researchers believe that it could
happen sooner using quantum computational devices being developed by D-Wave,
Google, and other technology firms (Federov et al., 2018).
www.iubh.de
Unit 4
97
Security of Blockchain and DLT
Quantum computers will find the hash solutions quickly, enabling the few miners who
have quantum computers to monopolize the addition of blocks to the ledger. These
miners could sabotage transactions using the methods previously identified in this unit
(Federov et al., 2018).
Key Size and Quantum Computing
Post-quantum cryptography is the development of new cryptographic approaches that
can be implemented using today’s computers and will be resistant to attacks from
tomorrow’s quantum computers.
One approach is to increase the size of digital keys so that the number of permutations
that need to be searched using brute computing power rises significantly. For example,
doubling the size of a key from 12K bits to 256 bits squares the number of possible permutations that a quantum machine would have to search.
Another approach involves coming up with more complex trapdoor functions that even
a very powerful quantum machine would struggle to crack. Trapdoor functions are
mathematical constructs that are relatively easy to compute in one direction to create
keys, while very hard for an attacker to reverse-engineer.
Researchers are working on a wide range of approaches, but need to find one or more
that can be widely adopted. The United States National Institute of Standards and
Technology launched a process in 2016 to develop standards for post-quantum encryption for government use. It has already narrowed down an initial set of 69 proposals to
26, but says that it is likely to be around 2022 before draft standards start to emerge
(Giles, 2019).
Summary
Blockchain networks are strongly secured by cryptography and hashing, which provides the underlying security provided by digital signatures, mining consensus
mechanisms and Merkle trees, and the blockchain components that ensure the
immutability of transactional data.
Despite these strong security mechanisms, blockchain is still vulnerable to security
attacks. These attacks are generally categorized into three groups.
Manipulation of the mining process, the miners, or the mining groups has the
potential to exploit vulnerabilities that make the normal mining operations of other
miners difficult and impede the confirmation process of normal transactions. The
potential result is transactions being reversed, excluding, or modified ordering.
End user security concerns include security of the end user’s private key, and the
ability to identify a chain of activity to one source.
www.iubh.de
98
Unit 4
Platform concerns include code development and platform operational vulnerabilities. The platform concerns are similar to those in a centralized environment and
must be managed in a similar manner.
Long term, blockchain environments need to position and improve themselves to
address improved computing platforms that speed up processing capabilities.
Faster platforms gives miners or mining groups with nefarious intent the power
over their miner peers and, therefore, the ease by which to conduct security
attacks.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 5
Blockchain and DLT Application
Scenarios
STUDY GOALS
On completion of this unit, you will have learned …
… that blockchain offers many opportunities for implementations in the personal
consumer world as well as in industrial and governmental settings.
… about industries that have blockchain opportunities, including a summary of the
industry, opportunities for blockchain implementations, and examples of
implementations.
… that personal identity and Internet of Things (IoT) are two areas that could underpin
blockchain implementations.
DL-E-DLMCSEBCQC01-U05
100
Unit 5
5. Blockchain and DLT Application Scenarios
Introduction
As a decentralized technology, blockchain offers itself as a platform for many solutions
for the personal consumer, as well as for the commercial environment. Finance, supply
chain management, healthcare, governmental transactions and smart cities, real estate,
sports, entertainment, vehicles, and more have functioned with increasing levels of
automation over the past 50 years; however, the automation has not necessarily kept
up with the way that consumers in the 21st century chose to conduct business.
Blockchain offers a way to conduct business in a manner that is secure, transparent,
traceable, and immutable. Whether people or “things,” blockchain solutions safeguard
identity and leverage the value of data.
5.1 Benefits and Limits of Applying Blockchain and DLT
Blockchain offers inherent capabilities that can potentially provide significant improvement to the many functions of business and personal interactions.
Benefits
Blockchain is a distributed ledger. Participants in the network share the same data
rather than individual copies, which could potentially be different. The shared version
of the blockchain is updated through consensus, meaning that participants agree on
the data. Changing one record requires the alteration of subsequent records and the
participatory collusion of a sufficient number of rogue miners. As a result, data on the
blockchain is more accurate, consistent, and transparent than paper processes and
some centralized systems.
•
•
•
•
•
•
www.iubh.de
Security: Transactions must be approved, encrypted, and linked to the previous
transactions/blocks before they are recorded on the blockchain.
Transparency: Everyone involved has access to the same information, allowing trust
between participants without intermediaries.
Protection: It is nearly impossible to alter or overwrite information on the blockchain without the knowledge and agreement of the other parties, which results in
the protection against fraud and disputes.
Traceability: Blockchain is a permanent trail from the beginning of its creation that
provides a full audit trail. Transactions written on the ledger cannot be undone.
Reduced costs and increased efficiencies: Blockchain transactions can be direct
transactions between participants and can eliminate involvement and expense of
third parties.
Privacy: Blockchain transactions separate your identity from your transaction.
Unit 5
101
Blockchain and DLT Application Scenarios
Limits
Security and privacy
The security of blockchain makes it a problem for privacy. The European Union’s General Data Protection Regulation (GDPR), which became effective in 2018, and the California Consumer Privacy Act (CCPA) of 2018 which became effective January 1, 2020, guarantee that individuals retain a certain amount of control over personal data and
information. However, blockchain applications are intended to prevent individuals from
changing data within their digital ledgers. Article 16 of the GDPR grants the right to rectify personal data retained by a person or entity that makes decisions about processing
a data subject’s personal data. Article 17 grants the right to require the deletion of all
personal data. Article 18 grants the right to place restrictions on the processing of personal data. The CCPA gives the consumer the right to instruct a business not to sell personal information to a third party, meaning that a business that tries to sell a blockchain network will have a difficult time removing individuals from the chain (Cheng et
al., 2018).
Pseudonymous
Identity on the blockchain is pseudonymous as a user’s pseudonym is their public
address, rather than standard identification data of name, address, phone number, etc.
The complicated public address masks the user’s identity. A user who uses the same
public address, however, makes it possible to tie together their transactional activity. It
is recommended that each transaction uses a new address to avoid the linkage of
transactions to a common owner.
Throughput
The consensus mechanism for blockchain bottlenecks the scalability of blockchain. In
order to promote increased acceptance and adoption of blockchain solutions in industry, scalability needs to be improved.
Storage
Blockchain is designed so that each node maintains a copy of the blockchain and the
blockchain contains every transaction from the beginning of time. This design requires
significant storage capacity and the associated costs to maintain same.
Cost
The cost of conducting business transactions on blockchain has fluctuated based on a
number of factors, primarily based on supply and demand of processing resources.
Energy efficiency
Use of the proof of work consensus mechanism on many blockchain networks
demands an increasing amount of processing power resulting in consumption of a high
amount of electricity, and at a cost. This has resulted in the location of some of the
largest nodes or processing pools being in countries where electricity is less costly
such as China and Venezuela.
www.iubh.de
102
Unit 5
Regulation
Due to a lack of regulation specific to blockchain, scams, hackers, and other nefarious
activities result in an environment that is not without risk.
Industry Growth
A study conducted by PWC (2018) shows that financial services is the leader in blockchain implementations. Manufacturing/supply chain, energy, and healthcare follow,
with government, retail, and entertainment further behind. Although the later industries are not considered leaders, they are actively pursuing opportunities that may
make them leaders in the not too distant future.
In addition to industrial sectors, individual countries have given an indication of their
projected growth of blockchain as a platform for their transactional activity.
www.iubh.de
Unit 5
103
Blockchain and DLT Application Scenarios
Blockchain engagement has shifted and will continue to do so. Gartner forecasts that
blockchain will generate an annual business value of over $175B by 2025 and rise to
over $3T by 2030. A shift is currently being experienced. In 2017, 82 percent of the blockchain use cases were in financial services, dropping to 46 percent by 2018. Industrial
products, energy and utilities, and healthcare are all expected to grow (Groombridge,
2019).
The early center of blockchain focus in United States and Europe is expected to shift to
China within three to five years (Groombridge, 2019).
Common Foundations to Support Use of Blockchain in Multiple Industries
Personal identity
Almost all of the industries that will be discussed in the upcoming sections require
identity authentication and authorization. Verification is a part of our worldwide commerce and culture.
The current standard for personal identification leaves the opportunity open for identity theft, sale of personal data, and more.
www.iubh.de
104
Unit 5
•
•
•
Companies sell personal identity information. Personal information is a commodity.
The buying and selling of user data is instrumental to corporate marketing strategies.
Identity theft happens when a fraudster gets access to personally identifiable information (PII). These fraudsters might use the data directly or they may sell it to other
parties. PII data is highly valuable to different parties for different reasons.
Excessive reliance on cloud storage sets the stage for security issues and vulnerabilities.
Solving personal identity with blockchain
Blockchain technology offers a platform where identity can be authenticated in an irrefutable, immutable, and secure manner. A universal blockchain identity could be accepted wherever personal information is required. Blockchain provides technology to make
self-governing of identities possible, empowering individuals to fully own their identity
information. This reduces the spread of data across multiple centralized data stores
and protects against identity theft.
Thing identity (or Internet of Things)
Identity management is also for devices. There are approximately seven billion internet
connected devices, a number that is expected to grow to 10 billion by 2020, and to 22
billion by 2025. IoT devices and objects include vehicles, appliances, sensors, monitors,
and more. While many consumers have internet-connected devices, such as appliances,
in their home, many industries and governments use IoT devices to improve operations
and/or provide a better environment in which to live and work.
The key challenges of IoT are the tracking and management of the individual devices,
as well as the collection and management of the tremendous amount of data generated by the connected devices.
Solving IoT with blockchain
Blockchain technology can be used to track connected devices and process transactions and coordination between the devices. A decentralized approach eliminates single points of failure, creating a more resilient ecosystem for devices. The cryptographic
algorithms used by blockchains also keeps the consumer-related data more private.
Top benefits of decentralizing IoT include the following:
•
•
•
•
www.iubh.de
Improved security: Distributed networks lack a single point of entry for hackers and
cryptography makes hacking very difficult.
Tamper-proof data: DLT uses asymmetrical cryptography to timestamp and immutably store IoT data and other related information on the ledger.
Trustless: All parties and devices using IoT will use the distributed ledger to verify,
and smart contracts to automate, the processing of the data being captured by the
many devices.
Autonomy: Smart devices can act independently and can monitor themselves to
assure the overall system of their health and connectedness.
Unit 5
105
Blockchain and DLT Application Scenarios
IoT is a foundation for many industries to be discussed. The following is a list of the
potential examples of IoT-based applications which will be described in detail in the
next few sections.
•
•
•
Supply chain: Sensors on products and/or containers can provide end-to-end visibility of the movement of products.
Vehicles: Sensors in vehicles can provide a full record of the vehicle and the parts
within the vehicle. This will improve the way vehicles are bought and sold.
Energy: Connected devices can offer energy grid surpluses in a peer-to-peer environment.
5.2 Financial Services
Finance
Industry summary
Centralized banking is commonly understood. Fiat funds are deposited to a bank where
they are stored. Banks serve as an intermediary between their depositors and the
funds. The current centralized banking system is used for the following reasons:
•
•
•
Efficiency: Convenient bank locations, web portals, and mobile apps allow customers
to bank anywhere, anytime. Banks also provide loans, debit cards, credit lines, and
more.
Security: Storing funds in a centralized bank insures funds against theft and fraud.
Interest: Although interest rates are low, depositors receive a small amount of interest reward for allowing the bank to hold and invest deposited funds.
Opportunities for improvement
There are opportunities in money management to eliminate overhead and increase
efficiencies. While it is unlikely that decentralized financial platforms will eliminate
centralized financial platforms, blockchain platforms offer a way that banks can adopt
decentralized platforms and improve upon some of the following areas:
•
•
•
•
Efficiency: Moving to a global economy, across time zones, there is a demand to
improve cross border transactions so that they can be executed in a timely manner.
Security: Centralized banking systems are vulnerable because there is one institute
with controlled access to funds.
Potential for increased value: The interest rates in mid 2019 were between one and
two percent. There is a potential for a higher return on investment for digital assets.
Cryptocurrency value is determined by the use of the currency and the network. The
higher the demand, the more likely it is that the value will increase.
Lower costs: Costs for transactions, specifically domestic or international wire fees,
will be reduced significantly.
www.iubh.de
106
Unit 5
Financial Applications
Know-Your-Customer
Know your customer (KYC) and anti-money laundering (AML) regulations are burdensome for banks and insurance companies. KYC is the verification of the identity of the
customer to assess suitability and determine risk of illegal intentions. Each financial
service institute has to onboard each customer. With the use of a blockchain, a customer can be onboarded once. Any financial institute that the customer is to engage
with can request access to the on-chain documentation.
Mutualizing financial transaction information and simplifying the KYC onboarding via a
distributed ledger, Goldman Sachs estimates that American banks can save $3—5B in
AML compliance costs. Elimination of onboarding duplication efforts, improved quality
of data, and improved security have been identified as significant benefits (Kehoe et al.,
2019).
Cognizant and Indian insurers have combined to collect and share KYC data, IBM has
partnered with HSBC, Mitsubishi UFG, and Deutsche Bank in a KYC platform, and the
State Bank of India (SBI) went live with a KYC system with a consortium of 27 banks
(Mukherjee, 2018).
Blockchains can provide a transparent and accessible system of record for regulators.
They can also be coded to authorize transactions which comply with regulatory reporting. For example, banks have reporting obligations to agencies such as The Financial
Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the
Treasury. Every single time they authorize a transaction of more than $10,000, they must
report the information to FinCEN, who stores it for use in an anti-money laundering
database.
Global payments
Blockchain enables financial institutes to make cross-border money transfers, providing a number of benefits which include:
•
•
•
•
real time settlement of international money transfers,
reduction of liquidity and operational costs,
direct interaction between sender and beneficiary banks and elimination of the role
of correspondents, and
smart contracts can capture obligations and drive reporting.
Distributed ledger technology (DLT) allows for oversight because the transactions on
the ledger are recorded and immutable. Blockchain allows financial institutions to create direct links with each other.
The following figures show the current process and pain points, as well as the future
depiction using blockchain with the benefits.
www.iubh.de
Unit 5
107
Blockchain and DLT Application Scenarios
www.iubh.de
108
www.iubh.de
Unit 5
Unit 5
109
Blockchain and DLT Application Scenarios
www.iubh.de
110
Unit 5
Included in the payment cycle is the clearing and settlement process. Financial institutions conduct a complex reconciliation process for interbank transactions. The goal of
the process is to ensure that the banks are in agreement about the transactions conducted over the day. It is estimated that the three-day clearing and settlement cycle
loses $20 billion annually in associated costs.
Santander launched a blockchain-based service called Santander One Pay FX in 2018 to
make same-day international money transfers. As of mid-2019, only customers in the
United Kingdom and Spain can send money to the United States over One Pay FX.
Santander is planning to add Latin American countries to the network (Browne, 2018).
Money lending
Financial institutions are using blockchain to automate syndicated loans that are provided by a group of lenders who work together to provide credit to a large borrower, typically in excess of $1M or more. In 2018, three banks completed a syndicated loan of
$150M to Red Electrica, the Spanish grid operator, on the blockchain, demonstrating
that transactions can be simplified and made faster. The processing time was reduced
from two weeks to two days (Noonan, 2018).
www.iubh.de
Unit 5
111
Blockchain and DLT Application Scenarios
Credit reports
In order to make large purchases, one needs to establish credit and prove a credit
score. Credit bureaus such as Equifax and Experian have been acting in the capacity of
intermediary for the sharing of customer data. Banks give the credit bureaus their customer information for free and then have to purchase it back in the form of credit
reports. As a result, lenders are very interested in a peer-to-peer system that eliminates the middleman (the credit bureau). Blockchain credit reports save time and
money, as well as storing data on the immutable ledger while protecting user identity,
therefore eliminating the credit report being kept on a central storage device at a credit
bureau. Spring Labs is partnering with 16 lenders to eliminate credit bureaus from their
role in granting loans to individuals and companies. This method of information sharing supports the credit application process without sharing the identities of the lenders and customers (Leising, 2019).
Asset tokenization
Asset tokenization is the representation of assets in the form of tokens on the blockchain. They are designed to be unique, secure, instantly transferable, and digitally
scarce. Today, third parties need to execute transactions between buyers and sellers,
and parties need to wait for resolution and pay the associated fees.
Tokenization of assets is the process of issuing a blockchain token (a security token)
that digitally represents a real tradable asset. The security token can represent a share
in a company, ownership of a piece of real estate, or participation in an investment
fund. Tokenization gives the advantage of the following advantages:
•
•
•
•
Greater liquidity: Tokens can be traded on a secondary market.
Faster and cheaper transactions: Transactions are completed with smart contracts.
More transparency: Token is capable of having the token-holder’s rights and legal
responsibilities embedded directly onto the token, along with an immutable record
of ownership.
More accessible: Opens up asset investments to a wider audience as a result of
reduced minimum investment amounts and periods.
Future Opportunities
Automated compliance
Financial statements (balance sheet, income statement, etc.) could be produced in real
time with the potential for real time audits, enhancing compliance and regulatory oversight. Blockchain financial reports could be readily released to corporate management,
investors, and stakeholders. Regulators could access information in real time to understand and address risks to financial markets.
Equity trading
Blockchain could participate in equity trading platforms to buy and/or sell stocks.
Blockchain and smart contracts have the potential to facilitate post-trade processes
and reduce settlement times. Doing so eliminates the wait time investors encounter
when selling stocks and awaiting access to funds for reinvestment or withdrawal.
www.iubh.de
112
Unit 5
Insurance
Industry summary
The insurance industry has been conservative and risk-adverse in its adoption of technological improvements. Insurance is protection against financial loss. An insurance
policy is a contract between the insurer, the insurance company, and the policyholder.
The policyholder purchases a liability policy to protect their property, assets, and or
self (life). Insurance companies underwrite the policy to evaluate the risk being taken
to provide the insurance. The higher the risk calculation, the higher the premium.
Opportunities for improvement
The insurance industry has an extensive list of areas that could be improved including
cutting costs, increasing efficiencies, enhancing customer experience, and improving
data quality, collection, and analytics.
Research has shown that 46 percent of insurers expect to integrate blockchain solutions in the next two years, and 84 percent believe that blockchain and smart contracts
can revolutionize their engagement with partners. Whether enhancing existing insurance processes (for example, paying claims) or enabling new insurance practices
(shared database between different insurers), blockchain solutions render savings, efficiencies, and other benefits (Kehoe et al., 2019).
Ideas for improvements to the insurance industry with blockchain include the following:
•
•
Streamline underwriting, claims, payment, and reinsurance processes. Smart contracts may eliminate the need for a representative to make a claim as the smart
contracts can trigger actions automatically when a specific event occurs.
Reduce fraud and expenses incurred with processing fraud. This is a saving of up to
$10B industry-wide, the savings of which will pass down to insurance customers
(CBInsights, 2019).
Vertical considerations
•
•
•
•
www.iubh.de
Health insurance: Decentralized applications in healthcare can help match patients
with providers in their area and automate the coverage process.
Automobile insurance: More affordable quotes and faster resolution of accident
claims. Less paperwork as all data related to previous damages and repairs to an
insured vehicle are accessible from the blockchain and makes estimation of actual
cash value an automated task.
Life insurance: DLT can combine the death claims and death registration processes
together with the insurance company, funeral home, government, and beneficiaries.
Event-based smart contracts can automate the processes between these parties.
Travel insurance: Event-based smart contracts can use oracles to understand when
payments for contracted coverage needs to be made.
Unit 5
113
Blockchain and DLT Application Scenarios
Insurance claims
Insurance claims processing is complex and fraught with error. Insurance processors
have to manage fraudulent claims, fragmented data sources, abandoned policies, and
more.
Smart contracts can automate the parameters of a policy and execute actions automatically, dispersing funds when a valid claim is processed. The settling of claims can be
reduced from days or weeks to almost immediately without the need for paper documentation and data validation. Historical blockchain information reduces the potential
for fraudulent claims.
Insurwave was launched in 2018 by EY and Guardtime in collaboration with other insurance industry leaders, including Maersk, ACORD, Microsoft, MS Amlin, Willis Towers Watson, and XL Catlin. This platform uses blockchain technology to support marine hull
insurance. A new vessel is registered onchain and a premium is set by an algorithm,
followed by policy documents automatically distributed to carriers.
Details about the ship’s travel is recorded in real time, from location to weather conditions. When the ship moves through a risky area, this fact is recorded in its file and
used for future underwriting. Premiums are made more accurate, and claims can be
assessed and approved more quickly. Data quality is immeasurably improved, and the
immutable record of the ship’s life is accessible in real-time by various stakeholders for
improved trust and transparency (Kehoe et al., 2019).
Reinsurance
Reinsurance is when multiple insurance companies share risk by purchasing insurance
policies to offset potential loss in the case of a significant disaster. Blockchain can
streamline information and payments between insurers and reinsurers.
The Blockchain Insurance Industry Initiative (B3i) was formed in 2017 by a number of
Europe’s leading insurance and reinsurance companies, including Aegon, AIG, Allianz,
Munich Re, and Swiss Re. The group was incorporated in 2018 and is now owned by 16
insurance market participants around the world. Over 40 companies are involved as
shareholders, customers, and community members. Since 2017, B3i has put together a
smart contract for property catastrophe excess-of-loss reinsurance that rapidly reconciles accounts between an insurer and its reinsurers, without redundancy or latency.
Following an event, payouts are automatically calculated for the affected parties
(Mukherjee, 2018).
Peer-to-peer (P2P) insurance
Peer-to-peer (P2P) insurance is when a group of individuals with some degree of affinity (family, friends, business associates, etc.) team up and contribute to insure each
other against loss. If properly selective, this group can produce a lower loss ratio and
hence a lower cost for its members. Additionally, funds that are available in the pool at
the end of the coverage period can be refunded to the members. Blockchain can
enhance the efficiency and transparency of this model. Written premiums can be held
in escrow on a smart contract. Claims can be paid out from this smart contract when
the correct digital signature is applied. The smart contract’s code might designate that
www.iubh.de
114
Unit 5
the signature must come from a certain third-party assessor, but it can also require
that signatures be received from multiple members of the pool to validate the claim.
Members can be confident in the voting mechanism as the blockchain maintains an
immutable record of everyone’s decision.
Teambrella is a DApp that seeks to enable self-governing user communities to cover
each other for loss. Teams manage all coverage functions, including setting coverage
rules, accepting new members, appraising claims, and approving “reimbursements.”
Teammates make reimbursements from cryptocurrency wallets that they control. They
underwrite new members, who pay premiums on the basis of perceived riskiness. A
teammate’s liability is never greater than the funds in his or her wallet, and no other
member owes the teammate more than that amount in the event of a claim. These
rules are governed by open-source code (Mukherjee, 2018).
Fraud mitigation
Fraud is a major concern in the insurance industry. False and exaggerated claims result
in higher costs being paid by the honest policyholders. Insurance fraud costs insurance
companies in Ireland approximately €200 million annually. In the United States, fraud
costs non-health insurance companies more than $40 billion per year. A blockchainenabled database would help insurers to eliminate double-booking or processing of
multiple claims submitted for the same accident, and it would establish ownership of
high-value items through digital certificates to reduce counterfeiting; and reduce premium diversion (Mukherjee, 2018).
5.3 Supply Chain
Products
Industry summary
A supply chain is the movement of goods from point A to point B, how goods are
sourced and then distributed to the end user. Supply chain management is critical to
keep the movement of goods done in a time and cost effective manner.
As interconnectedness of all forms has grown in the past decades, supply chain tracking has failed to maintain parity with consumer demand for transparency in the sourcing of goods. With over 20M containers in transit at any one time, transporting more
than $20T of merchandise per year, processes need to be improved upon (Strukhoff &
Gutierrez, 2017).
Challenges include the following:
•
•
www.iubh.de
Visibility: Ships often do not have the details of what is being transported.
Speed: Due to time zones and logistics management, transactions across time zones
require third-party services.
Unit 5
115
Blockchain and DLT Application Scenarios
•
•
•
•
Counterfeiting and fraud: Global supply chains are not able to know the inventory
and quality of every item stored in locations out of their control.
Financial: There is no linkage between trade finance and the physical transfer of
inventory.
Expensive: All of the above challenges add to the costs, which ultimately are passed
on to the consumer.
Paper-based processes: Lead to a lack of real time information and duplication of
efforts by banks, importers, exporters, and carriers.
Opportunities for improvement
Improvements to the supply chain industry with blockchain include the following:
www.iubh.de
116
Unit 5
•
•
•
•
•
•
•
www.iubh.de
Traceability: Blockchain facilitates more transparent supply chain operations. Movement of a product from one location to the next will be documented on the public
ledger. Customers will know exactly where goods have come from. Using embedded
sensors and RFID tags, product information can be tracked back to the origin of the
product.
Transparency: Provide accurate information in real time and make it available publicly for satisfaction of financial commitments as well as making it available to all
involved parties.
Environmental: Sensors can capture the ambient factors (eg. temperature and
humidity) of the environment that the products are in.
Inventory management: DLT is ideal to manage multiple products across multiple
locations and share that information across multiple parties.
Financial: Smart contracts allow for payment to be released upon certain conditions,
and/or to hold payment between parties in escrow. Escrow amounts can be
released after shipment has arrived and has been confirmed.
Reduced carbon footprint: The reduction and prevention of errors allows for
improved efficiencies and less stock returned, resulting in greener transport.
Cost: All of the above reduces the overall cost of moving materials. With fewer middlemen, more reliable data, and faster operations, blockchain reduces the cost of
supply chain overhead.
Unit 5
117
Blockchain and DLT Application Scenarios
Supply chain implementation
To address the issues of inefficiency and to provide optimal document workflow, IBM
partnered with Maersk in a partnership known as Global Trade Digitization (GTD), to
provide support for physical document scanning and maintaining compliance with
SWIFT, the global interbank financial transaction network. GTD is expected to save the
trade finance industry billions of dollars by digitizing the supply chain process from
end-to-end in order to manage and track the paper trail of tens of millions of shipping
containers across the world. Thus, it is supposed to enhance transparency and enable
the highly secure sharing of information among trading partners.
•
•
•
The GDT platform is developed to enable real-time status visibility of each shipment, reduce fraud and errors, improve inventory management, eliminate delays,
etc.
Intended to be integrated with already established trade systems, the GTD looks to
provide trusted, tamper-proof, and cross-border workflows for digitized trade documents.
GTD improves visibility with blockchain through a shared communication network.
www.iubh.de
118
Unit 5
Food supply chain
Expanding upon provenance tracking, and tracing food from its origin to the supermarket allows for source of food-borne contaminants to be determined quickly.
IBM and Walmart are working together to digitally track food products from farm to
store shelves in Walmart and ultimately to consumers. Information is tracked along the
entire food supply chain, such as batch numbers, origination details, expiry dates, factory and processing data, and shipping details. Walmart aims to reduce waste, deliver
food to stores faster, cut down on the cost of logistics, and better manage product shelf
life (Joshi, 2018).
Using sushi as an example, if the fish was produced on a farm, the owner could upload
information about the farm itself, together with information about the people and fish
welfare. The blockchain could be used to record the food and water conditions. Fish
caught at sea could be tagged with information about the fishing method and storage
conditions. Similar information can be collected about the processing plant and transportation to the supermarket shelf. At point of purchase, scanning a smart label would
give the consumer ready access to this information (Tang, 2019).
Chemical industry
Radio Frequency Identification Tags (RFID) tags, attached to goods or containers, document the location and movement of goods along the supply chain.
Oracles can be used to gather and include information in the blockchain. Examples of
oracles might be electrical sensors, available environmental data, or other people who
deliver information from the physical world.
One of today’s challenges in the chemical industry is the growing need for battery storage capacity, as a result of the growing demand for electric vehicles. Battery technology
is heavily dependent on rare materials such as cobalt, which is mined in regions with
violent conflicts and poor working conditions. Companies and regulatory authorities
wish to prevent the procurement of minerals from these areas. Deloitte has developed
a solution where RFID technology is used to tag objects moving the cobalt along the
supply chain in order to capture relevant events. Oracles are used for steps conducted
by a camera or human that can confirm the loading or unloading of materials. Together
with measures of probability and timestamping, the authenticity of the sourced cobalt
is ensured with very detailed information, captured on the blockchain (Tang, 2018).
Luxury goods
Louis Vuitton SE (LVMH) created a solution with technology partners so that consumers
of luxury goods can access product history from raw materials through to the point of
sale, allowing authenticity to be proven at the point of sale and beyond. During production, each product is recorded on the shared ledger which is then made available to
the product’s consumer.
www.iubh.de
Unit 5
119
Blockchain and DLT Application Scenarios
Automotive
The entire vehicle history could be stored on an immutable, tamper-proof blockchain
to make purchasing a used vehicle trustless, or to enhance the resale value of a new
vehicle with the complete documentation of all repairs on a car captured in a public
ledger.
Energy and the Environment
Industry summary
Use cases for the energy industry are less recognized. However, the World Economic
Forum, Stanford Woods Institute for the Environment, and PWC, jointly released a
report identifying 65 existing and emerging blockchain use cases for the environment.
These include new business models for energy markets, real time data management,
and moving carbon credits or renewable energy certificates onto the blockchain (Consensys, n.d.-a).
Opportunities for improvement
Improvements to the energy industry with blockchain include reduced costs and environmental sustainability.
Oil and gas are heavily concerned with privacy and trade secrets. Private blockchain
networks can offer data permissioning and selective consortium access to preapproved parties (Consensys, n.d.-a).
Wholesale electricity distribution
Blockchain, combined with IoT devices, enables consumers to trade and purchase
energy directly from the grid rather than from retailers. Grid+ is a blockchain energy
company focused on wholesale energy distribution. Grid+ has identified retailers as the
reasons for inefficiencies in the consumer electricity market. Retailers own very little of
the grid infrastructure, but instead, they manage services that blockchain can replace,
such as billing and metering usage. Supplementing retailers with a blockchain-based
platform has the potential to reduced consumer bills by 40 percent while connecting
users directly to the grid allows them to buy energy at an even lower cost (Consensys,
n.d.-a).
Peer-to-peer energy trading
A peer-to-peer market is a shared network of individuals who trade and buy excess
energy from other participants. The Australian-based company, Power Ledger, has
linked communities together to create microgrids. Microgrids, although a layer on top
of a national grid, can be separate and self-sustaining.
LO3 Energy teamed up with Siemens to create a pilot microgrid using blockchain technology. Residents with solar panels can sell excess energy back to their neighbors in a
peer-to-peer transaction using blockchain (Power Technology, 2017).
www.iubh.de
120
Unit 5
Oil and gas segments
The upstream segment of the industry involves resource exploration and extraction
(national oil companies, oilfield services, large oil and gas companies, and independents). The midstream segment is the storing and transporting of resources once extracted. The downstream segment is the companies that refine resources into final products or sell to end users, such as gas stations. Blockchain technologies across the
entire life cycle allows for multi-party data coordination and asset tracking. Smart contracts can replace the time, energy, and money that is currently expended by all
involved parties.
5.4 Healthcare
Industry Summary
The centralized healthcare system as we know it today varies from country to country.
Most countries have a national healthcare system that distributes care centrally
through the government. In the U.S., there is a privatized for-profit health care system
with government programs for low-income individuals and the elderly. National healthcare systems, government administered programs, and privatized for-profit healthcare
all share similar pain-points as a result of decentralization and outdated technology.
High administrative fees, overpriced testing, duplicate treatments, fraud, and low-quality prevention methods make healthcare one of the most wasteful trillion dollar industries in the world. Ad hoc billing and insurance costs alone in the privatized U.S. system
are in the billions. Other wasteful spending is due to poor patient outcomes and lack
of preventative health care.
Opportunities for Improvement
Improvements to the supply chain industry with blockchain include the following:
•
•
www.iubh.de
Information sprawl: Important and private patient information is spread across multiple facilities. Patients with multiple providers are often left to coordinate their own
care and ensure that information is shared between providers. In addition to information sprawl, data quality is an issue with an estimate of up to 40 percent of
health records containing errors or misleading information (Stambolija, 2019). Blockchain could resolve the issue of data sprawl by providing an environment for all
data about the patient to exist in one location which can be made easily accessible
to providers on a permissioned blockchain.
General inefficiencies: From insurance companies to medical supply chains to providers, the outdated centralized systems of service do not support a patient’s ability
to obtain the best care at the best facility. It is estimated that $800 billion plus is
Unit 5
121
Blockchain and DLT Application Scenarios
spent on duplicate services that are a result of nothing more than low-quality communication between healthcare professionals (Blockchain applications in healthcare, 2019).
Electronic Health Records
Personal health records could be stored on the blockchain and made available only to
individuals that have been identified by the owner of the data. The health records can
include test results, surgeries, prescription drugs, healthcare supplies, etc.
Not just a data sharing issue, privacy of data and informational freedom are key. Data
protection law within the EU will be harmonized through the new General Data Protection Regulation (GDPR), which will make the requirements tougher for gaining permission to have data. In the United States, the HIPAA (Health Insurance Portability and
Accountability Act of 1996) is United States legislation that provides data privacy and
security provisions for safeguarding medical information.
There exists the opportunity for blockchain to be implemented in a manner to enable
the storage of complete data records while preserving patient privacy and empowering
patients to determine who will have access to what data and when. In healthcare, solutions in which patients themselves control who knows their identity, where to remain
pseudonymous, and which pieces of data to share are key. Storing patient data on
blockchain saves time and resources in health facilities which could be better used for
patient care and innovation. Estonia, one of the most digitally advanced countries in
the world, will use blockchain technology to protect citizens’ electronic health records
(Basu, 2016).
Drug Traceability
According to the World Health Organization (World Health Organization, 2018) approximately ten percent of drugs circulating in developing countries are either of low quality
or counterfeit. Substandard and falsified medical products contribute to antimicrobial
resistance and drug-resistant infections.
A blockchain-based system can provide a chain-of-custody record to track each step of
the medical supply chain. The transparency ability of blockchain can identify the path
of origin of the drugs, helping to eradicate the circulation of counterfeit drugs. Besides
tracking, the blockchain can ensure authenticity and facilitate safety recalls.
Incentivization
Smart contracts could enable micropayments to be made to patients to incentivize
specific behavior. Smart contracts can be established to release rewards to patients for
following a treatment plan, sharing their data for clinical research purposes, and/or
achieving agreed upon goals.
www.iubh.de
122
Unit 5
Administration and Finance
Blockchain is characteristically based on a transactional model. This model is suitable
for facilitating the transaction (patient visit, medical test, etc.) and it can expedite the
payment cycle of the insurance industry and healthcare providers. Claim accuracy can
be improved, reducing financial errors, delayed payments, fraud, miscoding of medical
procedures, etc., improving the system, reducing financial mismanagement, and
improving the focus on providing the necessary level of healthcare.
For example, the act of a patient checking in for a clinic visit, or logging into a virtual
appointment online, could be confirmed by the health system’s financial or clinical systems. This transaction could be combined with others from the same clinic that day
and uploaded to a blockchain that is accessible to the health plan. An employee at the
health plan could see the completed transaction and reimburse the health system
accordingly. Claims review could be streamlined because encounter data would be
accessible and easily verified on a blockchain. Health systems and physicians could
also connect with health plans to determine information about a patient’s health coverage, or to verify patient demographics.
5.5 Governments
Industry Summary
Local, state, and federal government bodies, depending on the country, provide a
lengthy list of services for their citizens. These might include
•
•
•
•
•
•
health and human services,
public safety,
transportation and infrastructure,
public works,
environment and natural resources, and
education.
Providing these services to citizens assumes a knowledge of the population demographics as well as the personal and private data of each citizen. Citizens need to conduct many transactions with governmental bureaus. In many countries, the transactions conducted for governmental purposes are still being done on systems that are
quite outdated. Some are manual, others are done on dated, siloed computer applications.
A smart city uses data and information technology to integrate and manage physical,
social, and business infrastructures to streamline services to its inhabitants while
ensuring efficient and optimal utilization of available resources. In combination with
www.iubh.de
Unit 5
123
Blockchain and DLT Application Scenarios
technologies, IoT, cloud computing, and blockchain technology, governments can
deliver innovative services and solutions to the citizens and local municipalities (Consensys, n.d.-b).
Opportunities for Improvement
Improvements to government transactions with blockchain include the following:
•
•
•
•
Transaction processing on a blockchain affords participants the transparency needed to understand the progression of the transaction.
Citizen data can be kept on the blockchain, and in a manner similar to that for
healthcare interactions, citizens can share only the necessary personal data.
Since governments are a common target for hackers. The personal data, together
with the transactional data, give a level of security and privacy not currently available in the outdated systems.
Improvements in these areas lead to opportunities to lower transactional costs and
improve the efficiencies of transactional processing.
Potential Applications
The blockchain ledger also provides a platform for “responsive, open data.” According
to a 2013 report from McKinsey and Company, open data – freely accessible government-sourced data that is available over the internet to all citizens – can make the
world richer by $2.6 trillion. Startups can use this data to uncover fraudulent schemes,
farmers can use it to perform precision farm-cropping, and parents can investigate the
side effects of medicine for their sick children. Right now, this data is only released
once a year and is, largely, non-responsive to citizens input. The blockchain, as a public
ledger, can open this data to citizens whenever and wherever they want (Casey & Forde,
2016).
www.iubh.de
124
Unit 5
Citizen records
Blockchain offers a more secure, tamper-proof storage for records such as birth certificates, marriage certificates, divorce records, death certificates, visas, property titles, and
more. The record management benefits both the government and the citizen, as they
would both have ready access to the records when needed.
Smart Dubai is a paperless initiative. Dubai is in the process of digitizing the 1 billion
sheets of paper that are produced each year by digitizing all services, including visa
applications, bill payments, and license renewals. These previous records will now be
securely transacted using blockchain technology.
Voting process
Blockchain offers the ability to vote digitally. Votes made via blockchain could be
stored on the public ledger with verifiable audit trails. Companies have introduced voting systems that ensure that a vote is recorded once and only once, through the use of
a token, for a specific candidate by placing the token into the candidate’s wallet (Tatar,
2019). Voter apathy has seen the number of voters dwindle in recent years, even as it
has become more important to do so. By providing an irrefutable and easy way to vote
from one’s phone or PC, these numbers would likely rise. Even governments have a reason to change the status quo: a single vote currently costs between $7.00 and $25.00,
when all factors are considered. A blockchain product could cost just $0.50 per vote
(Liebkind, 2019b).
www.iubh.de
Unit 5
125
Blockchain and DLT Application Scenarios
Weapons tracking
Blockchain could provide a transparent and immutable registry that allows government
agencies to track gun and weapon ownership, as well as to track the provenance of
weapons as they are sold privately.
Education
Blockchain can be used to create a student database of information that can collectively simplify the enrollment process of students between primary and secondary
schools. Furthermore, the tracking and/or accommodations needed for underprivileged
or disabled students will be available from a secure environment.
5.6 Real Estate
Industry Summary
The real estate industry is a $217T global industry, including the development,
appraisal, marketing, selling, leasing, and management of commercial, industrial, residential, and agricultural properties. This industry can fluctuate depending on the
national and local economies, although it remains somewhat consistent due to the fact
that people always need homes and businesses always need office space (Vault, n.d.).
Residential real estate is the most common type of real estate activity, consisting of
housing for individuals, families, or groups of people. Commercial property refers to
land and buildings that are used by businesses, such as shopping malls, office buildings, etc. Industry real estate refers to land and buildings used by industrial businesses
for activities such as factories, warehouses, etc.
Real estate development involves the purchase of land, and the construction and renovation of buildings before the sale or lease of the finished project to the end users.
Sales and marketing firms work with developers to sell the properties they create. A
real estate brokerage is a firm that facilitates the transactions between buyers and sellers/lease, representing each party and helping to achieve the best possible terms.
Property management firms help real estate owners rent out properties in their buildings. Often, their role includes rent collection, repairs, and managing tenants. Lenders
support the process, providing debt to finance real estate development and real estate
purchases.
Opportunities for Improvement
The real estate industry is behind when it comes to adopting new technology and still
has a considerable amount of paper-based activity. Blockchain has the potential to
reduce paper transactions, track ownership, improve efficiencies, and reduce costs
across the many real estate activities conducted.
www.iubh.de
126
Unit 5
Some of the challenges with real estate activities that can be addressed by blockchain
are as follows:
•
•
•
Fraud: Rentals experience a high degree of fraud. Potential tenants share selective
information with landlords, who may not have chosen to rent had they known the
full background of the tenant. Meanwhile, landlords share selective information with
prospective tenants, who may not have chosen to rent the property had they known
its whole history.
Time intensive: Inspections, contingencies, loan approval, and all the necessary
paperwork is time intensive for the buyer, seller, their respect agents, and multiple
third parties.
Financing lag: Securing loans, especially for those with limited or bad credit history,
can be a time-consuming, paper-intensive process. Often, buyers need to approach
multiple lending institutes. In all cases, the lenders need to be provided with the
financial history and activities of the buyer.
In all of these scenarios, blockchain offers the following:
•
•
•
•
Smart contracts: Smart contracts can automate the processes from the purchase
agreement, inspection and other contingent approvals, financing, through to the settlement and payment of involved parties.
Secure data
Shorter processing time: Fewer intermediaries, faster settlement times
Global access: Ability to make real estate transactions borderless, building the
paperwork specific to the locale into the smart contract logic.
Potential Applications
Titles
A tangible or intangible property, such as houses or property titles, can have smart
technology embedded in them. Such registration can be stored on the ledger along
with contractual details of others who are allowed ownership of this property. Smart
keys could be used to facilitate access to the permitted party. The ledger stores and
allows the exchange of these smart keys once the contract is verified. The decentralized
ledger also becomes a system for recording and managing property rights as well as
enabling the smart contracts to be duplicated if records or the smart key is lost. Making
property smart decreases your risks of running into fraud, mediation fees, and questionable business situations. At the same time, it increases trust and efficiency (Rosic,
n.d.-a).
Blockchain would replace paper deeds with true digital assets and track these documents on an immutable ledger.
The blockchain results in a digital property history database that is current and transparent. This helps to track the history of repairs and issues that can improve resale
value and make buyers aware of any history of problems with the property.
www.iubh.de
Unit 5
127
Blockchain and DLT Application Scenarios
SMARTRealty uses smart real estate contracts to enact and maintain property purchase
and rental agreements. Whether it’s paying rent, establishing mortgages or purchasing
a home, the company’s smart contracts help to establish protocols that, if not met,
immediately dissolve a contract (Daley, 2019).
Real Estate Investment Trusts (REIT)
REITs are companies that own or finance income-producing real estate. Many REITs
trade on major stock exchanges, offering benefits to investors. Smart contracts could
execute upon event, from shareholder communication to dividend distribution, according to predetermined conditions. REITs can crowdfund using digital Initial Public Offering (IPO)s. Investors can receive funds in a timely manner without waiting for the REIT
to make good on paper contracts.
Tenant identity
Blockchain-based digital identity is also valuable in the real estate sector. Landlords
need to conduct background checks on their tenants, and tenants want to know the
reputation of the landlord. Identities on blockchain allow know your customer (KYC)
procedures for background checks, increasing thoroughness, reducing paperwork and
costs, and increasing security.
Payments and leasing
Leases can be signed and paid on-chain, while allowing dividends and payments to be
automatically distributed to the investors or property owners. ManageGo is leveraging
blockchain for rental property owners. The ledger-backed software helps property managers and owners process payments, thoroughly complete credit background checks,
and manage maintenance ticketing. DLT is helping owners get a more transparent, thorough view of payment history and renter backgrounds (Daley, 2019).
Escrow
Smart contracts can serve as escrow, creating a repository for funds which will be
released when triggered by confirmation of an event to release the escrow. For example, security deposits can be held for the duration of the lease and returned at the end
when the parties confirm that the property is as expected.
Reasi is an end-to-end real estate transaction platform featuring secure and seamless
escrow. Instead of relying on third parties, real estate agents can use Reasi’s blockchain-based escrow platform to expedite the real estate buying and selling processes
(Daley, 2019).
Managing commissions
Smart contracts can assist in the distribution of funds for commission purposes. Often
there are four parties involved in commissioning, the real estate broker who lists the
property, the listing broker’s office, the real estate broker who sells the property, and
the selling broker’s office. Automated commission splitting at conclusion of the real
estate transaction allows for the prompt payment of funds.
www.iubh.de
128
Unit 5
5.7 Sports and Entertainment
Sports
The sports industry offers a number of opportunities in which blockchain could add
value.
•
•
Fan identity: Extended personal identity to a fan profile gives sports organizations
more KYC data about their fans to drive engagement and revenue.
Memorabilia authentication: In the same manner as real estate and supply chain,
blockchain can be used to track and expose the provenance and authenticity of
sports memorabilia.
Gaming and eSports
Blockchain-based games can be created so that tokenized digital assets can be traded
within the game or winnings can be traded eternally on the public market.
Tokenization also allows the public to buy shares in teams represented by tokens,
opening ownership slices to the fanbase while raising funds separate to the traditional
corporate sponsors.
Music
Key problems in the music industry include ownership rights, royalty distribution, and
transparency. The digital music industry focuses on monetizing productions, while ownership rights are often overlooked. The blockchain and smart contracts technology can
circuit this problem by creating a comprehensive and accurate decentralized database
of music rights. At the same time, the ledger can provide transparent transmission of
artist royalties and real time distributions to all involved with the labels. Players would
be paid with digital currency according to the specified terms of the contract (Rosic,
n.d.-a).
In a world with growing internet access, copyright and ownership laws on music and
other content has grown hazy. With blockchain, those copyright laws would be considerably stronger for digital content downloads, ensuring the artist or creator of the content being purchased gets their fair share. The blockchain would also provide real-time
and transparent royalty distribution data to musicians and content creators (Rosic, n.d.a).
Blockchain offers the opportunity to do the following:
www.iubh.de
Unit 5
129
Blockchain and DLT Application Scenarios
•
•
•
•
Redistribute power: Smart contracts can automate payment distribution and royalty
directly to artists, with tokenized music platforms that run on a blockchain and with
blockchain-based copyright procedures.
Revenue: Funds can be held in a smart contract on the blockchain and automatically released to the artist based on a particular event. Blockchain is also a means
for artists to revenue share. The smart contract can release funds in real time based
on the parameters of the agreement built into the smart contract.
Digital rights management: The blockchain can authenticate and validate copyrights,
bringing a new level of transparency to what usually is centrally controlled information. Distributed ledger technology software can verify creation with timestamps,
publicly allowing musicians to immutably brand tracks as their intellectual property.
Piracy prevention: As an extension of digital rights management, tracks or albums
can be represented with a virtual watermark to indicate copyrighted media. Illegal
distribution or use can be dealt with quickly.
5.8 Vehicles
Volkswagen has become one of the leaders in the implementation of blockchain solutions in the industry of vehicle manufacturer, maintenance, and operation. Supply
chain discussions cover the provenance of parts and of the vehicle itself. Financial
services discussions cover the loan cycle in order to afford the vehicle and the government discussions cover the myriad of registration, licensing, and taxing of the vehicle.
However, there are many more opportunities.
Mileage Clocking
Volkswagen AG is currently testing three concrete potential applications for distributed
ledger technology. A mileage clocking system is the first application being created. The
system makes it hard to manipulate odometers, because every odometer reading can
be saved permanently using a sophisticated system. Thus, the used car market
becomes more transparent and secure for Volkswagen cars, which helps Volkswagen
vehicles better retain their value. Customers can save their odometer readings in a distributed ledger system at regular intervals. The data cannot be changed retroactively
without somebody noticing that they have been manipulated (Volkswagen, n.d.).
Virtual Key
In a second area of application, Porsche is developing a blockchain model that is better than conventional systems at protecting cars from hackers. It enables Porsche owners to give other individuals, such as parcel delivery personnel, a virtual key to open or
even use their car (Volkswagen, n.d.). The car-key may be outfitted with an immobilizer,
where the car can only be activated once the right protocol is tapped on the key. A
smartphone will also only function once the right PIN code is typed in. Both use cryptography to protect your ownership.
www.iubh.de
130
Unit 5
Vehicle Communication Management Sharing
The use of blockchain technology is the latest innovation in the movement to vehicleto-vehicle (V2V) communications. The Federal Communications Commission set aside
the 5.9GHz band for Dedicated Short Range Communications (DSRC) systems nearly two
decades ago. The National Highway Traffic Safety Administration first issued a notice for
rulemaking in 2014, and if rulemaking goes forward, all carmakers could be required to
install DSRC systems as soon as 2020. Considering the ability for V2V communications
to save lives, automakers are jumping ahead of potential mandates by voluntarily adding DSRC to their vehicles (Linnewiel, 2018).
When fully implemented, a car would almost instantly know when another driver slammed their brakes, even if the other car was around a corner or two vehicles ahead.
Vehicles could navigate and ensure safety based on the location, direction, speed,
brake status, and other information available from other cars, as well as data from the
infrastructure, such as traffic lights and toll booths. Blockchain technology would add
trust to a so-called vehicle-to-vehicle network (Linnewiel, 2018).
Electric Vehicle Charging Management
An application of blockchain based P2P smart contracts is P2P electric vehicle (EV)
charging. A key challenge to the widespread adoption of electric vehicles (EVs) is range
anxiety. Significant EV prospects have this fear of running out of battery power on long
distance commutes where there is no electric car charger available. Long distance trips
have to be planned carefully to ensure the availability of charging stations, and charging time needs to be built in the commute. Lack of easy availability of charging infrastructure compared to fossil fuel is often a key deciding factor for vehicle buyers. More
and more efforts are being made to install charging infrastructure. The installed base
of various types of chargers is increasing globally in high EV concentration countries
(Linnewiel, 2018).
Volkswagen Financial Services is conducting a pilot study in Great Britain to test a
blockchain model that streamlines business contact between providers and customers
of electric charging stations. “Different providers have different terms and methods of
payment, which can often make it complicated for customers to charge their electric
vehicles. We want to make this easier and improve the customer experience with a new
technology,” says Tobias Lipfert from Volkswagen Financial Services AG (Volkswagen,
n.d.).
An alternative solution is emerging to tackle this lack of charging infrastructure. Blockchain based applications are enabling individuals to share their private EV chargers
with others. Using P2P EV charging platforms, private owners can make their chargers
available to the public during the times that they are not being used. In return they can
earn some cash on the side from their idle charger by increasing its utilization. Drivers
of EVs can, at any location, look for available chargers in the vicinity and charge their
cars before they run out of battery power (Linnewiel, 2018).
www.iubh.de
Unit 5
131
Blockchain and DLT Application Scenarios
Automotive Maintenance Records/Recalls
In the automotive industry, millions of vehicles, OEM, and aftermarket parts are being
digitized to ensure smooth maintenance and services, assessment of fair market value,
insurance coverage, transfer of vehicles when bought and sold, and to prevent fraud.
Each vehicle has a unique fingerprint to prove its provenance and that of its components when they wear out and fail. The unique identifiers track the source where the
vehicle was built, ensures year-make-model, trouble codes, maintenance requirements,
and service history are instantly available to dealers and service centers so that they
can have the right products available when vehicles arrive at their nearest location for
an oil change, repair, or maintenance work — all this is made possible by SHIFTMobility
automotive blockchain technology (Elliott, 2018).
Designed specifically for the automotive supply chain, this innovative technology is
used to store and record digital documents and transactions such as sales deed, title,
insurance, proof of ownership statement and receipts. Each block of data is cryptographically linked to another on the blockchain to make it tamper proof, and is further
enhanced by algorithms and digital signatures for transport over peer nodes on the
main network. Blocks are automatically delivered to consumer accounts as new data is
added, providing a complete audit trail of transactions as they take place. Consumers
can also add receipts to the blockchain using their smart phones. When the vehicle is
transferred, it is easy to swap the complete history to the new owner (Elliott, 2018).
Summary
The benefits of blockchain have been discussed in detail, together with the limitations caused by the newness of the technology. Sound assessment of potential
blockchain-based applications could lead to solutions that reduce costs, significantly improve processing time, increase transparency, and produce a decentralized
model that ensures immutability of transactional data.
Finance, insurance, healthcare, governments, and real estate are all industries that
have implemented either full or pilot solutions. They are starting with a limited
number of use cases and will seek to expand as each one is proved successful.
Vehicles, sports, and entertainment, as well as the use of personal/household sensors and devices, are personal/consumer-oriented blockchain solutions implemented by their respective industries.
www.iubh.de
132
Unit 5
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 6
Development of Blockchain and DLT
Applications
STUDY GOALS
On completion of this unit, you will have learned …
… how to assess whether blockchain is the best technology for the proposed application.
… which factors should be considered when selecting a blockchain platform for the
solution.
… about specific leading platforms and how they measure up to the factors to be
considered.
… about considerations for specific components of the solution design.
DL-E-DLMCSEBCQC01-U06
134
Unit 6
6. Development of Blockchain and DLT Applications
Introduction
Enterprise creating technology solutions for business needs should add blockchain as
a potential technology platform. Before any technology platform is considered, the
business requirements need to be identified and assessed. This unit will present the
factors that should be considered before determining a technology platform. That technology platform may be blockchain. If so, a number of specifics need to be assessed
before selecting the best blockchain platform on which to develop and implement the
solution. That assessment requires a joint understanding of the business requirements
as well as the technical requirements and constraints.
Once the foundation on which the solution will be developed and implemented has
been established, the solution architecture for the project needs to be designed. It will
include detailed decisions on the blockchain nodes, data storage, APIs, user interface,
and smart contracts.
Although some of these steps are conceptually similar to those of centralized applications, there is a deep understanding of blockchain concepts that is necessary to ensure
success and acceptance of blockchain-based solutions.
6.1 Architecture of Blockchain and DLT Applications
Distributed Systems
A distributed system is a group of computers working together to appear as a single
computer to an end-user. The group of computers have a shared state, operate concurrently, and can fail independently without affecting the whole system. A distributed system allows for horizontal scaling (adding more computers) and scaling vertically
(upgrading individual computers). Distributed systems might include distribution for
one or more domains.
•
•
•
Distributed computing: Splitting a task over multiple machines.
Distributed databases and file systems: Storing and accessing data across multiple
machines.
Distributed applications: Application running on a peer-to-peer network.
Architects of new applications must give careful consideration to the best architecture
for the database, application, and infrastructure to support the application.
www.iubh.de
Unit 6
135
Development of Blockchain and DLT Applications
Distributed Ledger Technologies
Distributed ledger technology (DLT) is a distributed system, and it includes more than
just blockchain. The directed acyclic graph (DAG) is another form of a DLT.
Directed acyclic graph
Directed acyclic graph (DAG) is an alternative to blockchain technology. In a DAG system, there are no miners and no blocks. Participants confirm each other’s transactions
via a process that confirms previous transactions with each new transaction. In DAG
technology, each new transaction confirms at least one previous transaction (Khaleelkazi, 2017).
DAGs are well-suited to high transaction volumes. The higher the volume of transactions, the faster a DAG validates them. DAGs eliminate the need for miners and mining
equipment, meaning lower energy consumption (Thake, 2018). Because DAG does not
create blocks, there is no limiting block size issue.
However, a reduction in the volume of transactions may cause a vulnerability to
attacks. To mitigate this risk, DAG projects have included centralized component systems such as central coordinators and pre-selected validator or witness nodes (Thake,
2018).
Since DAG moves data quicker and at less cost, applications that require scalability
might be better suited to DAG technology. For example, P2P energy trading requires a
large amount of low-value micro transactions, which would not be economically feasible on blockchain because of the transaction costs. Concluding the sale of a house
where speed and transaction fees are less important while security is more important
lends itself to being conducted on blockchain (Hofer, 2019).
Whether DAG or blockchain, the technology choice depends on the use case. Both systems will co-exist, but the technology decision needs to be determined based on what
is best for the application.
Initial Assessment of Blockchain as the Appropriate Architecture
As with the development of a solution for a business problem, the first step is to
understand the business requirements from the involved business participants. Typically, a business requirements document is established which ensures that the business stakeholders are in agreement about the needs of the business and to provide a
baseline for communications throughout the project.
The technology participant, typically an architect, will consider the potential technology
platforms and architectural patterns to create a solution for the project. The primary
considerations will be described below the following diagram.
www.iubh.de
136
Unit 6
If data is central to an organization (OrgA), and there is not a need to share the data
with other organizations (OrgB), then the application is probably not a good candidate
for blockchain. For example, a human resource application that captures employee
data is an internal application that is better developed on a centralized internal system. In comparison, OrgA’s business needs to understand the sourcing of materials for
their final product, which lends itself to a potential blockchain solution.
If the other organizational participants (OrgB, OrgC, etc.) have complete trust in the IT
applications and data of OrgA, then a more traditional approach of a centralized internal system with an integration platform that broadcasts data transactions or APIs to
access needed data, are much more suitable solutions. For example, if OrgA uses a
SaaS solution, an API might be used to regularly read new prospect data and use it to
populate a local database for reporting. In this case, OrgA owns the data in the SaaS
solution, and the SaaS vendor provides the API to OrgA as they have a trusted relationship. In comparison, OrgB, OrgC, etc., do not have an established technology trust relationship with OrgA, as the suppliers for component materials may change on a regular
basis.
www.iubh.de
Unit 6
137
Development of Blockchain and DLT Applications
If a transactional audit trail from the conception of the application does not need to be
retained and made available to both companies, or if data needs to be immutable,
then a shared database should be considered. If a shared database is acceptable, then
blockchain is not the best solution. If a shared database is not acceptable, then blockchain is the better solution.
If all of these criteria have been satisfied, clearly a shared and visible transactional history is needed. If a centralized ledger is acceptable, then explore solutions other than
blockchain. If a centralized ledger is not acceptable, then blockchain is the better solution.
Detailed Assessment of Blockchain as the Appropriate Architecture
Data integrity
In the identification of requirements for a technical solution, the following factors
should be considered.
www.iubh.de
138
Unit 6
•
•
•
Data integrity must be more important than system performance. At this time, in a
solution that has a high transaction count, a blockchain-based solution will not
have a throughput performance that matches that of a standard database management system (DBMS).
The mechanisms of blockchain make it computationally hard, but not impossible, to
alter the data in the blockchain retroactively. If an application, such as one that has
legal restrictions, requires a guarantee of data integrity, it may require a centralized
level of control and may not allow for the use of blockchain as a solution.
In the same manner that it is almost impossible to alter data in the blockchain retroactively, if the application is one that will require modifications to previouslyrecorded transactions, blockchain may not be acceptable (Naab et al., 2019).
Scalability
•
•
If the application is one that is intended to scale up or down to allow for a change
in the number of participants, blockchain technology allows for an increase or
decrease in peer nodes without the investment typically required by an application
in a centralized infrastructure environment.
As previously stated, the expected transaction count and the required processing
level have to be considered for scalability purposes (Naab et al., 2019).
Data transparency
•
•
As defined, blockchain-based solutions are defined by the visibility of all data to all
participants written to the ledger by pseudonymous participants. When designing a
solution the visibility of data and the awareness of participants need to be implemented explicitly in the solution.
Legal requirements, such as those in the European General Data Protection Regulation (GDPR, in German called DSGVO), which entitles users to demand deletion of
their personal data, must be considered. As defined, blockchain data persists. When
designing a blockchain-based solution, this needs to be considered in the design of
the solution (Naab et al., 2019).
Reliability and availability
•
•
•
www.iubh.de
The definition of requirements will indicate the necessary level of system availability. As defined, blockchain is replicated among the peer machines, resulting in a
high level of availability. If a server or two in the network are unavailable, this will
not affect transaction processing. The reliability and availability that come with
blockchain provide a significant advantage over applications that need to be
deployed in a centralized environment that is assured of a high availability.
In the case of a public blockchain, the future needs to be considered. What happens
when a cryptocurrency (such as bitcoin) is replaced? Will applications built on that
blockchain become unavailable? Will data be lost?
Also in the case of a public blockchain, the beginning also needs to be considered.
How does a critical mass of users get built to support the application to ensure sufficient participants and nodes, to ensure trust and reliability in the application
(Naab et al., 2019)?
Unit 6
139
Development of Blockchain and DLT Applications
6.2 Platform Considerations
Based on the previous section, the prerequisites that have been satisfied include the
identification of the business need and requirements, an understanding of the solution
scope, and a determination that blockchain is the best technology for the solution to
be designed (Jenks, n.d.). Many other factors need to be considered and questions
remain to be answered. The following section discusses the factors that must be considered when selecting an appropriate platform.
Participants
Nodes
The size of a blockchain network is typically referred to by the quantity of nodes in the
network. A node could be a computing device, including large devices such as servers
in a computer center to small devices such as a cell phone. The compatibility and value
of the network is dependent upon the chosen blockchain platform. For example, the
Bitcoin consensus algorithm is so computationally intensive that small computing devices would not be of value to the network.
Calculating the number of nodes required to support the application’s user base is difficult. Each leading platform offers benchmarks of the volume and speed at which
transactions can be processed (transactions per second [tps]). However, the speed of a
quantity of transactions as compared to the number of nodes rarely includes an understanding of how the nodes are being used and the latency introduced by the location
of the nodes (Kashyap, 2019).
Clients
While nodes are the computers where the majority of the processing occurs, the clients
are the users, whether human or automated, that generate transactions for processing.
The number of clients that a node can service is a complex calculation that includes
the consensus algorithm, complexity of transactional processing, location of nodes,
location of clients, speed of the internet, and more (Kashyap, 2019).
Public, Private, Permissioned
In addition to understanding the number of participants, it is necessary to understand
the roles of the participants. Are participants business partners, regulators, competitors, etc.?
Based on the roles of the participants, the network may be designed as public or private, permissioned or non-permissioned.
www.iubh.de
140
Unit 6
Public blockchain
Some blockchain networks are open to the public while others have limited access,
known as private blockchains.
Public blockchains are completely open. Anyone can participate in the network and
there is usually an incentive mechanism to encourage more people to join. Public
chains are decentralized, so no one has control over the network, anyone can read the
chain and write new blocks onto it. Bitcoin is the most well-known example of a public
blockchain. Highly regulated industries like healthcare or finance should be concerned
with the privacy and compliance implications of a public blockchain as data confidentiality is not 100 percent guaranteed (Kashyap, 2019). Issues with a public network are
www.iubh.de
Unit 6
141
Development of Blockchain and DLT Applications
that there is a lack of complete privacy and anonymity, resulting in weaker security of
the network and the participant’s identity. Public blockchains are more susceptible to
malicious activities such as hacking and token stealing (Seth, S., 2018).
Private blockchain
Private blockchain networks are by invitation-only. New nodes must be approved by
those who started the network. Read, write, and audit permissions need to be granted,
as desired, to the clients (or participants) in the network. In a private blockchain, the
owner or operator of the blockchain controls can participate in the network, execute
the consensus protocol that decides the mining rights and rewards, and maintain the
shared ledger. The owner or operator also has the rights to override, edit, or delete
entries on the blockchain as required (Seth, S., 2018).
Private blockchains satisfy requirements for highly regulated industries that need to
comply with policies and regulations such as the Health Insurance Portability and
Accountability Act (HIPAA), know your customer (KYC), and anti-money laundering (AML)
laws.
Permissioned blockchain
A permissioned blockchain, also known as consortium or federated blockchain, is a
type of private blockchain that is a hybrid between public and private blockchains. A
permissioned blockchain allows a combination of the capabilities of public and private
blockchains. Options allow for participants to join the permissioned network after suitable verification of their identity, as well as allocation of select and designated permissions to perform certain activities on the network (Seth, S., 2018). For example, in a supply chain use case, only certain companies would participate. Each participant in the
supply chain would have permission to execute transactions. How that data is shared
among the participants is specified in the rules (or permissions) as to how the blockchain functions and who can see what data (Kayshap, 2019).
Consensus
Blockchains must reconcile transactions to maintain a single version of truth. At the
time of writing this document, Ethereum uses a proof of work (PoW) algorithm (soon to
switch to a hybrid proof of work/proof of stake algorithm called Casper). PoW ensures a
high level of immutability and transparency. With the variety of consensus mechanisms
available today, some algorithms may have more fine-grained approaches that offer
better performance and privacy (ACT IAC, n.d.).
Consensus algorithms
Consensus algorithms describe the rules and reward mechanisms that incentivize people to use a blockchain network. The implication is that distributed systems must be
designed to provide enough benefit to their users, while maintaining a relatively fair
and untampered track record, until it’s worth the risk to the user.
www.iubh.de
142
Unit 6
Consensus algorithms minimize risk to the blockchain network. With proof of work
(PoW), the mathematically intense demands minimize risks as a result of the computational resources required, while proof of state (PoS) requires miners to risk money,
therefore reducing the likelihood that they would tamper with the system (Oza, 2018).
Security Considerations
Data protection
Sometimes, users will want to show that they have the correct private information
without sharing the actual data.
To prove that data exists without revealing it, you can use a cryptographic hash to create a unique tag for that data. Cryptographic hashes are one-way streets; you can easily
use the data to recreate a hash, but you cannot use a hash to recreate the data. Anyone else with that data can use the same algorithm to generate the same hash, and
comparing hashes can tell you that you share the same information.
Placing hash tags on the blockchain reliably and cost-effectively tells the world that
you have a specific set of data without revealing what the data is.
Anonymity
Another aspect of privacy is the concept of anonymity. For a truly anonymous system,
there should be no way of knowing which users performed what actions. Most blockchains are pseudonymous, meaning that a user cannot be directly matched to a realworld identity from within the knowledge in the network; however, transactions can be
correlated, and a connection made using external services. For example, Bitcoin users
can have multiple public addresses, but purchasing Bitcoin requires you to sign up for
an exchange, which then has your full name and at least one wallet address. From
there, the exchange can easily track where the purchased Bitcoin goes as it moves
through accounts (Kashyap, 2019).
If true anonymity is required, there are some blockchains that use more complex cryptography to further hide data sources. These include ZCash and Monero.
Scalability and Growth
Technical factors that impact scalability concerns include the following:
•
•
•
www.iubh.de
Geographical distance of nodes and clients.
Complexity of queries: More complex queries increase computational overhead,
latency, and costs.
Privacy requirements: Encryption increases computational overhead and slows
down the processing as a trade for additional privacy (Kashyap, 2019).
Unit 6
143
Development of Blockchain and DLT Applications
•
•
Transaction volume: As previously discussed, it is important to understand the volume of current transactions as well as the expected growth in volume in each
period of time.
Performance of the blockchain with respect to speed and latency: Also previously
discussed, what are the requirements for throughput on the blockchain? It is necessary to determine the requirements for processing of transactions as well as the
latency in retrieving information from the blockchain.
Currency
Many private blockchains rarely require tokens or cryptocurrencies. If your business
requirement includes the use of tokens or cryptocurrencies, the necessity of this needs
to be evaluated. Many current use cases are focused on non-currency digital assets
such as contracts or land deeds, the support for one or more cryptocurrencies may be
a future consideration. For example, Ethereum has Ether built-in. Ethereum and Hyperledger provide the ability to create other cryptocurrencies, and Corda provides little
support for currency functionality overall (ACT IAC, n.d.).
Smart Contract Support
Some blockchain platforms offer the ability to create smart contracts. If the requirements include autonomous operations, such as an automatic payment upon validation
of an insurance claim, then the ability to develop smart contracts is necessary. If the
application is serving as a ledger, such as capturing a simple data transaction, then the
need for a blockchain application that offered smart contracts support would not be
required at this time.
Platform Specifics
Platform license and governance
Open source platforms, such as Ethereum and Hyperledger Fabric, are governed by
their developer communities via nonprofit foundations, whereas Corda is managed by a
corporate consortium called R3. The governance model could affect the support resources that are made available to developers (ACT IAC, n.d.).
The Linux Foundation’s Hyperledger Project openly governs an openly sourced code
base, allowing any organization or contributor to submit suggestions, updates and policies. Hyperledger openly validates the inputs through the Technical Steering Committee
to ensure innovations are supported which harden blockchain for business.
Platform support
Frameworks require support. There may be a community that provides support. There
may be a large corporation that backs it, and third-party service organizations might be
the support mechanism.
www.iubh.de
144
Unit 6
Other considerations include the controlling body’s release of updates and patches,
and availability of a roadmap for future development.
Open source versus proprietary blockchain platforms
Different open source blockchain platforms are suitable options when implementing
different consensus protocol mechanism, blockchain network types, or specific use
cases. They are a good option when implementing blockchains with more censorship
resistant use cases. The use of open source blockchains would reduce the investment
cost in building blockchain services. However, organizations may need to manage the
security, scalability, and throughput considerations in their own custom ways. Interoperability and ease of integration are areas of consideration, as open source blockchain
platforms do not traditionally do well in these areas. Blockchain as a service (BaaS) is
an emerging model that combines the benefits of an open source platform with the
benefits of proprietary solutions (ACT IAC, n.d.). Other protocols such as Ethereum and
Corda are managed by a very small group of developers, often from a single organization. This means they centrally control the roadmap of their technologies, ultimately at
the expense of innovation in the long run (Harrison, 2018).
Transaction costs
Applications deployed on a public blockchain such as Ethereum incur transaction costs
that are based on the computational resources consumed in the processing of transactions. Applications deployed on a private blockchain do not have this requirement, but
they do have the expense of providing a supporting infrastructure, whether onsite or
provided as a cloud deployment (ACT IAC, n.d.).
Community
Enterprise blockchain users should leverage technologies that enable their developers
to work with tools and programming languages with which they are familiar. There are a
limited number of blockchain developers available on the market for most of these
new platform technologies, and this is further complicated by the fact that many of the
platforms have their own specific development languages.
There are not many developers available in the market on most of these technologies.
The problem is even more complicated with the fact that many of these frameworks
have custom programming languages, which makes it even harder to train your existing
developer pool (Jenks, 2019). For example, Hyperledger supports Java and offers a composer tool that allows organizations to develop smart contracts without writing much
code, while Ethereum uses its own Solidity language. Corda also expands on smart contract by supporting the incorporation of legal prose along with the code (ACT IAC, n.d.).
www.iubh.de
Unit 6
145
Development of Blockchain and DLT Applications
6.3 Platform Selection
Once the business requirements are understood and the technical requirements are
determined, blockchain platforms can be considered. Blockchain platforms can be
refined by those that have been designed to be used for public versus private versus
permissioned use, and/or they can be refined by those that have demonstrated
strengths for a specific industry.
Industry Specific
Although the blockchain platforms described in this section may be appropriate for
other use cases, they are considered to have strengths for specific industries and/or
have a large community following. This has resulted in them being a popular choice for
solutions built for that industry.
Finance
R3 Corda is a permissioned blockchain that allows users to have a choice of pluggable
consensus algorithms. It has programmatic capabilities for smart contracts. R3 is a consortium of the world’s leading financial institutions that together built the open source
blockchain Corda in 2015 for the financial sector. Corda does not have a cryptocurrency
or built-in tokens. Although built for the financial sector, Corda is being used in other
industries as well. More than 60 firms are using Corda including HSBC, Intel, Bank of
America, Merrill Lynch, and others (Takyar, 2019).
Ripple is a permissioned blockchain, that uses a probabilistic voting consensus algorithm. It does not have programmatic capabilities for smart contracts. Ripple’s strength
is connecting payment providers, digital asset exchanges, and banks and corporations
via their blockchain network, RippleNet. It allows global payments using the cryptocurrency XRP (or Ripple). Financial institutes including Santander, American Express, MoneyGram International, and SBI Holdings are testing various use cases on the Ripple
blockchain (Takyar, 2019).
Stellar is a both a public and private blockchain that uses the Stellar Consensus Protocol. It has programmatic capabilities for smart contracts. Like Ripple, Stellar can deal
with exchanges between cryptocurrencies and fiat-based currencies. Unlike the PoW
and PoS algorithms that are in the larger blockchain platforms used by the traditional
financial institutions, the Stellar Consensus Protocol reduces the barrier to entry for
new, smaller participants. SureRemit, Transfer To, NaoBTC, RippleFox, and ICICI Bank are
using the Stellar network to enable money transfers across borders (Takyar, 2019).
Healthcare
Hyperledger Fabric is being used by the Health Utility Network, a consortium led by
IBM, together with Aetna, Anthem, PNC Bank, and Health Care Service Corporation for
development efforts in an effort to reduce administrative errors and streamline record
keeping (Roberts, 2019).
www.iubh.de
146
Unit 6
Quorum, a fork of Ethereum, is being used by the Synaptic Alliance, which includes
Aetna, Humana, United Healthcare, and others, to create a provider data exchange – a
cooperatively owned, synchronized distributed ledger to collect and share changes to
provider data (Hashed Health, 2019).
Ethereum will be used by the consortium, Mediledger, which includes life sciences
companies such as Pfizer, McKesson, and more, to track an immutable record of
pharma supply chain transactional data and ease the certification process of raw materials and drugs (Hashed Health, 2019). MedRec and Patientory will also create applications on the Ethereum platform for patient-managed health information exchange
applications. Nebula Genomics proposes to share and analyze genomic data on an
Ethereum-based blockchain platform. It was also proposed that Ethereum was to be
adopted in clinical applications such as clinical data sharing and automated remote
patient monitoring (Kuo et al., 2019).
The use of Hyperledger has been proposed for a number of healthcare-related applications including an oncology clinical data sharing framework for patient care, the design
of a framework to enforce Institutional Review Board regulations, and for medical data
storage or access applications. With the interest in Hyperledger, a working group was
formed by Hyperledger to cultivate technical or business collaborations for healthcare
blockchain applications (Kuo et al., 2019).
These are examples of early work in this area and to show the feasibility of adopting
popular, open-source blockchain platforms for health or medicine. There are also some
health-related blockchain applications that do not explicitly reveal their underlying
platforms while others may be building an in-house blockchain (Kuo et al., 2019).
Specific Platforms
The platforms described below are cross-industry but will be discussed with respect to
the selection criteria.
Ethereum
•
•
•
•
•
•
www.iubh.de
Ethereum is open-source.
Ethereum is a public blockchain.
Smart contracts can be developed. Ethereum includes a programming language, Solidity (a subset of Javascript), for developers to create applications. Solidity lends
itself to the creation of consumer-based blockchain applications.
Ether is the built in cryptocurrency for applications that need it.
Ethereum is governed by a Decentralized Autonomous Organization (DAO), an organization whose decisions are made electronically based on a vote by its members.
The Ethereum Enterprise Alliance has a group of corporate backers that includes BP,
Cisco, Accenture, Intel, and Toyota.
Consensus mechanism is proof of work.
Unit 6
147
Development of Blockchain and DLT Applications
Hyperledger Fabric
•
•
•
•
•
•
Hyperledger Fabric is open-source.
Hyperledger Fabric is a permissioned network.
Hyperledger Fabric was built as a modular, pluggable architecture where components can be added as needed.
Smart contracts (referred to as chaincode) can be developed using Golang or Java.
Hyperledger does not have a built in cryptocurrency but currency can be built using
chaincode.
Hyperledger is a set of projects, of which Fabric is one, that is hosted by the Linux
Foundation. Fabric was contributed by IBM and Digital Asset.
Quorum
•
•
•
•
•
•
•
Quorum is an Ethereum-based, enterprise-focused, smart contract platform.
Quorum is a permissioned network.
Quorum supports both public and private blockchains.
Quorum uses Solidity for smart contract development.
It is ideal for applications that demand high speed and fast processing of private
transactions as a result of its simple consensus mechanism.
As a result of being backed by JP Morgan, it was originally built for the financial
service industry.
Private channels or data partitions on the blockchain allow enterprises to protect
the data which is highly sensitive due to the implication of various laws or regulations by allowing access to the parties concerned (Swish Team, 2019).
Corda
•
•
•
•
•
Corda has a private blockchain.
Smart contracts can be developed with Kotlin or Java.
Corda has no native cryptocurrency.
Originally focused on financial applications but has expanded to applications in
other industries.
Corda is owned by R3.
Ripple
•
•
•
•
•
•
Ripple is a semi-permissioned blockchain.
Originally founded as a global payment settlement mechanism providing services to
currency exchanges, banks, and digital asset exchanges.
Smart contracts can be written in C++.
Ripple’s cryptocurrency is XRP.
Low transaction fees and fast processing of transactions.
Governance is by Ripple Labs.
www.iubh.de
148
Unit 6
6.4 Design of Blockchain and DLT Applications
Creating a decentralized blockchain application needs to follow the same design process as any other software product. Business requirements, functional specification,
architecture designs, and UX/UI designs are required for development.
An appropriate blockchain platform and consensus mechanism must be selected to
enable the solution to be implemented.
Blockchain Nodes
As discussed earlier, blockchain solutions can be permissioned or permissionless, and
private or public. Another factor to consider is whether the nodes will run on premise,
in the cloud, or both. Once determined, the hardware configuration and operating system needs to be decided upon.
Data Storage
As previously discussed, data is created in transaction format, and transactions are
packaged together and stored on the blockchain. In some cases, placing all of the data
into the transaction might be impractical. For example, doing so would make the transaction too large and the amount of data would be stored by every full node in the network. In addition, a business requirement to retrieve the data for reporting may be a
requirement.
One solution is the storage of the hash of the data on the blockchain. The hash is very
small so the transaction size and cost is low. To store the data, a relational database or
a file system can be used. The hash would be added to the raw data, while the transaction id would be added to the relational database. The blockchain benefits of decentralization and transparency are reduced with this alternative.
An alternative is to store the hash of the data and parts of the data on the blockchain.
Depending on the parts of the data placed on the blockchain, it becomes publicly
accessible, and some transparency and decentralization is returned.
Off-chain data can be stored in a traditional database such as MySQL or MongoDB, a
distributed database like MongoDB with replica-sets enabled, or cloud-solutions like
Azure CosmosDB or a distributed file system.
A traditional database will have strong query capabilities; however, it is a single point
of failure with a central authority. A distributed database will also have strong query
capabilities and redundancy of data, but it is controlled by a central authority. A distributed file system allows redundancy of data and is decentralized, but has no easy
query capabilities (Marx, 2018).
www.iubh.de
Unit 6
149
Development of Blockchain and DLT Applications
APIs
Designing an application benefits from the use of APIs. APIs that have been created by
others can be used for this purpose. For example, if an application needs to understand the route of the London transport system, APIs exist to obtain that data.
Conversely, APIs can be created and made available to others to optimize their development efforts. Some of the common reasons that an API may be required are
•
•
•
•
•
performing auditing functions,
storing and retrieval of data,
generating pairs of keys and mapping them to the specific addresses,
performing data authentication with the help of hashes and digital signatures, and
the managing and triggering of smart contracts to run the business capabilities of
an application (Rathore, 2019).
Some blockchain platforms come with pre-made APIs, while others do not.
User Interface Design
Now that you have planned everything, start creating user interfaces for the blockchain
solution. “Blockchain” has become a buzzword that is not well-understood by the average person. There are three recommendations in which UX research and design principles can be applied to blockchain.
1. Remove the use of industry jargon. Make the solution understandable.
2. Establish digital trust. Help users feel secure and confident in their decisions to
engage with blockchain and their actions when they do engage.
3. Implement design thinking. Design thinking relies on logic, strategy, and systemic
reasoning in order to achieve the best possible design solution. It focuses on identifying the problem first before thinking of the solution (Silver, 2019).
The front end programming language will need to be selected. Many exist already, such
as Java, Javascript, Python, Ruby, Golang, Solidity, and many more.
Smart Contract Design
Smart contracts are components of the overall solution. A smart contract is an automated process that is executed when certain criteria have been met; therefore, it is selfexecuting and self-enforcing. Designing smart contracts requires somewhat typical lifecycle practices of software development, as well as considerations that are specific to
the use of blockchain and smart contracts.
www.iubh.de
150
Unit 6
Life cycle practices
•
•
•
•
•
•
The use case of smart contracts should be well defined. Business requirements
must be well identified. Developers need to discover third party libraries to be used
in the development cycle.
A basic architecture design of a smart contract will depict the business logic. The
architectural design guides the developers during development.
In the development phase, developers can use code editors or IDE to develop the
smart contract.
Following development, manual testing should be conducted to verify that the
smart contract’s behavior is as intended.
Unit testing should then be proceeded by the creation of test cases which reflect
the testing of the identified business requirements.
Smart contracts should be audited by a 3rd party before deployment. Although
smart contracts pass manual and unit testing, smart contracts may contain logical
errors, security issues, or other bugs that would be identified by an audit (Sharma,
A., 2019).
Interfaces and modules
Like with traditional coding, it is standard practice to separate code by concerns. The
modularity allows for better understanding of the code by others, testing, and maintenance. This is also true when designing smart contracts. Additionally, there are libraries
of routines or modules that have been made available by other developers. Use of
these libraries eliminates the need to write more standard code and to leverage code
that has been tested and used by others. This frees the developer to write the code
that is unique to the smart contract being developed (Shah, 2019).
Security
Security must be considered from the very beginning of the process of smart contract
software development. Since contracts are public and visible on the blockchain, everybody can potentially call every function. With a good amount of effort, anyone can figure out what the contract does and call it. Therefore, most contracts implement the
“owner pattern” that can be used to restrict the “administrator” change functions like
“setup,” “start,” “stop,” and “kill.” Additionally, in the case of an unexpected event such
as a severe bug or vulnerability in the code, it is a good idea to have an “administrator”
“halt” function that stops the smart contract from being executed while the situation is
being evaluated (Shah, 2019).
Designing single contracts
As a contract evolves and has more and more features added to it, it is easy to end up
with a contract that does way too much and becomes difficult to manage. Instead of
putting all functionality into a single contract, it is often advisable to divide it into several contracts that act together (Shah, 2019).
www.iubh.de
Unit 6
151
Development of Blockchain and DLT Applications
Future
As the blockchain proves its value, consider enhancing it with technologies such as
artificial intelligence, Internet of Things, data analytics, and much more.
Summary
Development of blockchain applications generally follows the development cycle of
traditional centralized solutions. Understanding the suitability of the technology is
always the first priority. Once it is determined that blockchain is the correct solution, a blockchain platform needs to be selected. This phase is where the key differences lie, in that blockchain concepts need to be fully understood, and a platform
that best fits the type of application to be developed is selected. The platform provides some of the development environment but, more importantly, defines the
ecosystem in which the solution will operate.
Once a platform has been selected, the solution design and implementation commences with domain-related decisions specific to the infrastructure (nodes), data
(storage on/off chain), the application (interfaces, APIs, user interface), and last, but
certainly not least, the security that surrounds all domain decisions.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 7
Blockchain and Society
STUDY GOALS
On completion of this unit, you will have learned …
… the concept of trusting technologies and the goal of blockchain as a trustless system.
… the original intentions and design of Bitcoin and blockchain technologies, and how
technologies have evolved around them and challenged the original intentions.
… the environmental impact of blockchain environments and options for improvement.
… the many ways in which cryptocurrencies have been used for nefarious activities
worldwide.
… the promise of Initial Coin Offerings as an investment vehicle and the potential risks.
DL-E-DLMCSEBCQC01-U07
154
Unit 7
7. Blockchain and Society
Introduction
In 2008, Satoshi Nakamoto introduced Bitcoin with all good intentions. His belief was in
Bitcoin as a trustless system where cryptocurrencies can be used in a decentralized
and immutable manner. Over a decade since Nakamoto’s famous paper, we have to
balance a desire to make free-market capitalism available with the need to keep control of a platform that has the potential to enable bad as well as good.
A decade has also brought about a fast moving technological environment which has
enabled the bad actors to conduct illegal activities on the darknet while using these
cryptocurrency platforms. Drugs, weapons, and more can be transacted out of the purview of regulatory bodies. While these illegal activities are done in the dark, it is in full
view that bad actors can also directly use the blockchain network to conduct fraudulent offerings to raise money.
Finally, from a societal position, the demand on the environment is immense and worthy of discussion, with positions held on both sides concerning whether it is as bad as
it seems.
7.1 (Mis-)Trust in Institutions
Understanding Trust
As a society, we state that we want to trust our friends, acquaintances, business associates, businesses, institutions, government, and more. What does trust mean? The
Oxford Dictionary defines trust as the “firm belief in the reliability, truth, ability, or
strength of someone or something.” However, Webster’s defines trust as “a confident
expectation” and The American Heritage Dictionary states that “trust implies depth and
assurance of feeling that is often based on inconclusive evidence” (as cited in Trust,
n.d.).
What is trust
As Werbach (2019) describes in his book, the simplistic definition of trust is cognitive
risk assessment. Is a person justified in relying on another person or organization? Do
we trust the pilot to fly the plane, do we trust that a credit card given to a restaurant
server will not be used to run up personal charges? While the cognitive dimension is
important, it is not the full entirety of the concept of trust. This is the line between
trust and verification. An airline requiring the credentials of a pilot before offering the
pilot employment is verification. Further, philosophers refer to the “affective dimension” of trust, the optimistic disposition of an expectation of goodwill. It is the aspect
of trust concerned with motives, not just actions. This dimension of trust becomes
important when the parties cannot precisely estimate costs and benefits. In short, trust
is confident vulnerability, a confident relationship to the unknown. People want to use
www.iubh.de
Unit 7
155
Blockchain and Society
systems they can trust (Werbach, 2019). This takes us back to Webster’s definition of
trust as “a confident expectation” and American Heritage’s that it is “based on inconclusive evidence” (as cited in Trust, n.d.).
Establishing trust
Trust is foundational for most new technologies, especially social media platforms.
Services such as Uber and Lyft are based on trust. There is a confident expectation that
the driver is a good person and a safe driver, while there is also a confident expectation that the customer is a good person and acts in an appropriate manner.
Uber has a rating system where both the driver and the passenger can rate each other.
The rating is made available so that the driver can see how other drivers have rated the
passenger, while the passenger can see how other passengers have rated the driver.
This rating system helps to establish trust between driver and passenger.
As an example of the desire for an understanding of trustworthiness, China has implemented a system that strives to automate the trustworthiness of its citizens to encourage trust among them. China recently introduced a social credit system that allows
people to review and assess one another on a daily basis. The system monitors and
assigns a value to all areas of an individual’s life. For example, it records who your
friends are and how well you get along with them, what you bought in a shop and how
good a customer you were, how much time you spend each day on social networks and
how regularly you pay your bills. For example, someone who plays computer games for
several hours a day will have a lower score than someone who has children and is paying for the expenses of the children, as the latter behavior is considered more mature
and reliable. Although a voluntary system now, the Chinese government intends to
standardize it in 2020 (Kuhar, 2019).
Certainty of trust
Trust is replaced by certainty. Complete trust in another is being in ignorance regarding
their actions, while eliminating trust means full certainty about what a person will do.
The more convinced we are that a person will act as expected, the less we need to trust
them. Conversely, the more unpredictable an action, the more trust we need to invest
in it (Kuhar, 2019).
A trustless system
A trustless system is one that is not dependent on the intentions or actions of its participants, good or bad. The system always acts in the same manner. The creator of the
cryptocurrency Bitcoin, stated that “the root problem with conventional currency is all
the trust that’s required to make it work” (Nakamoto, 2009, para. 2). As it is, central
banks must be trusted not to debase the currency, banks must be trusted to hold our
money and transfer it electronically, and we have to trust them with our privacy. Nakamoto went on to compare it to multi-user time-sharing computer systems of many
years ago that had to rely on password protection and the placement of trust in the
system administrator who could always override the elements of privacy. Over time,
strong encryption technologies became available and trust was no longer required.
Nakamoto believed that it was a certainty that “data could be secured in a way that was
physically impossible for others to access” (Nakamoto, 2009, para. 3). Based on this
www.iubh.de
156
Unit 7
foundation, Nakamoto proposed that we need the same confidence in money handling,
that e-currency based on cryptographic proof, without the need to trust a third party
middleman, will mean that money can be secure and transactions can be conducted in
an effortless manner (Nakamoto, 2009).
Bitcoin
Reason for Bitcoin
Just prior to Nakamoto’s introduction of Bitcoin, trust in government and banks was at
a low because of the financial crisis. Since the introduction of Bitcoin, trust is in transition from being a trust in banks or states to a trust in algorithms and encryption software. There is a move from conventional trust in the gold standard—“In Gold We Trust”
—to the trust announced on U.S. currency—“In God We Trust”—to trust in software and
networks—“In Digital We Trust” (Baldwin, 2018).
The “digital” currency is believed to have arisen as a solution to the problems of fiat
currencies. The main criticisms of existing financial systems are that
•
•
•
•
centralization makes them susceptible to attack,
millions of people are excluded from the global economy,
some (primarily international) monetary transactions are slow and expensive, and
the intermediaries increase the cost of individual transactions.
The final criticism connects all of the above, that the current system relies on trust that
individuals and institutions will operate as they should (Kuhar, 2019).
Bitcoin — Trustless?
Nakamoto (n.d.) begins the conclusion of his paper with the statement that “We have
proposed a system for electronic transactions without relying on trust.” This “electronic
payment system based on cryptographic proof, rather than trust” is implemented in the
form of bitcoin, with a blockchain foundation.
Saying that Bitcoin is “trustless” means that there is certainty and reliability in the system’s operation.
Thomas Hobbes put forth a concept referred to as the social contract, the condition in
which people give up some individual liberty in exchange for some common security.
With blockchain, people no longer need to engage in a social contract, giving up part of
their rights in exchange for security, and turning these rights over to a central party.
Transactions, including financial transactions, can now be based purely on the activity
of participating actors, which supposedly makes it more democratic, more transparent,
more predictable (certain), and above all, more trustworthy (Kuhar, 2019).
www.iubh.de
Unit 7
157
Blockchain and Society
These statements, however, didn’t make it so. Nor have Bitcoin and other blockchainbased platforms proven themselves in a manner to be considered trustless. If the trust
and willingness of market participants to exchange fiat currency for bitcoin erode
and/or end as a result of these breaches of trust, then the potential exists for the total
loss of value of bitcoin (Baldwin, 2018).
Decentralization
Bitcoin is decentralized, meaning that it does not need a third-party to verify or
approve the transactions that occur on its platform.
Decentralized movements have increased in the past decades. The internet as a mass
medium and worldwide technological advancements has built a more closely connected global community. Castells calls this structure of society a “network society.” This
societal structure is characterized by nodes which represent relations between people
and their environment. A network society is decentralized as it has no center origin.
Although some nodes are more relevant to the network than others, the network can
only perform as a whole (Trauth, 2018).
While decentralization has facilitated certain elements of electronic connection, it also
unearths a new problem: the computer virus. The decentralized multiple and weak
nodes are now made vulnerable to viruses, worms, hacking, cyberterrorism, anomalies,
accidents, assemblages, contagions, and more. The solution of decentralization creates
its own new problems and threats (Baldwin, 2018), resulting in a lack of predictability
and the need to invest in order to develop trust.
Immutable
Data blocks, intended to be irreversible based on blockchain technology, can be erased
and re-established, if needed. When a large number of currencies were stolen, Ethereum performed a hard fork, erased a blockchain, and set up a new one. The decision
was conducted democratically by a vote of its active members but is evidence that the
history of cryptocurrencies is not immutable.
Decline in institutional trust
An overall decline in the trust in institutional governments and other bodies has occurred in recent years. This development gives room to global, decentralized movements
and developments. The real opposition can now be found in social movements and
protests in the streets rather than inside institutional governments where it expresses
the dissatisfaction and declining trust in political institutions and their way of governing people (Trauth, 2018).
Environment for criminal activity
In addition to the use of cyber currencies in the Darknet, cybercurrencies were primarily being used by financial speculators, who saw them as an opportunity to get rich
quick, launder money, and evade taxes (Kuhar, 2019). Most people will want laws and
regulations to help make blockchain-based systems trustworthy (Werbach, 2019).
www.iubh.de
158
Unit 7
Bitcoin as currency
Money is suggested by economists to have three prime functions: An accounting unit, a
medium of exchange, and a store of wealth. Bitcoin’s price has fluctuated wildly and is
open to derivation and speculation. The lack of stability makes it hard to consider Bitcoin as a secure store of value. Bitcoin’s lack of regulation and openness to the whim of
the market ensures a volatility that prevents the stability necessary to store wealth or
even serve as an accounting unit. The fact that Bitcoin largely “floats free of any anchor
to ordinary valuing processes” (Golumbia, 2017, p. 71) means that it cannot fully function
as a stable accounting unit (Baldwin, 2018).
Characteristics of Money
USD (FIAT)
GOLD
BTC (CRYPTO)
Durable
Y
Y
Y
Portable
Y
Y
Y
Divisible
Y
Y
Y
Consistency
Y
Y
?
Instantly Recognisable
Y
Y
Y
Acceptable
Y
N
N
Intrinsically Valuable
?
Y
?
USD (FIAT)
GOLD
BTC (CRYPTO)
Unit of Account
Y
N
N
Medium of Exchange
Y
N
N
Store of Value
N
Y
?
Functions of Money
www.iubh.de
Unit 7
159
Blockchain and Society
Privacy
Privacy, as defined by Merriam-Webster, is the quality or state of being apart from company or observation, or freedom from unauthorized intrusion. Technology improvements and innovations have placed consumers in the situation where personal privacy
is challenged on a daily basis. Location and activity is shared on social media, location
is tracked on our phones and vehicles, our purchasing data is available, and more.
Much of this is information that consumers are willing to share in exchange for other
benefits. Some of this information is captured, used, and exchanged for unauthorized
purposes.
Personal privacy advocates believe that blockchain and cryptocurrency entrepreneurship solutions can address the concerns of our dwindling right to privacy in the digital
world. The beauty of these solutions is that they offer encryption or at least partial
obfuscation on a massive scale (Moskov, 2019). Blockchain technology is armed to curb
infringements upon citizens' rights (Hagen, 2018). From a personal information perspective, citizens would have the ability to store private information in a secure, decentralized ledger. Citizens would maintain data ownership, deciding when and where it is
shared. This technology could prevent malicious actors and third parties from accessing or harvesting personal data without consent (Hagen, 2018).
In the financial world, the debate is that this level of privacy is a dangerous enabler of
chaos and disorder. The privacy is an enabler of many illegal activities that have occurred on the darknet, however, the other side of the debate views privacy coins as what
could potentially be our last hope for freedom from external control (Moskov, 2019). As
the global economy becomes more interconnected, citizens can access new forms of
wealth and markets that remain outside the purview of their governments. Autocratic
governments have responded by seeking ways to maintain control over an individual's
or a group’s access to resources. Cryptocurrencies can enable people to participate in
an alternative form of finance that isn't subject to judgment by the state by removing the middleman from transactions. Individuals or groups who have been blacklisted
by a government or corporation can then do more than amass and spend wealth, they
can prosper (Hagen, 2018).
Government
Apolitical nature
Bitcoin and blockchain technology have eliminated politics, governmental control, and
institutional control from the use and management of the blockchain environments.
As Nigel Dodd shows in “The Social Life of Bitcoin,” the basis of the paradox is the idea
that Bitcoin and the technology of blockchain have eliminated politics from the production of money and its management (Kuhar, 2019). David Golumbia (2017) concludes
that assumptions regarding the supposed apolitical nature of cryptocurrencies are
based on ideologies within which freedom means freedom from governmental power.
This includes groups such as cyberlibertarians (advocate for use of technology to pro-
www.iubh.de
160
Unit 7
mote individual or decentralized initiatives and less dependence on central governments), cryptoanarchists (promote cryptography to maintain freedom of speech and
prevent government control and regulation of the internet), and cyberpunks (belief that
those with technological capability can fend off the tendencies of traditional institutes
to use technology to control society includes hackers, crackers and phreaks) (Kuhar,
2019).
Neoliberalism
Neoliberalism is a policy model (covering politics, social studies, and economics) that
seeks to transfer control of economic factors from the public sector to the private sector. It promotes free-market capitalism and a shift away from government spending,
regulation, and public ownership. The belief is that continued economic growth will
lead to human progress, a confidence in free markets, and an emphasis on limited
state interference. Inspired by the term “liberalism,” neoliberalism is more focused on
the economics, while liberalism is a broad political philosophy (Kenton, 2019).
From this definition, one understands that centralization is an impediment to the
decentralized flow of neoliberal finance. Centralized government and banks are oppressive. This supports the Nakamoto thesis stating that there is no need to trust government or banks with currencies, and promotes technology concepts such as efficiency,
speed, connectivity, decentralization, and anonymity (Baldwin, 2018).
Bitcoin is subject to the invisible politics of the programmers who develop the technology and decide upon its functionalities. Implicit in this is that the developers will make
the right decision about the technical features to be implemented. This, however, is
unlike the original intention of Bitcoin to be a decentralized infrastructure that is not
regulated by any third party institution because the actual governance structure, in
spite of its open source nature, is highly centralized and undemocratic (DeFilippi &
Loveluck, 2016). In order to ensure the long term sustainability of organizations such as
Bitcoin, it is necessary to include a governance structure that works in an authentically
democratic way to make decisions on how and when the technology should evolve. Not
only should those building the technology (developers) be involved, but also those
who are affected by these decisions (the users) (DeFilippi & Loveluck, 2016).
The position of world leaders
Today’s leaders have generally taken a wait-and-see approach to cryptocurrencies. In
general, many are enthusiastic about blockchain technology without being enthusiastic
about any existing cryptocurrency. A concerted action against decentralized platforms
in favor of centralized, government-endorsed alternatives could have implications for
crypto that are quite contrary to the original intention.
Some countries such as China and South Korea have implemented bans on ICOs. China
has banned crypto exchanges, while South Korea has banned anonymous crypto trading. Other countries have been open but have not yet established limiting legislation.
www.iubh.de
Unit 7
161
Blockchain and Society
7.2 Blockchain and the Environment
Electricity Usage
Demand of mining
Today, Bitcoin mining is consuming more than 7 GW of electricity a day, equivalent to
Switzerland’s daily electricity consumption. Compared to 2017, Bitcoin’s computing
power has reached an all-time high, and is currently at 100 quintillion hashes (Liu, S.,
2019).
The mining process is powered by countless high-powered computers that require a
large amount of energy to enable the processing and encryption of the transactions
being added to the blockchain. Electricity makes up 90 percent of the cost of mining
cryptocoins (Buttice, 2019).
Negative environmental effects
Digiconomist produces a number of charts that demonstrate energy consumption. As of
late 2019, the following chart shows the marked increase in energy consumption.
www.iubh.de
162
Unit 7
Annualized total footprints of Bitcoin activity is shown in the following chart:
While a single transaction leaves the following footprint.
www.iubh.de
Unit 7
163
Blockchain and Society
The following table gives a summary of the key network statistics for Bitcoin transactions.
Bitcoin Network Statistics
Description
Value
Bitcoin's current estimated annual electricity consumption
(TWh)
73.12
Bitcoin's current minimum annual electricity consumption
(TWh)
52.48
Annualized global mining revenues
$6,453,724,124
Annualized estimated global mining costs
$3,656,073,069
Current cost percentage
56.65%
Country closest to Bitcoin in items of electricity conosumption
Austria
Estimated electricity used over the previous day (KWh)
200,332,771
Implied Watts per GH/s
0.085
Total network hashrate in PH/s (1,000,000 GH/s)
97,849
www.iubh.de
164
Unit 7
Description
Value
Energy footprint per transaction (KWh)
625
Number of U.S. households that could be powered by Bitcoin
6,770,506
Number of U.S. households powered for 1 day by the electricity consumed for a single transaction
21.11
Bitcoin's electricity consumption as a percentage of the
world's electricity consumption
0.33%
Annual carbon footprint (kt of CO2)
34,733
Carbon footprint per transaction (kg of CO2)
296.68
By comparison, the following chart shows the network statistics for Ethereum based
blockchain.
Ethereum Network Statistics
www.iubh.de
Description
Value
Ethereum's current estimated annual electricity consumption
(TWh)
8.07
Annualized global mining revenues
$1,233,403,543
Annualized estimated global mining costs
$806,914,598
Current cost percentage
65.42%
Country closet to Ethereum in terms of electricity consumption
Angola
Estimated electricity used over the previous day (KWh)
22,107,249
Implied Watts per MH/s
5.081
Total network hashrate in GH/s (1,000 MH/s)
181,283.00
Unit 7
165
Blockchain and Society
Description
Value
Electricity consumed per transaction (KWh)
32
Number of U.S. households that could be powered by Ethereum
747,143
Number of U.S. households powered for 1 day by the electricity consumed for a single transaction
1.07
Ethereum's electricity consumption as a percentage of the
world's electricity consumption
0.04%
An article published in the science journal, “Nature,” makes a convincing argument that
since, “the network is mostly fueled by coal-fired power plants in China,” the carbon
impact of bitcoin mining, alone, could push global temperatures above 2°C within less
than three decades (Daab, 2019).
Canada’s Hut 8 Mining Corp, which has spent more than $100M to develop a 4.5 hectare
site with 56 shipping containers, each filled with 180 computer servers that digitally
mine for bitcoin around the clock. This operation uses so much power, that Medicine
Hat, a city which is right next to the facility, has a contractual right to “pull the plug”
should residents not have enough electricity (Bakx, 2018).
Or not?
The argument is being made that the mining is a profitable way to use surpluses of
energy that some nations would otherwise waste. Bitcoin miners have traditionally set
up in China, where coal supplies 60 percent of the nation’s electricity. However, bitcoin
mining is now expanding in areas with cheap power, like the United States Pacific
Northwest, where there is a large availability of hydropower, a low-carbon resource. In
Europe, Iceland is a popular location, as they rely on nearly 100 percent renewable
energy for its production. Geothermal and hydropower energy make miners’ power
demand inconsequential (Kelly-Pitou, 2018).
Expectation of growth
Many believe that blockchain and distributed ledger technology is in its infancy, and it
can therefore be assumed, that as the industry matures and people are aware of its
potential, that the demand on electricity usage will increase (Buck, 2018).
Global electricity consumption, in general, is expected to increase nearly 28 percent
over the next 20 years. Increasing energy consumption is only bad if there isn’t a shift
toward less carbon-dense power production, and that is what miners are doing (KellyPitou, 2018).
www.iubh.de
166
Unit 7
Options for Improvement
Proof of work consensus mechanism
The proof of stake (PoS) consensus mechanism has long been posed as a more sustainable consensus mechanism over proof of work (PoW). PoS uses the term forgers
(rather than miners) to describe those randomly chosen to mine blocks. There are no
block rewards, but forgers can collect transaction fees. One criticism is that PoS favors
those with more assets to be selected as forgers (Cox, 2019).
There are many other consensus mechanisms that are being used and evaluated by
different blockchain platforms. Given Bitcoin’s governing structure and concentrated
power, it is unlikely that there will be a decision to change consensus mechanism.
Directed acyclic graph
Directed acyclic graph (DAG) can be thought of as blockchain minus the blocks. If there
are no blocks, there are no miners. So, instead of verifying transactions via miners, DAG
uses previous transactions to verify new ones. DAG is currently used by Byteball and
IOTA and has the potential to challenge blockchain based alternatives (Cox, 2019).
Other innovative ideas
A new blockchain-based energy grid known as Eloncity has been proposed as a futuristic and innovative solution to improve the efficiency of the system. The idea is to move
away from the uneconomical and cumbersome centralized power supply, to a much
more efficient and intelligent energy storage system based on a network of smart
microgrids (Buttice, 2019).
There is also the option to offset the CO2 released into the atmosphere. Ripple’s XRPL
believes that planting trees allows them to be considered carbon-neutral. WanderingWare has partnered with OneTreePlanted to plant enough trees to offset the carbon
output from the electricity production needed to operate the XRPL. One Tree Planted
works with planting partners in North America, Latin America, Asia, and Africa to plant
trees in areas that have been deforested. The trees they plant help the local and global
environment and, in some instances, provide an income for families in the area if the
trees bear fruits or nuts. Based on their calculation, to offset the carbon footprint of
the XRPL 427,273 trees will need to be planted. At $1 per tree, the XRPL can be carbonneutral for less than $500,000 (Buck, 2018). As of late 2019, only $7,591 has been donated.
Disk Usage
Demand for storage
The size of the Bitcoin blockchain has grown at a stable rate over the past decade. In
late 2019, the size of the Bitcoin blockchain is approximately 242GB in size.
www.iubh.de
Unit 7
167
Blockchain and Society
Because of the peer-to-peer nature of blockchain technology, each node contains a full
copy of the blockchain. Every time data is added to the chain, it must be added to the
data storage of all nodes.
The size of this storage is only going to increase over time. This will put small individual
miners (who can't afford to have too much storage capacity) out of business, and favor
large groups of miners, hence centralization. The problem becomes worse if we
increase the transaction rate (since it means data is getting into the chain at a faster
rate) (Kansal, 2018).
Expectation of growth
Bitcoin storage requirements will grow for two reasons. They are as follows:
•
•
As the userbase grows, there are more transactions happening per second.
Each transaction increases the size of the ledger and because it is append-only
there is always an upward trend in storage consumption (Davenport, 2018).
When compared to mutable where values are replaced, it can be seen that Bitcoin will
be impacted by ever-growing ledger size. There are potential options to control the
ledger size, but it is a growing concern that, in a few years, the size of these ledgers will
grow beyond the reasonable size of available disks (Davenport, 2018).
www.iubh.de
168
Unit 7
Options for Improvement
Blockchain storage solutions
Decentralized file storage, such as Storj, is an option that uses encryption, file sharding,
and a blockchain-based hash table to store files on a peer-to-peer network. Storj
breaks apart files and distributes them across specialized nodes so that they are stored
economically. Signatures are returned that identify the files on the network (Garner,
2018b). It is these unique signatures that would be stored to a blockchain. When the
need arises to retrieve a file, the signature is retrieved from the blockchain and submitted to the storage system which then unlocks and retrieves the requested file. In summary, the blockchain is storing the signature, not the entire transaction (May, 2018).
Pruning
Pruning is the process of removing non-critical blockchain information from local data
storage. Full nodes keep an entire copy of everything that is stored on the blockchain,
while pruned nodes can remove non-critical blockchain information to have a lighter
footprint.
For Bitcoin, pruning is discussed in the context of intermediary transactions. For example, if person A sends person B 1BTC and person B sends that to person C, the initial
payment from person A to person B is considered an intermediary transaction and has
less importance. Full nodes would have both transactions while pruned nodes would
only have the second transaction. Pruning has to be assessed as an option that does
not compromise existing functionality.
Sharding
Sharding breaks data into manageable chunks distributed across different nodes. The
blockchain process can be partitioned across multiple nodes to enable a parallel execution model that increases performance and reduces the amount of data that each
node processes and stores. After the data is partitioned into multiple shards, each
shard is distributed across multiple nodes. For example, if a blockchain network supports 1,000 nodes, the data might be partitioned into 10 shards, with each shard
assigned to 100 nodes. In this way, each node processes and stores only one-tenth of
the data, but the data is still verified across 100 nodes (Sheldon, 2019). How shards
communicate with each other and arrive at a consensus is an active area of research
(Kansal, 2018).
Spare capacity
Swarm networks can provide a long term data solution for blockchain. Businesses and
individuals could use their excess data storage as storage nodes by keeping the data in
shards or fragments, with one node never holding all the information. For this reason,
swarm networks are much more secure than cloud networks that rely on centralized
server farms. Each computer in the network would be encrypted in different ways,
meaning that a successful attack would be virtually impossible. The data being stored
could only be pieced together by a keyholder after a lot of work (Bains, 2018).
www.iubh.de
Unit 7
169
Blockchain and Society
A data storage network of thousands of computers spread out across the world could
also improve performance. When someone wants to access their data from the swarm
it comes from the closest nodes, and when that data is retrieved from several swarms
at once, it comes in parallel (Bains, 2018).
7.3 Cyber-Currencies in the Darknet
Using Cryptocurrencies on the Darknet
Digital currencies allow criminal actors to buy and sell illegal goods and services
through the black markets of the darknet (or darkweb), ranging from weapons to people, narcotics, illegal pornography, organs, and hitmen for hire. Digital currencies also
create opportunities for cyber-criminals to hack digital exchanges and e-wallets for
purposes of financial fraud and identity theft, a major tactic adopted by North Korea
(Fruth, 2018). Cryptocurrencies provide a way for terrorist organizations and criminal
syndicates to launder and relocate wealth across the globe quickly, easily, and privately,
potentially even replacing bulk-cash smuggling (Fruth, 2018).
Bad actors are turning to money laundering or crypto-cleansing for two reasons. First,
digital currency is the easiest, quickest, and most private way to launder money globally, largely due to anonymous privacy coins (Fruth, 2018). Privacy coins use a number
of different techniques that give its users a truly anonymous and private means of
exchanging value. Although Bitcoin is referred to as having these capabilities, the Bitcoin blockchain is inherently public, and if a wallet address can be linked to a user, all
transaction history for the user becomes public (Fenech, 2019). Second, there is no
global standard for regulating digital currency exchanges, with many lacking risk, sanctions-screening, and anti-money laundering (AML) programs (Fruth, 2018).
Bitcoin has become less popular in the darknet marketplaces, whereas Litecoin and
Dash are becoming more popular. This is because Litecoin has low transaction fees and
quicker fund transfer, while Dash assures instant payments (Makadiya, 2018).
Illegal Activities on the Darknet
Transactional data on blockchain is not directly linked to names, addresses, or other
identifying information. This makes digital currencies anonymous to a certain degree
and complicates efforts by law enforcement agencies to identify individual transactions
and link them to users (Malik, 2018).
A study found that illegal activity accounts for a substantial proportion of the users
and trading activity in bitcoin. For example, approximately one-quarter of all users
(25%) and close to one-half of bitcoin transactions (44%) are associated with illegal
activity. The estimated 24 million Bitcoin market participants that use bitcoin primarily
for illegal purposes (as of April 2017) annually conduct around 36 million transactions,
www.iubh.de
170
Unit 7
with a value of around $72 billion, and collectively hold around $8 billion worth of bitcoin. In effect, cryptocurrencies are facilitating a transformation of the black market
much like PayPal and other online payment mechanisms revolutionized the retail
industry through online shopping (Foley et al., 2018).
Named after the network of trade routes that connected the East and the West and
launched in 2011, the Silk Road website was created by Ross Ulbricht as a free-market
economic experiment that focused on user anonymity. Silk Road used Bitcoin for currency and they also used Tor, a network of computers that makes it impossible to trace
by routing internet traffic through servers by anonymizing IP addresses. Ulbricht
believed that people should have the right to buy and sell whatever they wanted so
long as they weren’t hurting anyone else. Counterfeits, weapons, and anything that
could be used to defraud or harm others was prohibited. Soon, Silk Road became a
drug marketplace. After two years of growth, Silk Road was targeted by a denial of service attack, ransomware, and other hacks. Ulbricht was involved in contracting hit men,
hiding his identity, and more. In 2013, Silk Road was shut down with the indictment of
Ulbricht on charges of narcotics conspiracy, money laundering, and solicitation of murder for hire. Ulbricht was sentenced to life in prison without the possibility of parole.
Drug trafficking
Professor Talis Putnins, co-author of the University of Technology Sydney report on
cryptocurrency and illegal drugs stated that
Cryptocurrencies have fundamentally transformed the way illegal drugs are bought and
sold, shifting much of the activity from a cash-based, physical ‘on the street’ market to
an online marketplace. The online illegal drugs trade needed two fundamental things
to take off. One is an anonymous communications platform, which was provided by the
darknet and underpinned by TOR (an anonymous communications protocol). And the
second important piece was an anonymous or private way of making digital payments
that was difficult to trace by authorities. That is the role that cryptocurrencies have
played. Thus, they are an integral part of the online drugs trade. (as cited in Birch, 2019,
Where...? section, para. 3)
On the other hand, Europol spokesperson Jan Op Gen Oorth expressed the opinion that
the transparent nature of cryptocurrency renders transactions easier to trace compared
to those involving cash as “payment for drugs using cryptocurrencies naturally makes
more sense when compared to, for example, bank transfers. On the other hand, most
cryptocurrency transactions are far better traceable due to their inherently transparent
nature than cash” (as cited in Birch, 2019, Where...? section, para. 5).
Over the last six years, there have been notable data points concerning the purchasing
of drugs using cryptocurrencies. There has been a year-on-year increase in the percentage of surveyed participants obtaining drugs on the darknet. In a survey, 30 percent of
respondents claimed that the range of drugs they use has increased, and a further 5
percent reported that they had never tried drugs before accessing them via the darknet
(Birch, 2019). These data points demonstrate that enabling the drug trade with technology has broadened the drug trade in multiple dimensions.
www.iubh.de
Unit 7
171
Blockchain and Society
An interesting challenge stated by Tom Robinson, co-founder and chief scientist at
blockchain analytics firm Elliptic, is that the benefits of anonymity for drug dealers can
be limited by the ability to cash out their crypto profits. As stated by Tom Robinson,
“the challenge for drugs traffickers is how to cash-out the proceeds of their sales. Most
cryptocurrency exchanges make use of cryptocurrency transaction monitoring tools
such as Elliptic's, which use blockchain analysis to determine whether funds are coming from sources such as dark markets” (as cited in Birch, 2019, How...? section, para. 3).
Based on research conducted by Soska and Christin, amphetamines (MDMA) and marijuana each account for about 25 percent of sales on the dark web. Weapons are so
uncommon that they were lumped into the “miscellaneous” category, along with drug
paraphernalia, electronics, tobacco, Viagra, and steroids. Together those account for a
very small percentage of sales.
www.iubh.de
172
Unit 7
Weapons and crime
In addition to Bitcoin being used for the purchasing of illegal drugs, it was also
believed that Bitcoin, especially when it came to Silk Road, also enabled purchasing
weapons and the services of hitmen. Nicolas Christin, assistant research professor of
electrical and computer engineering at Carnegie Mellon University, is one of the
researchers behind a recent deep-dive analysis of sales on 35 marketplaces from 2013
to early 2015. He stated that “weapons represent a very small portion of the overall
trade on anonymous marketplaces. There is some trade, but it is pretty much negligible” (as cited in Pollock, 2018b, What...? section, para. 4).
Money laundering — how it works
The following example presented by Fruth (2018) illustrates the general methodology
for laundering illicit funds through digital currencies.
Phase 1: Fiat currency to primary digital currency (bank to basic digital exchange).
A global crime syndicate attempting to cleanse illicit U.S. dollars can enter crypto currency markets in two ways: Either through purchase of digital currency from a basic digital exchange via the syndicate’s bank account, or by cash or debit card at one of over
1,600 U.S.-based digital currency ATMs. Basic digital exchanges are generally preferred,
as bitcoin ATM companies are regulated as money service businesses (MSBs), which
requires that they maintain anti-money laundering (AML) programs.
As a result, most launderers open online accounts with basic digital currency
exchanges, such as Coinbase, Gemini, Bitstamp, or Kraken, which accept fiat currency
from traditional bank accounts.
For additional online privacy, launderers may adopt pseudonyms through encrypted
email services (e.g. ProtonMail or Hushmail), set up anonymous e-wallets (e.g. Jaxx,
Samourai, or BitLox), and run logless virtual private networks (VPNs) (e.g. Mullvad or
Windscribe), all via an encrypted, blockchain-optimized smartphone.
Account-opening typically requires detailed personal information for account verification. Launderers may use “straw men,” or money laundering intermediaries, with clean
records, corroborated employment, and a direct deposit to provide an additional layer
of separation. They can also purchase fully verified accounts from willing participants
on social media forums such as Reddit.
Once verified, the digital exchange account can receive fiat currency deposits through
wire transfers, automated clearing house (ACH) transfers, by bank account, or credit/
debit card number. The funds can then be used to directly purchase stake in a “primary
coin,” such as Bitcoin, Ethereum, or Litecoin.
These primary coins can be used as an intermediary between fiat currency and alternate digital currencies, or “alt-coins.” Alt-coins can only be purchased on advanced
exchanges using primary coins (not with fiat currency). Many classes of alt-coin exist,
each with unique purposes. Among these are centralized and decentralized currencies,
lightning fast payment-oriented coins, and privacy coins.
www.iubh.de
Unit 7
173
Blockchain and Society
While traditional decentralized blockchain coins, like bitcoin and Ethereum, maintain a
detailed transaction audit trail, some alt-coins do not maintain a ledger of this information. These node-to-node (N2N) privacy coins encrypt transaction details so that
only transacting parties can see them, using privacy features such as “homomorphic
encryption,” which allows for the data calculations needed to facilitate a transaction
without the need to first decrypt the data; and “proof cryptography,” which verifies the
transaction without revealing the details.
Phase 2: Bitcoin mixing — primary coins (basic exchange) to privacy alt-coins (advanced
exchange).
Assume the launderer purchased bitcoin with U.S. dollars on the basic Coinbase
exchange. The resulting bitcoin ownership would be represented in a bitcoin digital
wallet, which has its own unique and traceable digital address, as well as a unique QR
code.
In order to obfuscate the primary coin’s audit trail, launderers use a tactic known as
“mixing” or “tumbling.” Mixing services, such as Bitmixer or Helix, perform primary coin
address swaps against temporary digital wallet addresses in an attempt to fool the
blockchain and break audit traceability. Some advanced exchanges, like ShapeShift,
which require no login or verification, may be used as an alternative mixing method.
ShapeShift, which operates only through sending and receiving wallet addresses, allows
for a backup address to be used if a transaction fails. Launderers intentionally use false
receiving addresses in order to re-route transactions to the backup address, thereby
breaking the audit ledger.
The next step is to transfer the mixed bitcoin holdings to an advanced digital exchange,
such as Bittrex or Binance, for the purpose of acquiring privacy coins. The transfer
process between exchanges can take hours with bitcoin, while Litecoin and Ethereum
generally process in minutes.
Once the launderer’s bitcoin arrives in the advanced digital exchange bitcoin wallet,
they can then trade bitcoin for a privacy coin, such as Zcash, Verge, Monero, Dash, and
Desire. Desire uniquely provides its own mixing service within the blockchain itself.
Phase 3: Layering through multiple privacy coins, exchanges, and digital addresses.
The money laundering layering process involves a series of money movement tactics
designed to provide anonymity to the illicit source of funds. Upon purchasing privacy
coins on an advanced exchange, money launderers can easily and anonymously layer
funds between various digital currency exchanges, privacy coins, and crypto wallets
that can belong to anyone. After several layers, money launderers can sever the audit
trail, effectively cleansing illicit funds for integration back into the traditional financial
system.
Having severed the audit trail in phases 1 through 3, the launderer now has several
options for withdrawing the cleansed funds from the digital currency world.
www.iubh.de
174
Unit 7
Phase 4: “Bust-out” integration.
Privacy coin holdings can be re-exchanged for primary coins, which can then be transferred back to a basic currency exchange where funds may be withdrawn to a connected bank account.
If the launderer deems reintegration into retail bank accounts too risky, they can transition funds into real estate, citing the legal, expected desire to avoid capital gains taxes.
However, the most secure way to transition funds for integration is to transfer digital
holdings to a portable hardware crypto wallet. These flash drive-sized devices provide
couriers with the means to avoid risky bulk cash smuggling by transporting funds covertly. In fact, a courier can accomplish the same task with a printout of the digital
address or QR code. Laundering cells may further limit access to funds throughout
their logistical network by requiring an elaborate passphrase known only to the sender
and desired recipient.
As such, a sanctions evasion/currency cleansing operation could clean $10 million per
10 people per week like this:
•
•
•
•
$10 million dollars is spread out across 10 straw man intermediaries, each responsible for cleansing $1 million.
Each straw man maintains a stake in 10 transferrable digital currencies, allowing
their $1 million to be segmented into $100,000 increments.
In addition, each straw man maintains wallet addresses for each digital currency
with 10 separate exchanges, reducing segmentation to $10,000 increments.
Each straw man then withdraw 2 separate transactions of $5,000 to their accounts
with 10 different financial institutions.
Conversely, phases 1 through 3 could utilize similar straw-man tactics on the deposit
end.
Addressing the Problem
Government authorities have to be involved in enacting laws to reduce drug trafficking,
money laundering, and other criminal uses of cryptocurrencies. The more decentralized
the network is and the more technology advances together with the worldwide spread
of the bad actors and the network of computer systems, the more difficult it will be to
keep pace with, or get in front of, the bad actors.
In 2017, the United States Government proposed that the Department of Homeland
Security should study the link between bitcoin and terrorism because the anonymity
offered by digital currencies provides terrorists with the privacy they seek. Her Majesty's Treasury in the United Kingdom has also sought to increase regulation by requiring
digital currency exchange users to disclose their identities (Malik, 2018).
www.iubh.de
Unit 7
175
Blockchain and Society
In June 2019, the Financial Action Task Force (FATF), a coalition of countries from the
United States to China and bodies such as the European Commission, told countries to
tighten oversight of cryptocurrency exchanges to stop digital coins being used for
money laundering. Countries will be compelled to register and supervise cryptocurrency-related firms and will have to carry out detailed checks on customers and report
suspicious transactions. Although the participants are in agreement that something
needs to be done and that this is a good first step, Teana Baker-Taylor, executive director of Global Digital Finance, an industry body that represents crypto-related companies worldwide, stated “we are obviously going to comply. The challenge is asking for
something that there is the technical facility to do” (O’Donnell & Wilson, 2019).
Prosecutions
In 2014, the FBI seized 27 darknet sites during Operation Onymous, a joint effort from
the FBI and the European Union Intelligence Agency Europol to stamp out illicit markets. In 2019, darknet markets are still selling illegal drugs that can be purchased with
cryptocurrency, but U.S. law enforcement continues to take a hardline approach, arresting a couple in California for selling drugs on the darknet in exchange for Bitcoin and
Bitcoin Cash (BCH) (Birch, 2019).
European and American investigators have broken up one of the world’s largest online
criminal trafficking operations in a series of raids in the United States and Germany.
Three German men, ages 31, 22, and 29, were arrested after the raids in three southern
states on allegations they operated the so-called “Wall Street Market” darknet platform,
which hosted approximately 5,400 sellers and 1.15 million customer accounts. The men
face drug charges in Germany on allegations they administrated the platform where
cocaine, heroin, and other drugs, as well as forged documents and other illegal materials, were sold. They have also been charged in the United States, said Ryan White, a
prosecutor with the US Attorney’s Office in Los Angeles, who traveled to Germany for
the announcement along with FBI and DEA agents (Associated Press, 2019).
Value of Acting Like a Criminal… But Not Being a Criminal
There are valid reasons to use blockchain platforms legally with the desire or need to
remain anonymous.
The simplest reason is that many people who understand technology want to increase
their privacy level and reduce the likelihood of being a hacker's target.
More complicated are the millions of people around the globe that are not accepted in
their societies for reasons out of their control. Pseudonyms are used by women who
speak up for their rights, atheists born into religious societies, and people critical of
their governments who speak their minds, empower their causes, and encourage those
around them to do the same. Technology allows and empowers them to be leaders in
social change and to connect with like-minded individuals in a community. They need
to pay for products and services. Without the ability to pay for these services anony-
www.iubh.de
176
Unit 7
mously, they would be forced to reveal their true identity. This is a situation which
clearly makes no sense, and one with potentially dangerous ramifications (ExpressVPN,
2020).
There are many positive reasons for a private and secure banking system like Bitcoin.
Workers’ rights group could, for example, raise funds with Bitcoin. The money could be
used for servers, flyers, or remote helpers without tying any transaction to the real
identities of the volunteers (ExpressVPN, 2020).
7.4 ICO Fraud
A new type of investment, called initial coin offerings (ICO), further illustrates why
blockchain-based activity still requires trust. Since 2017, blockchain-based startups
have raised more than $20B by selling cryptocurrency tokens to supporters around the
world. While there were a few good investments, a large percentage of those companies
were frauds. Blockchain implementations do not require the same disclosures as that
of traditional securities (Werbach, 2019).
How ICOs Work
Companies and individuals are increasingly using initial coin offerings (ICOs) as a way
to raise capital to participate in investment opportunities. While these digital assets
and the technology behind them may present a new and efficient means for carrying
out financial transactions, they also bring increased risk of fraud and manipulation
because the markets for these assets are less regulated than traditional capital markets (U.S. Securities and Exchange Comission, n.d.).
Compared to initial public offerings (IPOs), which are used by corporations to raise capital for growth, the shares of company stock are offered for purchase in a more traditional manner. Similar to crowdfunding, the ICO projects generally offer their own brand
of tokens in exchange for popular cryptocurrencies such as Bitcoin (BTC) or Ethereum
(ETH). Besides the difference of tokens rather than shares, IPOs are protected by financial authorities who ensure that conditions and particular legal standards are met by
companies offering shares. However, ICOs are not protected by the same rules, and
investment may not be recoverable when a fake project vanishes, taking investor funds
with it (Osborne, 2018).
There are many legitimate blockchain projects that launch an ICO due to a real dedication to their goals and a true need to raise funds. However, many ICOs have resulted in
a theft of funds and exit scams. Like many angel investments in startups, ICOs are a
risk which may later offer good returns, leading many to invest in the blockchain space
(Osborne, 2018).
www.iubh.de
Unit 7
177
Blockchain and Society
Examples of Failed ICOs
In Canada, authorities have seized luxury cars and frozen bank accounts owned by the
ringleaders of FUEL, an allegedly fraudulent $22-million initial coin offering (ICO) from
2017. Court documents claim “blockchain services company” Vanbex raised $22 million
(CAD$30 million) in cryptocurrency and fiat with absolutely no intention to develop the
FUEL token. Instead, founders Kevin Hobbs and Lisa Cheng used the money to fund a
lavish lifestyle, which included the purchase of two new Land Rovers, a $3 million (CAD
$4 million) Vancouver condominium, as well as the leasing of a Lamborghini Aventador
S. Vanbex is said to have sold its FUEL tokens on the basis it would be integrated with a
new platform for smart contracts called “Etherparty.” Hobbs, Cheng, and Vanbex marketed the ICO by promising that FUEL’s value would dramatically increase once Etherparty
was deployed. The FUEL token was, in substance, treated like security while avoiding
the protections of securities regulation that would ordinarily protect investors (Cannellis, 2018).
In Vietnam, the Pincoin ICO exit scam occurred in April 2018 in a Ponzi scheme devised
by the team behind Modern Tech. In the first ICO, the firm promised investors constant
financial returns before launching another token in the form of the iFan. Proceeds from
the second ICO were used to pay Pincoin investors, before the ICO team disappeared
with $660 million belonging to about 32,000 investors (Asia Blockchain Review, 2019).
Potential and Advice for ICO Investments
Those who wish to invest in ICOs, either to truly support the growth of the business
and/or as an investment opportunity, are given the following words of caution.
Get to know the team: The cryptocurrency and blockchain domains are dominated by
major names, those who have been successful developers. It is becoming increasingly
common for scammers to invent fake founders and biographies for their projects (Reiff,
2019b). Know who you are dealing with.
Read the whitepaper: An ICO whitepaper is the baseline document for the project. It
should provide the background, goals, strategy, concerns, and roadmap for implementation of the project. Read the paper thoroughly, ensure that it is consistent, and well
thought out.
Watch the token sale: AN ICO will make the progress of the token sale (funding) easy for
potential investors to view. Watch the token sale over time to see how it is progressing.
If this transparency is not available, then consider this a red flag (Reiff, 2019b).
Feasibility: Determine the feasibility of the project. Determine whether the interim goals
are achievable.
www.iubh.de
178
Unit 7
Exercise caution: ICOs are speculative investing which is always tempting enough to
draw seasoned investors and beginners into risky areas. Be aware that projects that
sound too good to be true likely are (Reiff, 2019b).
Summary
Blockchain, and specifically Bitcoin, have a somewhat checkered history. Although
the intention of Bitcoin was defined by Nakamoto, it is likely that he did not predict
the illegal activities that would take place on the platform, nor the technologies
that further enable them. Whether a trade of coin for drugs, illegal goods, money
laundering, or raising of funds with no intention to deliver, Bitcoin has presented
the government and other agencies with the challenge to provide regulation without breaking the primary principle of decentralization as defined by Nakamoto a
decade ago.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Unit 8
Legal Aspects
STUDY GOALS
On completion of this unit, you will have learned …
… the difference between physical contracts, blockchain-based smart contracts, and the
regulatory concerns for smart contracts.
… the comparison of cryptocurrencies with fiat currencies and considerations for
worldwide regulation of cryptocurrencies.
… how ICOs are the IPOs for the blockchain environment, their purpose, and the
boundaries being considered by countries to protect investors and control activities of
the ICO.
… considerations for data protection and security in a decentralized blockchain
environment compared to that of a centralized data environment.
DL-E-DLMCSEBCQC01-U08
180
Unit 8
8. Legal Aspects
Introduction
Blockchain technologies present many opportunities for the next generation of webbased applications. Blockchain leverages a number of previously-known technologies
to create an ecosystem that was designed to be decentralized and self-governing.
There are a number of legal issues that must be addressed so that consumers and government alike can be confident in the technology and allow it to prosper.
The legal concerns of smart contracts and the regulations enacted by various countries
will be discussed in this unit. Are smart contracts enforceable? If so, under what jurisdiction?
Cryptocurrencies, the foundation of blockchain, will be compared to fiat currencies.
Should cryptocurrencies be regulated and to what level? What are the pros and cons of
strict regulations?
Initial coin offerings (ICOs), the IPOs of blockchain, are the means by which new
projects are funded. How can investors be protected? How can the ICOs be regulated to
stop the funding of illegal activities on the blockchain?
Finally, how do data privacy regulations differ in centralized versus decentralized environments and how can they be implemented in blockchain?
8.1 DLT and Smart Contracts as Legal Contracts
Smart contracts are based on blockchain and consist of code which is automatically
executed upon specified criteria being met. The code is the essence of the smart contract. Execution of smart contracts over the blockchain network eliminates the need for
intermediary parties to confirm the transaction, leading to self-executing contractual
provisions. The benefits of smart contracts are the cost and efficiency gains to be achieved. Smart contracts raise significant legal questions in relation to applicable regulations, leaving a sense of uncertainty concerning their legal enforceability (McKinlay et
al., 2018).
In the classic textbook “Code Complete” by Steve McConnell, it is stated that there are
typically 15—50 errors per 1000 lines of traditional code, whereas in the blockchain
world, the National University of Singapore found that almost half of Ethereum smart
contracts have errors (bugs) in them (Morris, 2019). How can a smart contract user be
assured that the contract will function as described?
www.iubh.de
Unit 8
181
Legal Aspects
What Needs Regulation — Service Levels and Performance
As a decentralized technology, the services conducted on a public blockchain environment, whether for the processing of transactions or the use of a smart contract, are
generally provided as they are. Xu et al. (2019) state that “there are no guarantees or
defined service-level agreements (SLAs) provided by public blockchains” (p. 86).
An unknown level of service may be acceptable for individuals conducting transactions
that are not time-sensitive. McKinlay et al. (2018) proposes that for “users who are utilising the service as part of their business, this is unlikely to be an acceptable proposal.
The balance of performance risk will therefore be a key issue.”
Together with timeliness, the accuracy of processing must also be considered. A malfunctioning blockchain service may not only affect those directly participating, but also
those who might be affected by the incorrect processing of the transaction. McKinlay et
al. (2018) pose the scenario of stock trades not settled or settled incorrectly. Consideration needs to be given not just at the vendor-customer level, but between all relevant
participants, in particular the parties (perhaps counter-parties for a trade) affected by
the failure.
The question is not only whether smart contracts are subject to the law, but also to
which law they are subject. Which law regulates the effective formation of a smart contract? Which law determines whether a particular contractual term is fair (Rühl, 2019)?
Jurisdiction of Regulations
Blockchain environments spread across national and international borders, since
nodes can be anywhere in the world. As physical contracts are typically written to be
subject to the laws of a specific jurisdiction, blockchain smart contracts and the transactions they generate present complicated jurisdictional issues.
It may be difficult to identify the appropriate set of rules to apply (McKinlay et al., 2018).
The participants in the transactions, as well as each node in the network which is processing and/or storing the data, are all involved and could be subject to compliance in
a large number of jurisdictions.
The inclusion of an exclusive governing law and jurisdiction clause in the smart contract is therefore essential and should ensure that a customer has legal certainty concerning the law that will be applied to determine the rights and obligations of the parties to the agreement, and which courts will handle any disputes if they should arise
(McKinlay et al., 2018).
www.iubh.de
182
Unit 8
Country-Specific Regulations
United States
Regulatory and legislative activities in the United States have thusfar concentrated on
crypto assets. While Congress has not taken steps to legislate blockchain technology,
state lawmakers in a half dozen states have passed a variety of laws and empowered
state regulation of blockchain technologies. The federal laws and regulations, coupled
with unharmonized state laws and regulations, create a highly complex environment in
the United States for the consistency of functioning smart contracts (Baumert et al.,
2019).
European Union
The EU has been active in addressing the use of blockchain capabilities. For instance, in
2018, the European Commission (EC) launched the EU Blockchain Observatory and
Forum, a multilevel platform for discussion about blockchain’s developments, impacts,
and regulatory challenges. Another step was taken in April 2018 when a group of member states established the European Blockchain Partnership (EBP) and the European
Blockchain Services Infrastructure (EBSI), which are initiatives that aim to support the
delivery of cross-border digital public services. The EBP continues to grow, with Hungary joining in February 2019 and becoming the group’s 29th member (Baumert et al.,
2019).
In the EU, agreements that are entered with consumers through smart contracts need
to comply with the applicable consumer protection laws. Market participants are
obliged to clearly define the material terms and conditions of the underlying transactions and make them available to their consumers. EU consumers need to be informed
of the automatic and non-reversible nature of transactions executed through smart
contracts (Baumert et al., 2019).
To create a legally binding contract in the EU, two parties must reach consensus
expressed in two consistent statements of will. If parties use a smart contract in a manner sufficient to express one’s will, such a smart contract may be recognized as a
legally binding contract. However, numerous statutes require additional forms of reaching and expressing consensus. In such cases, executing a smart contract on blockchain
may not be sufficient to create a legally binding agreement (Baumert et al., 2019).
Common to the US and EU
The Chamber of Digital Commerce, which claims to be the world’s leading trade association representing the digital asset and blockchain industry, believes that no new laws
are necessary in the United States and EU because the existing federal framework
already “supports the formation and enforceability of smart contracts under state law”
(as cited in Baumert et al., 2019, Smart Contracts section, para. 2). Particularly, the
framework enables that the Electronic Signatures in Global and National Commerce Act
(ESIGN Act) and the Uniform Electronic Transaction Act (UETA) “provide sufficient legal
basis for smart contracts executing terms of a legal contract” (as cited in Baumert et al.,
2019, Smart Contracts section, para. 2).
www.iubh.de
Unit 8
183
Legal Aspects
Asia
Clarity in rules and regulations make Singapore a favorite destination for crypto-hobbyists and traders. Singapore hosts over 40 percent of the smart contract platform
projects that were cryptocurrency startups in 2017—2018 (Parker, 2019).
Corporate Structure that Uses Smart Contracts — Decentralized Autonomous
Organizations
A decentralized autonomous organization (DAO) is a business that uses an interconnected web of smart contracts to automate all its essential and non-essential processes.
DAOs have only one interest, and that is to protect the business itself. It requires no
employees or managers. Business functions are automated and executed in the form of
a smart contract (Liebkind, 2019c).
In the physical world, companies are legal institutions created to allow their constituent individual human members to act collectively for the purpose of engaging in trade
(i.e., transactions). They hold assets and liabilities that are ultimately owned and controlled by their members. Those members (via the governance and management agents
appointed by them) are liable for both the financial and wider societal obligations arising from transacting corporate business (Howell, 2019).
The question is: Can an autonomous firm be constituted without the involvement of
humans, and if so, how? Since there are no people directly involved, the liability of the
DAO and the DAO’s creators need to be considered.
Many in the justice system would describe the legal relationship between members of
a DAO and their investors as a general partnership, making every stakeholder of a DAO
liable for any legal actions that the DAO might face (OpenLaw, 2019).
OpenLaw DAO, a DAO itself, provides blockchain-based tools to build legal templates to
deploy “limited liability wrappers” for DAOs, to create a limited liability autonomous
organization (LAO). Under laws in the United States, a DAO would have to be structured
as a business entity, a limited liability company (LLC) (Kim, 2019). The LLC contracts will
handle mechanics concerning funding, voting, and allotment of collected funds. The
organization will limit LAO members’ liability. The LAO’s membership interests will be
restricted and available only to the qualifying parties that fit into the criteria of the
accredited investor for complying with United States law (Cook, 2019). DOrg LLC is the
first legally valid DAO under United States laws, licensed as a blockchain-based LLC
firm. DOrg can now participate in contractual agreements and provide liability protection (Boddy, 2019).
Ownership of Smart Contracts — Intellectual Property
Intellectual property (IP) positions need to be understood for smart contract software
written for purpose of blockchain transactions. Software vendors will likely want to
capitalize on their investment and the commercial benefits generated from the usage
www.iubh.de
184
Unit 8
of their smart contracts. Possible IP options are no different than that of traditional
software and are likely to hinge on whether those specific requirements could give a
smart contract customer a competitive edge and/or whether that custom development
can be used by the blockchain developer with another customer or, conversely, by the
customer with another blockchain developer. Depending on the answer to these questions, a customer may insist on ownership of such developments, and may be willing to
license them for the term of the agreement (or perpetually if usable with other networks) or restrict the developer’s ability to use such developments. This restriction
could be time, use, or recipient based. It could even be a combination of all three
(McKinlay et al., 2018).
8.2 Cryptocurrencies as Legal Currencies
Fiat Currencies and Cryptocurrencies
Fiat money
Fiat currency came into existence in approximately 1000 AD in China and was originally
based on physical commodities such as gold. Fiat money is issued by the government
and regulated by a central authority, such as a central bank. Fiat money acts as legal
tender and is based on the credit of the economy. The fiat currencies, such as US Dollar, Pound or Euro, obtain their value from the supply and demand in the market.
Fiat money has remained a means of payment recognized by law to meet a financial
obligation (legal tender) in most countries because they are stable and controlled. It is
this stability that also allows fiat money to be a means for storing value and enabling
exchange. Since fiat money is not linked to physical reserves such as a physical commodity (for example, gold), and is instead based on the strength and credit of the issuing body (government), there is a risk that fiat currencies could lose value due to inflation or become worthless in the event of hyperinflation (Goyal, 2018).
Cryptocurrencies
A cryptocurrency is a digital or virtual currency that, as a medium of exchange, uses
cryptography technology to process, secure and verify transactions. Cryptocurrencies
are not controlled by a central authority. Anyone who can conduct an online transfer
can acquire and transfer cryptocurrency. Faster settlement times, lower transaction
fees, and privacy are the benefits of cryptocurrency-based transactions (Goyal, 2018). As
compared to the stability of fiat currency, since there is no central bank to change
monetary policy, cryptocurrency eliminates the potential of the value being affected by
the strength and credit of the central government. However, in the ten year life span of
Bitcoin, price fluctuations of the Bitcoin cryptocurrency have spanned from $0.03 in
2009 to over $19,000 in late 2017 to a value of approximately $8,600 in 2019 November.
www.iubh.de
Unit 8
185
Legal Aspects
Differences between fiat money and cryptocurrencies
Legality: Fiat money is legal tender in that it is often the official means of finalizing
transactions. Governments control fiat money supply and issue policies that affect their
value. Cryptocurrencies are digital assets that act as a medium of exchange that governments have no control over. A central body does not control or influence their value.
Tangibility: Cryptocurrencies are virtual while fiat currencies exist as coins or notes.
Exchange: Cryptocurrency exchange is strictly digital, while fiat money can be
exchanged in digital and physical form.
Supply: Fiat money has an unlimited supply as central authorities do not have a cap on
the extent to which they can produce money. Cryptocurrencies, however, do have a cap.
For example, Bitcoin is capped at 21 million coins (Goyal, 2018).
Reasons for Regulation
Reasons to support the regulation of cryptocurrencies include:
•
•
•
•
•
Controlling and reducing cryptocurrency use for illegal activities through the anonymity characteristic of blockchain. As a result of the design of blockchain ecosystems, authorities cannot track the users involved in these illegal activities.
The broad swings in the value of cryptocurrencies have happened while other commodities have been fairly stable. Regulating cryptocurrencies could stabilize values
and end extreme shifts (Sloan, 2018).
The elements of blockchain technology provide an amount of self-regulation; however, as has been described previously, thefts of cryptocurrencies have occurred.
Regulation may help reduce fears based on the lack of understanding of the intricacies of blockchain technology including the mechanisms that protect from theft
(Sloan, 2018).
In the United States, cryptocurrencies are classified as an asset by the Internal Revenue Service (IRS).
◦ If kept as an investment, capital gains and losses must be reported, resulting in a
higher taxation bracket.
◦ Some companies are using cryptocurrencies to evade taxes since cryptocurrencies are not classified as money.
◦ Individuals are using cryptocurrencies as cash, making the cash transactions difficult to track by the IRS (Sloan, 2018).
Many trading firms and banks, including some of the world’s largest financial institutions, are transacting with crypto-intermediaries. As a result, the financial system
at large is becoming increasingly exposed to failures in the crypto-markets (Funderburk, 2019).
Pros and cons of regulation
The arguments in favor of regulation are similar to those that oppose regulation.
www.iubh.de
186
Unit 8
Obie and Rasmussen (2018) state that without clear regulations, cryptocurrency innovation in the United States is being hampered because
•
•
•
potential investors delay making investment decisions because of uncertainty of
valuation,
entrepreneurs that would leverage blockchain environments are cautious because
of fear of conducting activities against the law, and
the country suffers as other countries have established rules that are more hospitable to the use of cryptocurrencies.
Avan-Nomayo (2019) argues that many of the regulatory measures can negatively
impact innovation in the industry and that strict regulations will cause a capital flight
and brain drain from nations that adopt them.
In addition, implementing regulations on blockchain environments has the likelihood
of increasing the cost of doing business on the blockchain.
What should be regulated
Cryptocurrency users conduct financial transactions that are validated and disseminated by a network of computers on the currency platform. Intermediaries have emerged
to fill additional roles, such as storing users’ currency in virtual wallets or exchanging
cryptocurrency into fiat currency and back. Funderburk (2019) asserts that the problem
is that these intermediaries are not subject to regulations barring fraud or misuse of
funds.
Kuskowski (2018) insists that the crypto market must acknowledge that cryptocurrencies should not be the primary focus of regulation, but that it should be the outcome
of the blockchain technology that is regulated. For example, if an individual uses blockchain to exchange data or transfer shares, the regulatory focus must be on the data
elements or shares of those transaction rather than on the cryptocurrencies.
Self-Regulation
In the context of cryptocurrencies, self-regulation is the establishment of guidelines
and a code of conduct for market participants to operate within the ecosystem. The
International Organization of Securities Commissions (IOSCO) has defined the characteristics of transparency and accountability, contractual relationships, coordination,
and information sharing as the elements of self-regulation (Sharma, R., 2019).
It is hoped that self-regulation could help to temper some of the more stringent crypto
laws being enacted by several governments, paving the way to a healthy and sustainable market, as well as to fuel long-term innovation. With guidelines that outline best
practices, customer trust can be established and maintained if those best practices are
followed by member organizations (Sharma, R., 2019).
www.iubh.de
Unit 8
187
Legal Aspects
Japan and South Korea have pioneered self-regulation in cryptocurrency exchanges.
The Japan Blockchain Association has 127 members with 35 crypto exchanges, while
South Korea has 25 members. CryptoUK is a formation of the UK’s seven largest crypto
companies and has its own self-regulatory code of conduct (Sharma, R., 2019).
To date, most self-regulation efforts service local markets. OKEx, a Malta-based cryptocurrency exchange, is looking to form a global self-regulated organization (SRO) for
cryptocurrency trading platforms. As a global SRO for crypto exchanges, the organization could function like the World Federation of Exchanges in lobbying regulators
across different countries to come up with more favorable laws. Andy Cheung, head of
operations at OKEx, stated that “exchanges to grow and deliver impact is by joining
together to develop practices and policies that will set a global standard and adapt to
regional regulatory frameworks” (as cited in Avan-Nomayo, 2019, Establishing section).
Country-Specific Cryptocurrency Regulations
One of the most critical legal considerations for any cryptocurrency investor has to do
with the manner in which central authorities view cryptocurrency holdings. In the United States, the Internal Revenue Service (IRS) has defined cryptocurrencies as property,
rather than as proper currency. This means that individual investors are subject to capital gains tax laws when it comes to reporting their cryptocurrency expenses and profits
on their annual tax returns, regardless of where they purchased digital coins. This
aspect of the cryptocurrency space adds layers of complexity for United States taxpayers which is further exacerbated when holdings have been purchased on foreign
exchanges as there are additional reporting measures required for tax purposes (Reiff,
2019c).
The following map shows countries around the world in which cryptocurrencies are
banned as well as those in which they are allowed.
www.iubh.de
188
Unit 8
The following map shows where tax laws, anti-money laundering/anti-terrorism financing laws, or both, are enforced as part of cryptocurrency regulations around the world.
www.iubh.de
Unit 8
189
Legal Aspects
The following map shows countries that have, or are issuing, national or regional cryptocurrencies.
www.iubh.de
190
Unit 8
Facebook Libra
Libra is Facebook’s blockchain-based cryptocurrency platform (and same-named currency) planned for a 2020 launch. According to the Facebook whitepaper, “Libra is a
simple global currency and financial infrastructure that empowers billions of people.”
Facebook’s goal is to bring customers closer to businesses across the world in an
improved way that feels easier, stable, and more secure (as cited in Mitra, 2019a,
What...? section, para. 1).
Components of Libra
Libra has six features:
1. Built on a secure, scalable, and reliable blockchain.
www.iubh.de
Unit 8
191
Legal Aspects
2.
3.
4.
5.
6.
a. Libra will start as a permissioned blockchain with the goal of becoming permissionless once it is able to handle the scale, stability, and security needed to support the volumes of people and transactions around the world
b. Blocks are not the core data structure. The data environment is described as a
“decentralized, programmable database.” The transactions in Libra will form a
sequence which will be stored in Merkle trees.
c. Like Ethereum, Libra will use a gas model (Mitra, 2019a).
Libra, the cryptocurrency, is a stablecoin backed by a reserve of assets, the Libra
Reserve. Stablecoins are cryptocurrencies which minimize the volatility of price by
pegging it to the value of assets, such as a cryptocurrency, fiat money, or to
exchange-traded commodities. In the case of Libra, the assets will be “a collection
of low-volatility assets, such as bank deposits and short-term government securities
in currencies from stable and reputable central banks” ( as cited in Mitra, 2019b, Stablecoin Properties section).
Libra, the platform, is governed by the independent Libra Association. The Libra
Association is an independent, not-for-profit membership organization, headquartered in Geneva, Switzerland. It will have 100 members before launch and will
assume final decision-making (Mitra, 2019a). The two most important roles of the
Libra Association are as follows:
a. Manage the Libra reserve: Only the association can mint (when authorized resellers have purchased coins from the association with fiat assets to back the new
coins) and burn (when authorized resellers sell Libra coin to the association in
exchange for the underlying assets) Libra currency (Mitra, 2019b).
b. Increase decentralization over time: Starting the transition within five years of its
launch, the network’s reliance on the founding members will decrease. The
founding members initially included companies such as EBay, Lyft, Mastercard,
PayPal, Spotify, Uber, Visa, Vodafone Group and 20 others (Mitra, 2019b). In October 2019, six companies, including eBay, Visa, Mastercard, and PayPal withdrew
from the association.
Libra uses the LibrBFT consensus mechanism. In LibraBFT, the nodes in charge of
block production are called “validators,” which make progress in rounds. Each round
has its own designated validator called a leader, which is responsible for proposing
new blocks and obtaining majority votes from the rest of the validators to get the
block approved (Mitra, 2019b).
Smart contract coding is done with the “Move” programming language. Move is a
new programming language with the priority to provide smart contracts with a high
degree of security (Mitra, 2019b).
Libra will use the Calibra digital wallet, built by a Facebook subsidiary, in addition to
other wallets.
Negative reactions
The concern with the concept of a blockchain platform implemented by Facebook is the
amount of data in totality that Facebook will have access to. Facebook has said that the
social media information on their social media platform and the financial data on their
blockchain platform will not be connected in any way. The plan for Libra is to profit
from advertising and not the sale of private data (Mearian, 2019a).
www.iubh.de
192
Unit 8
Jehan Chu, Co-founder of Social Alpha Foundation and Managing Partner at Kenetic,
believes that Libra can refresh the blockchain industry.
“While critics bemoan the centralized nature of Facebook’s crypto, I believe it is an
enormously positive driver that will accelerate crypto into mainstream consciousness
and adoption and provide further capital and opportunities for fully decentralized
blockchains like bitcoin and Ethereum and the startups that build on them” (as cited in
Litsa, 2019, Experts react section).
The negative reactions have been extensive.
Nouriel Roubini, an American economist, stated “It has nothing to do with blockchain.
Fully private, controlled, centralized, verified, and authorized by a small number of permissioned nodes. So what is crypto or blockchain about it? None” (as cited in Mitra,
2019b, Negative Reactions section).
Sarah Jamie Lewis, an anonymity and privacy researcher, facetiously states “Can’t wait
for a cryptocurrency with the ethics of Uber, the censorship resistance of PayPal, and
the centralization of Visa, all tied together under the proven privacy of Facebook” (as
cited in Mitra, 2019b, Negative Reactions section).
Representative Sherrod Brown, the leading Democrat on the United States Senate
Banking Committee, said, “Facebook is already too big and too powerful, and it has
used that power to exploit users’ data without protecting their privacy. We cannot allow
Facebook to run a risky new cryptocurrency out of a Swiss bank account without oversight” (as cited in Mitra, 2019b, Negative Reactions section).
In September 2019, French and German regulators promised to block Libra because it
believed it could threaten the Euro’s value and unlawfully privatize money. They also
plan to create their own national cryptocurrencies. At the meeting of G7 Finance Ministers and Central Bank’s Governors in July 2019, the 19-country euro zone block indicated
it is united in pursuing a tough regulatory approach should Libra seek authorization to
operate in Europe (Mearian, 2019b).
It is also believed that Libra could become the de facto central banking authority for a
developing country, or one in turmoil, like Venezuela. Felix Shipkevich, an attorney specializing in cryptocurrencies, stated “if you're Facebook and maintain ten percent of
Venezuela's local currency through Libra, you become a quasi-federal reserve for that
system [...] My first reaction to Libra was, 'Are you kidding me?' How are we just ten
years after a global Great Recession allowing a single company to be able to potentially
control the federal reserve systems of developing countries?” (as cited in Mearian,
2019b, para. 24).
www.iubh.de
Unit 8
193
Legal Aspects
8.3 Regulation of ICOs
An initial coin offering (ICO) is the exchange of funds for the promise of a digital token
for the future delivery, typically the development, of an application on which the token
will be useful. It is often the software developers that are issuing the ICO (Zuluaga,
2018). ICOs are similar to initial public offerings (IPOs), where a company’s stock is
given in exchange for venture funding. Many new and established companies have
begun exploring ICOs as an alternative form of raising venture capital (Araya, 2018).
ICOs have presented challenges to three well-entrenched sectors: venture capital, public finance, and entrepreneurship (Mougayar, 2018).
Need for Regulations
ICOs versus IPOs
The challenge with ICOs in many countries is that it gives the appearance of going
around the regulations that have been in place for IPOs. ICOs satisfy the need for a low
amount of seed funding without offering the due diligence, regulatory requirements,
time, or fiduciary permissions a traditional IPO would require (Reese, 2018). The result,
however, has been a high level of fraud. China claims that the possibility of scammers
using ICOs to defraud investors is the primary reason the nation moved to ban the creation or selling of them in their country. Meanwhile, the United States Security and
Exchange Commission (SEC) has issued an alert indicating that companies may be
engaging in schemes that artificially inflate the price of tokens through false and misleading positive statements in order to then sell the tokens, which had been purchased
at a low price, at a much higher price (Reese, 2018).
Protecting investors
Regulators are concerned with the many risk factors to investors that are associated
with ICOs. Some of these are listed below.
•
•
•
•
•
Unlike shareholders who have obtained stock in an IPO and can vote for or against
directors, ICO investors do not have any control over the ICO originators.
A lack of mandatory disclosures for ICOs often results in irregular or no disclosures
as time passes, demonstrating a lack of transparency in the ICO.
Originators can alter the smart contract to change ICO sales rules mid-course during
an ICO.
ICO investors have no preemptive rights or other anti-dilution protections. If the ICO
originators decide to issue more tokens to additional investors, the investment by
current ICO investors may be diluted.
Token holders typically do not receive a liquidity preference that would protect
them in the case of bankruptcy or termination of the platform in which they invested. In cases of bankruptcy, token holders have no recourse after the debt holders
and outside creditors are satisfied with the liquidation value of the entity (Kaal,
2018).
www.iubh.de
194
Unit 8
Classification
There is an uncertainty among government regulators as to how to classify ICOs, which
causes uncertainty in how to govern and tax them (Araya, 2018). If the ICO relates to
property transfers to fiat currencies, these ICOs may be dealing with assets that fall into
the regulations required of securities (Reese, 2018).
The challenge for both regulators and entrepreneurs is that some of the tokens have a
dual nature: They’re both consumptive because they grant access to a technology service, and, at the same time, provide an investment opportunity for investors. There is a
gap in the classification of tokens that have a strong utility and consumptive value
because they do not fully fit the definition of “investment contract” under the SEC’s
Howey Test or its international equivalents (Chester, 2018). The Howey Test determines
that a transaction represents an investment contract if someone invests their money in
a common enterprise and is led to expect profit that is made by the efforts of a third
party (Reiff, 2020a).
Funding illegal activities
Another key concern for regulators is eliminating the use of ICOs to fund blockchains
that enable the funding of illegal activities such as money-laundering and terrorism
(Araya, 2018).
General Country Direction
Many countries are reviewing and proposing changes to regulations that will codify
adherence to anti-money laundering/know your customer (AML/KYC) practices into law
for ICOs and to require additional oversight, such as registrations and disclosure statements (Reese, 2018).
Although some progress is being made, the complication is that the blockchain ecosystem is worldwide, yet governments around the world hold widely divergent views on
regulation. Put simply, there are three positions held by countries.
1. Closed to ICOs, such as China
2. Open and strict, such as the United States
3. Open and liberal, such as Switzerland
In the open countries, the priority is to address the need for regulations, combatting
fraud and illegal activities, while enabling legitimate businesses to have a platform for
growth (Araya, 2018).
Regulations by Country
The following is a summary of regulations specific to ICOs by country.
www.iubh.de
Unit 8
195
Legal Aspects
Summary of Regulations by Country
Country
Generalized
Approach
Details
EU
Allowed/subject to
future regulations
ICOs are allowed, given that they are in
adherence to anti-money laundering/know
your customer (AML/KYC) policies and to
required business regulations and licenses,
per the ICO’s business function.
Canada
Allowed
The Canadian Securities Administrators
have ruled that ICOs are securities, subject
to regulations on a case-by-case basis. The
Canadian authorities have developed a
“regulatory sandbox” for the purpose of regulating fintech projects that would not normally fit in the national regulatory scheme,
such as ICOs.
China
Banned
ICOs are banned for all businesses and
individuals by order of the People’s Bank of
China. Chinese ICOs that have completed
their funding cycles have been requested to
refund any altcoins raised.
Estonia
Allowed
Estonia is currently considering starting its
own ICO to raise funds. However, the Eurozone rule on nation states not having their
own currencies continues to split opinions
about the possibility of this happening.
Germany
Allowed
Germany has no specific regulations for
ICOs, but expects ICOs to adhere to existing
regulations, including those encapsulated
in the Banking Act, Investment Act, Securities Trading Act, Payment Services Supervision Act, and Prospectus Acts.
Japan
Allowed, subject to
future regulations
Russia
Allowed, heavily
regulated
www.iubh.de
196
www.iubh.de
Unit 8
Country
Generalized
Approach
Details
Switzerland
Allowed, subject to
future regulations
Recent attempts to regulate ICOs have
failed, but the need to codify protections
may reignite the regulation efforts. The
Swiss Financial Market Supervisory Authority (FANMA) has started to examine ICOs for
possible breaches of securities laws, which
may be the first signs of a new wave of
campaigning for regulatory oversight. Regulations are not thought, however, to be able
to stop the current momentum to incorporate ICOs into Swiss culture. Switzerland
(FINMA) treats ICOs differently, depending
on the functionality of token (lending-utility/supporting or donating/charity character of tokens) and provides feedback on
specific requests about ICOs on a case-bycase basis. No regulations or investor protection around ICOs have been officially
announced.
UK
Allowed, subject to
future regulations
Like most other nations, the UK has issued
an investor warning on the unregulated
nature of ICOs. The Financial Conduct
Authority argues that even if the ICO is acting in good faith, investors still stand a
good chance of losing their entire investment.
Unit 8
197
Legal Aspects
Country
Generalized
Approach
Details
US
Allowed, but heavily regulated
ICO rules vary widely from state to state,
from no regulations at all in some states to
regulations requiring deposits that are
equal to, or in excess of, all local transactions, to regulations requiring a license for
businesses to engage in altcoin activities.
On the federal level, there are no current
regulations banning ICOs specifically,
although ICOs are expected to be registered
and licensed the same as if they were not
ICOs. This includes registering with the SEC
if the ICO is to sell or trade securities. The
SEC has recently found that some altcoins
may be securities, and as such, may be subject to the SEC’s ruling in the future. Some
SEC commissioners hold the position that
most ICOs are securities and should be
treated as such. ICOs are expected to
adhere to AML/KYC practices. Failure to
adhere to these practices may leave an ICO
open to legal action or possible seizure.
The United States has also moved to recognize celebrity endorsements of ICOs to be
illegal unless all compensation involved is
disclosed.
Risks of regulation
ICOs have democratized access to capital funding for small start-ups. Overregulation
has the potential to discourage risk-taking which could result in undermining this
grass-roots innovation. The birth of ICOs presents an opportunity for a different mechanism of regulation that enables ICOs to successfully raise funds for growth while providing investors with a reasonable expectation of protection and providing the general
public with an assurance of legal activities (Araya, 2018).
8.4 Data Protection/Privacy in Blockchains
Data privacy is the capability to choose whether information is disclosed to others and
to determine how it is used. The highest degree of privacy of an element of information
is when an owner has complete control over the dissemination of the data and complete control over its use for the life of the data (Snyder, 2019).
www.iubh.de
198
Unit 8
Data security includes the mechanisms used to insure the confidentiality, integrity, and
availability of information. The highest level of security would guarantee that information is only disclosed to those who should access it, its integrity would be insured at all
times, and the information would be available to be used as defined by the owner
(Snyder, 2019).
Summary of Blockchain Data Concepts
As defined by the National Institute of Standards and Technology, “Blockchains are
tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a
bank, company, or government)” (Yaga et al., 2018).
Data on a blockchain has the characteristics described below.
Pseudonymous
Identity on the blockchain is pseudonymous as a user’s pseudonym is their public
address rather than standard identification data of name, address, phone number, etc.
The complicated public address masks the user’s identity. A user who uses the same
public address, however, makes it possible to link their transactional activity together. It
is recommended that each transaction uses a new address to avoid the linkage of
transactions to a common owner.
Immutability
Blockchain boasts an immutable ledger, meaning that the blockchain demonstrates the
following:
•
•
Tamper evidence: Each participant has the ability to detect non-consensual changes
to transactions.
Tamper resistant: Enforces barriers to resist changes to historical transactions.
Challenges
Data privacy and confidentiality are not met because each node has access to the
blockchain transaction data, the blockchain is publicly available, and every transaction
can be traced to the genesis block. The public availability of the blockchain and the
pseudonymity of the transactions results in minimal privacy protection (Snyder, 2019).
Many concerns are raised, including the following:
•
•
www.iubh.de
What are the roles and responsibilities of each of the parties?
◦ Who is the person or agency that determines the purposes and means of processing of personal data (data controller) on the blockchain?
◦ Who is the person or agency that processes personal data on behalf of the controller (data processors) on the blockchain?
How can privacy compliance principles, such as the principle of data minimization,
be complied with?
Unit 8
199
Legal Aspects
•
•
How can privacy rights, such as the right to be forgotten, be enforced?
What data recorded on a blockchain is considered personal data (Coraggio, 2019)?
The integrity of blockchain data is questionable. Certainly the transaction was valid
when it was processed, however, integrity must also consider the validity of the transaction itself. This means protection against fraudulent or mistaken transactions, as well
as preventing inadvertent loss. Immutability provides no defense against fraud or mistake (Snyder, 2019).
GDPR
GDPR is EU’s General Data Protection Regulation and is applicable in all member states.
The GDPR applies only to personal data.
GDPR definitions
To better understand the regulations as specified in the GDPR, it is necessary to have a
baseline of definitions.
Personal data is defined as any information relating directly or indirectly to a living natural person, whether it actually identifies them or makes them identifiable (Maxwell &
Salmon, 2018).
Processing is any operation or set of operations performed upon personal data, for
example, the collection, recording, organization, structuring, storage, adaptation, and/or
alteration of data (Maxwell & Salmon, 2018).
The data controller is the person or entity that determines the purposes for which, and
the manner in which, personal data is processed (Maxwell & Salmon, 2018).
The data processor is the person or entity that processes personal data, carrying out
processing based on the instructions of the data controller (Maxwell & Salmon, 2018).
GDPR details
The GDPR applies to all personal data held about citizens of the EU, wherever in the
world that data is stored. Individuals have the right to see the data that companies
capture about them and the right to request deletion of personal data under certain
circumstances (Emmadi & Narumanchi, 2019).
GDPR’s privacy by design principle means data protection needs to be through technology design. Systems used to capture and store personal data must be built to ensure
the privacy of the people whose data they process. This requirement applies to blockchains as it does to all other business systems (Emmadi & Narumanchi, 2019).
www.iubh.de
200
Unit 8
GDPR requires that data collected on individuals must be relevant to the purpose being
collected and cannot be stored for longer than necessary. The emphasis under GDPR is
data minimization, in terms of both of the volume of data stored on individuals and
the length for which it is retained. Article 5 (3) of the GDPR states that personal data
shall only be kept for the purposes for which it is being processed (McElhill, 2017).
GDPR and blockchain data challenges
GDPR requires every organization that handles personal data to identify a data controller who is accountable for compliance with the GDPR. Potentially every node in a blockchain ecosystem that holds data of EU citizens is a data controller and is responsible
for compliance with the regulation (Emmadi & Narumanchi, 2019).
While pseudonymization may help obfuscate data, it does not render the subject data
nonpersonal. Because GDPR applies to personal data that might be linked, directly or
indirectly, with the individual, the features of blockchain may prove insufficient due to
the risk of reidentification (Cutler et al., 2019).
The immutable characteristic of blockchain presents challenges when posed with the
individual’s right to erasure and correction requests. Technically, the ability to provide a
perpetual erasure of blocks in a blockchain is contrary to the design of the blockchain.
Erasure of one block would break the hash computations that are brought forward
through all following blocks while modification to one block would require a re-computation of all following blocks.
Methods to delete data from a blockchain are not available, but this may change.
Franks (2019) posed several solutions to this dilemma.
1. Exemption: Should personal data stored on a blockchain be exempt?
2. Deletion of the private key: This is a technical means to render encrypted data
unusable by deleting the keyed hash function’s secret key. This will make it impossible to prove/verify which information was hashed; however, it may not satisfy the
requirements of the legislation.
3. An editable blockchain: In 2016, Accenture was awarded a patent for an editable
blockchain for enterprise use. While geared to permissioned (privately controlled)
blockchains, this option could allow organizations to alter data in the event of
errors or fraud, and possibly to respond to requests to erase private information.
Storage of data for only as long as is necessary is yet another challenge. Blockchain
data is stored permanently. Removing all evidence of a person’s transactions would
destroy the integrity of a blockchain and falsify the record. Potentially, personal data
can be archived or deleted by using off-chain storage mechanisms to store the personal data while writing a hash of the data onto the blockchain. The hash would be a
pointer to the off-chain personal data. This would preserve the integrity of the blockchain but ensure that the personal data is no longer present on the blockchain
(Emmadi & Narumanchi, 2019). GDPR requirements could then be implemented on the
off-chain personal data.
www.iubh.de
Unit 8
201
Legal Aspects
As a general set of regulations, the GDPR regulations extend far beyond the member
countries of the EU because of the following reasons:
1. A non-EU business needs to comply with GDPR if it monitors the behavior of EU residents or offers them goods and services.
2. The GDPR requires data controllers to notify a data breach to the supervisory
authority within 72 hours.
3. The sanctions for a breach are higher than €20 million, or up to 4 percent of an
organization’s total worldwide annual turnover of the preceding financial year (Yates
& Chan, 2018).
Other jurisdictions around the world are also tightening up their data protection regulations. China introduced cybersecurity laws in June 2017 in which many provisions mirror those in the GDPR. In the wider Asia-Pacific region, mandatory data breach reporting has also been introduced in South Korea, Taiwan, the Philippines, Indonesia, and
Australia (Yates & Chain, 2018).
United States
The United States does not have a single data protection regulation. Many laws are
enacted at the federal and state levels, many of which are specific to industries such as
financial services, healthcare, and more. For example, the Federal Trade Commission Act
enforces actions against companies for failing to comply with their own posted privacy
policies and for disclosing personal data without authorization. A second example is
the Health Insurance Portability and Accountability Act (HIPAA) which regulates medical
information by healthcare providers, data processors, and pharmacies that handle the
information (Franks, 2019).
The California Consumer Privacy Act (CCPA), passed into California law in June 2018, is
the strongest data privacy legislation enacted in the United States and it also mirrors
the GDPR. The CCPA requires businesses to disclose the purpose for the information
collected, gives consumers the right to ask businesses for the types and categories of
personal data being collected, and gives consumers the right to request the deletion of
their personal data (Franks, 2019).
However, like the GDPR, the CCPA presumes a traditional data model, making it difficult
to implement and enforce in a decentralized data model. Like the GDPR, the CCPA
aligns philosophically with many of the tenets of blockchain technology (i.e., data
integrity, cybersecurity, and transparency). However, inherent features of blockchain
technologies can pose compliance challenges; specifically, the decentralized, worldwide
ecosystem and the immutability of data on the blockchain (Cutler et al., 2019).
Unlike the GDPR, the CCPA limits its regulations to businesses, which are defined as any
for-profit company doing business in California that collects personal information and
satisfies at least one of the following thresholds:
www.iubh.de
202
Unit 8
1. Receives an annual gross revenue in excess of $25 million.
2. Annually buys, sells, or, for commercial purposes, receives or shares personal information of at least 50,000 California consumers, households, or devices.
3. Derives 50 percent or more of its annual revenue from “selling” California consumer
personal information (Cutler et al., 2019).
The term “doing business” is undefined by the statute and could include a blockchain
ecosystem with nodes in California or nodes that collect data from Californian consumers (Cutler et al., 2019).
The second criteria for the CCPA threshold test brings into question whether nodes
functioning in California are considered to be “sharing” personal information, as all
nodes would maintain a copy of the ledger.
The third criteria for the CCPA threshold raises the possibility that blockchain companies could be considered to be “selling” personal information simply by hosting and
operating a blockchain platform through which people and entities can exchange personal information — particularly if the blockchain company charges a fee to access the
blockchain or derives other valuable consideration from the hosting and operating of a
platform that facilitates personal information exchange (Cutler et al., 2019).
The Future of Data Protection on the Blockchain
Dr. Michele Finck (2019), author of a study for the European Panel for the Future of Science and Technology, offered additional thoughts which include:
•
•
the need to create a clear regulatory framework that is consistent no matter what
the technological platform, whether centralized or decentralized, and
use of private, or enterprise blockchains, which will have a central or limited group
of data controllers and can control the extent to which data can be deleted from the
blockchain.
Summary
After ten years, the blockchain ecosystem as a whole continues to refine itself. The
basic premise of blockchain is that of a decentralized system, not controlled by the
government. However, in order to operate within the financial and legal systems at
large, a number of legal and regulatory concerns need to be addressed.
Smart contracts need to assure users of service levels and performance. Regulations are needed to provide this assurance without stifling the growth of this platform.
www.iubh.de
Unit 8
203
Legal Aspects
Cryptocurrencies and fiat money have a number of differences that demand regulations that protect investors. However, once again, stiff regulations can impact innovation and cause a departure of both the currencies and the intellect that are
growing the platform.
To encourage more investment in blockchain growth, ICOs, the IPOs of blockchain,
would benefit from the protection of regulations.
Finally, a balance needs to be struck conerning the privacy of data on the blockchain. The inherent design of blockchain assures data protection qualities that,
although not consistent in definition with data standards placed on centralized
data, they may potentially be sufficient. This is an area that requires an understanding of the differences between decentralized and centralized systems and the
protection mechanisms that best serve the consumers.
Knowledge Check
Did you understand this unit?
You can check your understanding by completing the questions for this unit on the
learning platform.
Good luck!
www.iubh.de
Evaluation
205
Congratulations!
You have now completed the course. After you have completed the knowledge tests on
the learning platform, please carry out the evaluation for this course. You will then be
eligible to complete your final assessment. Good luck!
www.iubh.de
Appendix 1
List of References
208
Appendix 1
List of References
ACT IAC. (n.d.). Blockchain playbook online — beta: Phase 3 — technology selection. ACTIAC. https://blockchain-working-group.github.io/blockchain-playbook/phases/3/
Agarwal, A. (2019, April 2). Top 10 Tron DApps that are ruling the DApp ecosystem. CoinGape. https://coingape.com/top-10-tron-dapps/
Agrawal, H. (2019a, August 6). Top 6 biggest bitcoin hacks ever. Coinsutra. https://coinsutra.com/biggest-bitcoin-hacks/
Agrawal, H. (2019b, September 6). What are DApps (decentralized applications)? The
beginner’s guide. Coinsutra. https://coinsutra.com/dapps-decentralized-applications/
Antonopoulos, A. (2014). Mastering bitcoin. O'Reilly. https://www.oreilly.com/library/
view/mastering-bitcoin/9781491902639/ch07.html
Araya, D. (2018, October 10). The future of cryptocurrency regulation. Brookings. https://
www.brookings.edu/blog/techtank/2018/10/10/the-future-of-cryptocurrency-regulation/
Asia Blockchain Review. (2019, July 25). ICO investment: Fending off fraud, sidestepping
scams. https://www.asiablockchainreview.com/ico-investment-fending-off-fraud-sidestepping-scams/
Asolo, B. (2018, December 18). Litecoin scrypt algorithm explained. Mycrptopedia.
https://www.mycryptopedia.com/litecoin-scrypt-algorithm-explained/
Associated Press. (2019, May 3). Germany arrests 3 in ‘Wall Street market’ darknet probe.
New York Post. https://nypost.com/2019/05/03/germany-arrests-3-in-wall-street-market-darknet-probe/
Avan-Nomayo, O. (2019, October 12). Pushing for crypto self-regulation amid tightening
government scrutiny. Cointelegraph. https://cointelegraph.com/news/pushing-forcrypto-self-regulation-amid-tightening-government-scrutiny
Aziz. (n.d.). Guide to consensus algorithms: What is consensus mechanism? Master The
Crypto. https://masterthecrypto.com/guide-to-consensus-algorithms-what-is-consensus-mechanism/
Bains, P. (2018, October 30). Blockchain-as-a-service (BaaS) faces a big data challenge.
Information
Age.
https://www.information-age.com/blockchain-as-a-servicebaas-123476014/#
Baldwin, J. (2018). In digital we trust: Bitcoin discourse, digital currencies, and decentralized network fetishism. Palgrave Communications, 4(14), 1—10. https://doi.org/10.1057/
s41599-018-0065-0
www.iubh.de
Appendix 1
209
List of References
Bakx, K. (2018, September 24). Bitcoin mining uses so much electricity that 1 city could
curtail facility’s power during heat waves. CBS News Business. https://www.cbc.ca/
news/business/hut8-medicine-hat-bitcoin-mining-1.4834027
Basu, M. (2016, March 6). Estonia using blockchain to secure health records. GovInsider.
https://govinsider.asia/innovation/estonia-using-blockchain-to-secure-healthrecords/
Baumert, M., Ciach, S., & Gałka, P. (2019, May 1). Blockchain consortia: A legal roadmap to
a dynamically changing regulatory landscape in the US and the EU. Barnes & Thornburg LLP. https://btlaw.com/insights/news/2019/blockchain-consortia-a-legal-roadmap-to-a-dynamically-changing-regulatory-landscape
Beigel, O. (2019, December 11). Bitcoin historical price & events. 99 Bitcoins. https://
99bitcoins.com/bitcoin/historical-price/
Bhardwaj, C. (2018, June 18). What are smart contracts: Advantages, limitations, and use
cases. Appinventiv. https://appinventiv.com/blog/smart-contract-guide/
Billfodl. (n.d.). Bitcoin transaction fees. https://billfodl.com/pages/bitcoinfees
Birch, J. (2019). Crypto, cash, and drugs: Crypto use grows as drug trade digitalizes. Cointelegraph. https://cointelegraph.com/news/crypto-cash-and-drugs-crypto-use-growsas-drug-trade-digitalizes
Bitcoin. (n.d.). Frequently asked questions. https://bitcoin.org/en/faq
Bitcoin.com. (n.d.). Markets.
markets.bitcoin.com/
Retrieved
September
4,
2019,
from
https://
Blockchain. (2017, December 20). BTC/transaction. https://www.blockchain.com/btc/tx/
717e4d969a2241065afe896986bf2b481ab5059d3dba901dc0c0f1feca796524
Blockchain. (2019, August 27). BTC/block. https://www.blockchain.com/btc/block/
00000000000000000002e19f31933bdb6dcb8722abcb4bae282ed08f6c8fd14f
Blockchain applications in healthcare. (2019). Blockchain technologies. https://
www.blockchaintechnologies.com/applications/healthcare/
Bloomenthal, A. (2020, January 12). What determines the price of 1 bitcoin? Investopedia.
https://www.investopedia.com/tech/what-determines-value-1-bitcoin/
Boddy, M. (2019, June 12). DOrg LLC purports to be first legally valid DAO under US law.
Cointelegraph.
https://cointelegraph.com/news/dorg-llc-purports-to-be-first-legallyvalid-dao-under-us-law
www.iubh.de
210
Appendix 1
Brown, C. (2016, June 18). Why build decentralized applications: Understanding DApps.
Due.
https://due.com/blog/why-build-decentralized-applications-understandingdapps/
Browne, R. (2018, April 12). Santander launches a blockchain-based foreign exchange
service that uses Ripple’s technology. CNBC. https://www.cnbc.com/2018/04/12/
santander-launches-blockchain-based-foreign-exchange-using-ripple-tech.html
Buck, O. (2018, November 9). The staggering environmental cost of blockchain. Modern
Consensus.
https://modernconsensus.com/cryptocurrencies/bitcoin/the-staggeringenvironmental-cost-of-blockchain/
Butcher, J. R., Blakey, C. M., & Hastings, P. (2019). Cybersecurity tech basics: Blockchain
technology cyber risks and issues: Overview [Practice Note]. Practical Law. https://
www.steptoe.com/images/content/1/8/v2/189187/Cybersecurity-Tech-Basics-Blockchain-Technology-Cyber-Risks-and.pdf
Buterin, V. (2015, November 15). Merkling in Ethereum. Ethereum. https://blog.ethereum.org/2015/11/15/merkling-in-ethereum/
Buttice, C. (2019, January 14). Is blockchain good or bad for the environment? Techopedia.
https://www.techopedia.com/is-blockchain-good-or-bad-for-theenvironment/2/33624
Canellis, D. (2018, October 8). Research: China has the power to destroy bitcoin. TNW.
https://thenextweb.com/hardfork/2018/10/08/china-means-intent-destroy-bitcoin/
CBInsights. (2019). How blockchain could disrupt insurance. https://www.cbinsights.com/research/blockchain-insurance-disruption/
Casey, M., & Forde, B. (2016, January 5). How the blockchain will enable self-service government. Wired. https://www.wired.co.uk/article/blockchain-is-the-new-signature
Chandler, S. (2018, July 9). Bitcoin vs altcoins: Which cryptocurrency is the most usable
as money? Cointelegraph. https://cointelegraph.com/news/bitcoin-vs-altcoins-whichcryptocurrency-is-the-most-usable-as-money
Chargebacks.com. (n.d.). Understanding tokenization and fraud prevention. https://
chargebacks.com/understanding-tokenization-fraud-prevention/
Cheng, B., Weaver, J., & Weaver, J. F. (2018, December 21). When blockchain meets data
privacy and security: How the paradigm is shifting as regulations and the technology
evolve. NH Business Review. https://www.nhbr.com/when-blockchain-meets-data-privacy-and-security/
Chester, J. (2018, April 9). What you need to know about initial coin offering regulations.
Forbes. https://www.forbes.com/sites/jonathanchester/2018/04/09/what-you-need-toknow-about-initial-coin-offering-regulations/#7f5702332f13
www.iubh.de
Appendix 1
211
List of References
Chu, J. (2016, March 3). The beginning of the end for encryption schemes? MIT News.
http://news.mit.edu/2016/quantum-computer-end-encryption-schemes-0303
Consensys. (n.d.-a). Blockchain in energy and sustainability. https://consensys.net/
enterprise-ethereum/use-cases/energy-and-sustainability/
Consensys. (n.d.-b). Blockchain in government and the public sector. https://consensys.net/enterprise-ethereum/use-cases/government-and-the-public-sector/
Consensys. (2019, April 4). Building blockchain for government: Why governments need
blockchain.
https://media.consensys.net/building-blockchain-for-government-whygovernments-need-blockchain-9691d1e21e3d
Cook, S. (2019, September 5). OpenLaw to unveil the first for-profit DAO “The LAO” for
funding blockchain projects and start-ups. CryptoNewsZ. https://www.cryptonewsz.com/openlaw-to-unveil-the-first-for-profit-dao-the-lao-for-funding-blockchainprojects-and-start-ups/40619/
Coraggio, G. (2019, September 3). Legal issues of blockchain and how to deal with them.
Technology’s Legal Edge. https://www.technologyslegaledge.com/2019/09/legal-issuesblockchain/#page=1
Cox, L. (2019, May 28). Blockchain and sustainability: A blessing or a curse? DisruptionHub. https://disruptionhub.com/blockchain-sustainability-blessing-or-curse/
Cuen, L. (2019, April 5). Tron DApps saw $1.6 billion in volume in Q1 2019, driven by gambling. Coindesk. https://www.coindesk.com/tron-dapps-saw-1-6-billion-in-volume-inq1-2019-driven-by-gambling
Cuthbertson, A. (2019, May 21). Bitcoin price explained: How a single trade crashed the
cryptocurrency market. The Independent. https://www.independent.co.uk/life-style/
gadgets-and-tech/news/bitcoin-price-explained-usd-latest-value-market-todaya8921806.html
Cutler, J., Ho, C., Mourlam, A. C., Gatto, M., & Percival, T. (2019, August 17). Reconciling
blockchain technology with California consumer privacy act. Cointelegraph. https://
cointelegraph.com/news/reconciling-blockchain-technology-with-california-consumerprivacy-act
Daab. J. (2019, February 1). The environmental issues with blockchain. Magnani. https://
www.magnani.com/blog/blockchain
Dale, B. (2019, September 19). Everyone’s worst fears about EOS are proving true. Coindesk. https://www.coindesk.com/everyones-worst-fears-about-eos-are-proving-true
Daley, S. (2019, April 10). 17 blockchain companies boosting the real estate industry.
Builtin. https://builtin.com/blockchain/blockchain-real-estate-companies
www.iubh.de
212
Appendix 1
Daniel. (2018a, December 5). Proof of work blockchains: An overview for beginners.
Komodo. https://komodoplatform.com/proof-of-work/
Daniel. (2018b, August 14). Cryptographic hash functions explained: A beginner’s guide.
Komodo. https://komodoplatform.com/cryptographic-hash-function/
Davenport, K. (2018, April 11). How to deal with the growing blockchain ledger size in
containers. Portworx. https://portworx.com/deal-growing-blockchain-ledger-size-containers/
De Filippi, P., & Loveluck, B. (2016). The invisible politics of bitcoin: Governance crisis of
a decentralized infrastructure. Internet Policy Review, 5(3). http://doi.org/
10.14763/2016.3.427
Deloitte Development. (2018). Blockchain: A technical primer. https://
www2.deloitte.com/content/dam/insights/us/articles/4436_Blockchain-primer/
DI_Blockchain_Primer.pdf
DigiCash. (2019, December 20). In Wikipedia. https://en.wikipedia.org/wiki/DigiCash
Digiconomist. (n.d.). Bitcoin energy consumption index. https://digiconomist.net/
bitcoin-energy-consumption
Elliott. (2018, July 26). Vehicle passport: Industry’s first blockchain application for car
ownership and transfer of records. Coinmonks. https://medium.com/coinmonks/vehicle-passport-industrys-first-blockchain-application-for-car-ownership-and-transferof-3c748dbf090a
Emmadi, N., & Narumanchi, H. (2019, June 13). What you need to know about blockchain
and data protection law. #DigitalDirections. https://digitaldirections.com/what-youneed-to-know-about-blockchain-and-data-protection-law/
Ethereum. (2019, November 18). Ethereum cryptocurrency: Everything a beginner needs
to know. Coinsutra. https://coinsutra.com/ethereum-beginners-guide/
ExpressVPN. (2020, February 18). Protect your financial privacy with bitcoin: A comprehensive guide. https://www.expressvpn.com/internet-privacy/bitcoin-anonymity/
Federov, A., Kiktenko, E., & Lvovsky, A. (2018). Quantum computers put blockchain security at risk. Nature: International Journal of Science, 463, 465—467. https://
media.nature.com/original/magazine-assets/d41586-018-07449-z/d41586-018-07449z.pdf
Fenech, G. (2019, January 24). The privacy coin dilemma—What are the options on offer?
Forbes.
https://www.forbes.com/sites/geraldfenech/2019/01/24/the-privacy-coindilemma-what-are-the-options-on-offer/#5217d075707d
www.iubh.de
Appendix 1
213
List of References
Filipova, N. (2018). Blockchain — an opportunity for developing new business models.
Business Management / Biznes Upravlenie, (2), 75—92. https://dlib.uni-svishtov.bg/
bitstream/handle/10610/3902/3827872e00070a74964396467ad38140.pdf?
sequence=1&isAllowed=y
Finck, M. (2019, July). Blockchain and the general data protection regulation: Can distributed ledgers be squared with European data protection law? European Parliamentary
Research Service. https://doi.org/10.2861/535
Foley, S., Karlsen, J., & Putnins, T. (2018). Sex, drugs, and bitcoin: How much illegal activity is financed through cryptocurrencies? University of Oxford Faculty of Law. https://
doi.org/10.2139/ssrn.3102645
Frankenfield, J. (2019). Howey test. Investopedia. https://www.investopedia.com/
terms/h/howey-test.asp
Franks, P. C. (2019, August 27). Data privacy regulations versus blockchain technology.
Kmworld. https://www.kmworld.com/Articles/White-Paper/Article/Data-Privacy-Regulations-Versus-Blockchain-Technology-133764.aspx
Fruth, J. (2018, February 13). Crypto-clenasing: Strategies to fight digital currency money
laundering and sanctions evasion. Reuters. https://www.reuters.com/article/bc-finregaml-cryptocurrency/crypto-cleansing-strategies-to-fight-digital-currency-money-laundering-and-sanctions-evasion-idUSKCN1FX29I
Funderburk, K. (2019, July 31). Regulating cryptocurrency. The Regulatory Review. https://
www.theregreview.org/2019/07/31/funderburk-regulating-cryptocurrency/
Garner, B. (2018a, August 31). What’s a sybil attack & how do blockchains mitigate them?
Coincentral. https://coincentral.com/sybil-attack-blockchain/
Garner, B. (2018b, February 14). What is storj?: Beginner’s guide. Coincentral. https://
coincentral.com/storj-beginners-guide/
Giles, M. (2019, July 12). Explainer: What is post-quantum cryptography? MIT Technology
Review. https://www.technologyreview.com/s/613946/explainer-what-is-post-quantumcryptography/
Golumbia, D. (2017). The politics of bitcoin: Software as right-wing extremism. Journal of
Cultural Economy 10(2), 1—3. http://doi.org/10.1080/17530350.2017.1322997
Gopal, G., Martinez, A. G., & Rodriguez, J. M. (2018). Get smart with your contracts: Blockchain technology is enabling business value advancement in everything from manufactured goods to online music. ISE: Industrial & Systems Engineering at Work, 50(5), 26—
31.
www.iubh.de
214
Appendix 1
Gopie, N. (2018, July 2). What are smart contracts on blockchain? IBM Blockchain Blog.
https://www.ibm.com/blogs/blockchain/2018/07/what-are-smart-contracts-on-blockchain/
Goyal, S. (2018, August 9). The difference between fiat money and cryptocurrencies.
Yahoo Finance. https://finance.yahoo.com/news/difference-between-fiat-money-cryptocurrencies-132027811.html
Groombridge, D. (2019). Blockchain potential and pitfalls [video file]. Gartner. https://
www.gartner.com/en/webinars/3878710/blockchain-potential-and-pitfalls
Haber, S., & Stornetta, W. S. (1991). How to time-stamp a digital document. Journal of
Cryptology, 3(2), 99—111. https://doi.org/10.1007/BF00196791
Hagen, M. (2018, August 23). Blockchain is how we can protect our privacy in a world of
ubiquitous surveillance. Entrepreneur. https://www.entrepreneur.com/article/318027
Haley, C., & Whitaker, M. (2017, November 28). To blockchain or not to blockchain: It’s a
valid question. Forbes. https://www.forbes.com/sites/groupthink/2017/11/28/to-blockchain-or-not-to-blockchain-its-a-valid-question/#3d45ce4b229d
Harrison, K. (2018, March 21). Top 5 questions for choosing a blockchain technology. IBM.
https://www.ibm.com/blogs/blockchain/2018/03/top-5-questions-for-choosing-ablockchain-technology/
Hashed Health. (2019). The seven major consortia (in chronological order). https://
hashedhealth.com/consortia-july-2019-2/
Hintze, J. (2018, March 12). Blockchain may have weaknesses that proponents overlook.
Association for Financial Professionals. https://www.afponline.org/ideas-inspiration/
topics/articles/Details/blockchain-may-have-weaknesses-that-proponents-overlook
Hofer, L. (2019). Dag vs. blockchain: Technologies for different use cases. ICO.li. https://
www.ico.li/dag-vs-blockchain/
Howell, B. (2019). Artificially (or autonomously) intelligent institutions: Fact or fiction?
AEIdeas.
https://www.aei.org/technology-and-innovation/innovation/artificially-orautonomously-intelligent-institutions-fact-or-fiction/
Hu, Y., Liyanage, M., Mansoor, A., Thilakarathna, K., Jourjon, G., & Seneviratne, A. (2018).
Blockchain-based smart contracts - Applications and challenges. http://arxiv.org/abs/
1810.04699
Hyperledger. (n.d.). The Hyperledger greenhouse. https://www.hyperledger.org/
Hyperledger. (2018, November 30). Five hyperledger blockchain projects now in production.
https://www.hyperledger.org/blog/2018/11/30/six-hyperledger-blockchainprojects-now-in-production
www.iubh.de
Appendix 1
215
List of References
icao. (n.d.). Security [image file]. https://www.icao.int/Security/FAL/PKD/BVRT/PublishingImages/Pages/Basics/Basics%20Page%20_%20Image%201.png
Idris, U. A., Awwalu, J., & Kamil, B. (2016). User authentication in securing communication
using digital certificate and public key infrastructure. International Journal of Computer
Trends and Technology, 37(1), 22—25.
InfStones. (n.d.). The economics of EOS blockchain. https://infstones.io/the-economicsof-eos-blockchain/
Jawaheri, H. A., Sabah, M. A., Boshmaf, Y., & Erbad, A. (2018). Deanonymizing Tor hidden
service users through Bitcoin transactions analysis [working paper]. http://
arxiv.org/abs/1801.07501
Jenks, T. (n.d.). Using blockchain technology in your project: The ultimate guide to building a blockchain application. Very. https://www.verypossible.com/using-blockchaintechnology-in-your-project
Joshi, N. (2018, March 19). Blockchain and the food industry. BBN Times. https://
www.bbntimes.com/en/technology/blockchain-in-the-food-industry
Kaal, W. (2018, June 23). Initial coin offerings: The top 25 jurisdictions and their comparative regulatory responses (as of May 2018). Stanford Journal of Blockchain Law & Policy, 41—63. https://stanford-jblp.pubpub.org/pub/ico-comparative-reg
Kaiser, B., Jurado, M., & Ledger, A. (2018). The looming threat of China: An analysis of Chinese influence on Bitcoin.
Kansal, S. (2018, December 26). Blockchain scalability: Challenges and recent developments. Arc. https://www.codementor.io/blog/blockchain-scalability-5rs5ra8eej
Kashyap, R. (2019, March 26). How do I select a blockchain platform? Medium — The
Startup.
https://medium.com/swlh/how-do-i-select-a-blockchain-platformd7e0dd5a27ad
Kaushal, M. & Tyle, S. (2015, January 13). The blockchain: What it is and why it matters.
https://www.brookings.edu/blog/techtank/2015/01/13/the-blockchain-what-it-is-andwhy-it-matters/?utm_source=blockchainbeach&utm_medium=article
Kehoe, L., Verbeeten, D. & McGrath, S. (2019). Blockchain and insurance: New technology,
new opportunities. ConsenSys Insights. https://pages.consensys.net/blockchain-insurance
Kelly-Pitou, K. (2018, August 20). Stop worrying about how much energy bitcoin uses.
CBS News. https://www.cbsnews.com/news/stop-worrying-about-how-much-energybitcoin-uses/
www.iubh.de
216
Appendix 1
Kenton, W. (2019, April 9). Neoliberalism. Investopedia Government & Policy. https://
www.investopedia.com/terms/n/neoliberalism.asp
Khaleelkazi. (2017). What is dag technology? An alternative ledger system for cryptocurrencies|coinpickings podcast #2. Steemit. https://steemit.com/steem/@khaleelkazi/
what-is-dag-technology-an-alternative-ledger-system-for-cryptocurrencies-or-coinpickings-podcast-2
Kim, C. (2019, September 29). New interest in DAOs prompts old question: Are they legal?
Coindesk. https://www.coindesk.com/new-interest-in-daos-prompts-old-question-arethey-legal
Kuhar, L. (2019, February 4). Economy of (mis)trust: The case of bitcoin. Eurozine. https://
www.eurozine.com/economy-mistrust-case-bitcoin/
Kuhrt, T. (2019, March 22). Project lifecycle. Hyperledger. https://wiki.hyperledger.org/
display/TSC/Project+Lifecycle
Kuo, T., Rojas, H. Z., & Ohno-Machado, L. (2019). Comparison of blockchain platforms: A
systematic review and healthcare examples, Journal of the American Medical Informatics Association, 26(5), 462—478. https://doi.org/10.1093/jamia/ocy185
Kuskowski, P. (2018, August 1). Why regulating cryptocurrencies as securities would stifle
growth. Forbes. https://www.forbes.com/sites/pawelkuskowski/2018/08/01/why-regulating-cryptocurrencies-as-securities-would-stifle-growth/#399959ed242b
Lai, V. & O'Day, K. (2018a, October 18). What is practical byzantine fault tolerance (PBFT)?
CrushCrypto. https://crushcrypto.com/what-is-practical-byzantine-fault-tolerance/
Lai, V. & O'Day, K. (2018b, December 19). Introduction to cryptography in blockchain
technology. CrushCrypto. https://crushcrypto.com/cryptography-in-blockchain/
Lamport, L., Shostak, R., & Pease, M. (1982). The byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3), 382—401. http://doi.org/
10.1145/357172.357176
Lee, S. (2018, July 10). Blockchain smart contracts: More trouble than they are worth?
Forbes. https://www.forbes.com/sites/shermanlee/2018/07/10/blockchain-smart-contracts-more-trouble-than-they-are-worth/#45c588c923a6
Leising, M. (2019, January 17). Blockchain startup aims to cut out Equifax from loan process. Bloomberg. https://www.bloomberg.com/news/articles/2019-01-17/spring-labsnabs-lenders-to-test-peer-to-peer-credit-sharing
Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q. (2018, March 6). A survey on the security of blockchain systems. Cornell University. https://arxiv.org/abs/1802.06993
www.iubh.de
Appendix 1
217
List of References
Library of Congress. (2019, August 16). Regulation of cryptocurrency around the world.
https://www.loc.gov/law/help/cryptocurrency/world-survey.php
Liebkind, J. (2019a, June 25). Bitcoin government regulations around the world. Investopedia. https://www.investopedia.com/news/bitcoin-government-regulations-aroundworld/
Liebkind, J. (2019b, June 25). How blockchain technology can prevent voter fraud. Investopedia. https://www.investopedia.com/news/how-blockchain-technology-can-preventvoter-fraud/
Liebkind, J. (2019c, June 25). DAOs, blockchain and the potential of ownerless business.
Investopedia.
https://www.investopedia.com/news/daos-and-potential-ownerlessbusiness/
Linnewiel, R. (2018, July 19). Trust in vehicle-to-vehicle communications depends on a
centralized blockchain. Medium — DAV. https://medium.com/davnetwork/trust-in-vehicle-to-vehicle-communications-depends-on-a-decentralized-blockchain-eed920f2bf9e
Linux.com Editorial Staff. (2019). Essential developer guide for building blockchain
applications using hyperledger sawtooth. Linux.com. https://www.linux.com/tutorials/
essential-developer-guide-for-building-blockchain-applications-using-hyperledgersawtooth/
Litsa, T. (2019, June 25). Facebook’s Libra: Concerns, interests, benefits, and experts’ reactions. ClickZ. https://www.clickz.com/facebooks-libra-concerns-interests-benefits-andexperts-reactions/246611/
Liu, L. (2019, September 23). An in-depth discussion on the investment logic of bitcoin.
Medium — Cryptocurrency. https://medium.com/@Louishliu/an-in-depth-discussionon-the-investment-logic-of-bitcoin-f0380e839cbc
Liu, S. (2019, October 1). Size of the Bitcoin blockchain from 2010 to 2019, by quarter. Statista. https://www.statista.com/statistics/647523/worldwide-bitcoin-blockchain-size/
Makadiya, A. (2018, February 11). Survey suggests cyber criminals prefer Litecoin and
Dash over bitcoin. Bitsonline. https://bitsonline.com/survey-cyber-criminals-litecoindash/
Malik, N. (2018, August 31). How criminals and terrorists use cryptocurrency: And how to
stop it. Forbes. https://www.forbes.com/sites/nikitamalik/2018/08/31/how-criminalsand-terrorists-use-cryptocurrency-and-how-to-stop-it/#6bc960f33990
Martucci, B. (n.d.). What is cryptocurrency — How it works, history & bitcoin alternatives.
Money Crashers. https://www.moneycrashers.com/cryptocurrency-history-bitcoin-alternatives/
www.iubh.de
218
Appendix 1
Marx, L. (2018, July 5). Storing data on the blockchain: The developers guide. Malcoded.
https://malcoded.com/posts/storing-data-blockchain/
Matzutt, R., Hiller, J., Henze, M., Ziegeldorf, J.H., Mullmann, D., Hohlfeld, O., & Wehrle, K.
(2018). A quantitative analysis of the impact of arbitrary blockchain content on bitcoin.
In Proceedings of the 22nd International Conference on Financial Cryptography and
Data Security 2018. https://www.researchgate.net/publication/321192957_A_Quantitative_Analysis_of_the_Impact_of_Arbitrary_Blockchain_Content_on_Bitcoin
Maurya, N. (2019, March 18). Top 10 EOS DApps that are keeping EOS in the DApp ecosystem race. CoinGape. https://coingape.com/top-10-eos-dapps/
Maxwell, W. & Salmon, J. (2018). A guide to blockchain and data protection. Hogan
Lovells. https://www.hoganlovells.com/en/news/a-guide-to-blockchain-and-data-protection
May, K. (2018). Blockchain issues: #1:Data storage. Medium. https://medium.com/
@Kyle.May/blockchain-issues-1-data-storage-40fb9812c9a2
McElhill, D. (2017). GDPR data retention quick guide. Data protection network. https://
www.dpnetwork.org.uk/gdpr-data-retention-guide/
McKinlay, J., Pithouse, D., McGonagle, J., & Sanders, J. (2018, February 2). Blockchain:
Background, challenges, and legal issues. DLA Piper. https://www.dlapiper.com/en/
oman/insights/publications/2017/06/blockchain-background-challenges-legal-issues/
Mearian, L. (2019a, November 11). Facebook’s Libra co-creator: Social, financial data will
remain separate. Computerworld. https://www.computerworld.com/article/3452672/
facebooks-libra-co-creator-social-financial-data-will-remain-separate.html
Mearian, L. (2019b, September 18). Why France and Germany fear Facebook’s cryptocurrency — and plan to block it. Computerworld. https://www.computerworld.com/article/
3439436/why-france-and-germany-fear-facebooks-cryptocurrency-and-plan-to-block-it
Merkle tree. (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Merkle_tree
Mitra, R. (2019a). What is Facebook Libra cryptocurrency? [The most comprehensive
guide] — part 1. Blockgeeks. https://blockgeeks.com/guides/understanding-facebookscryptocurrency-libra/
Mitra, R. (2019b). What is Facebook Libra cryptocurrency? [The most comprehensive
guide] — part 2. Blockgeeks. https://blockgeeks.com/guides/what-is-facebook-libracryptocurrency-the-most-comprehensive-guide-part-2/
Morris, N. (2019). Navigating blockchain’s legal potholes. Ledger Insights: Enterprise
blockchain news. https://www.ledgerinsights.com/navigating-blockchain-legal-potholes/
www.iubh.de
Appendix 1
219
List of References
Moskov, A. (2019, August 22). How blockchain can save our privacy before it disappears.
CoinCentral. https://coincentral.com/blockchain-and-privacy/
Mougayar, W. (2018, December 12). The future of ICOs: In the hands of regulators or innovators? Coindesk. https://www.coindesk.com/the-future-of-icos-in-the-hands-of-regulators-or-innovators
Mukherjee, S. (2018). Cognizant and Indian insurers jointly develop blockchain solution
for secure data sharing. Inc42. https://inc42.com/buzz/cognizant-insurers-blockchainsolution-data-sharing/
Naab, M., Plociennik K., & Schneider, J.C. (2019). Blockchain architecture design guidelines — Architecting blockchain-based applications. Fraunhofer. https://
blog.iese.fraunhofer.de/architecting-blockchain-based-applications-3-blockchain-architecture-design-guidelines/
Najera, J. (2018, October 13). Blockchain oracles: What they are and why they’re necessary. Medium. https://medium.com/@setzeus/blockchain-oracles-af3b216bed6b
Nakamoto, S. (2008, October 31). Bitcoin: A peer-to-peer electronic cash system. Satoshi
Nakamoto Institute. https://nakamotoinstitute.org/bitcoin/
Nakamoto, S. (2009, February 11). Bitcoin open source implementation of P2P currency.
P2P Foundation. http://p2pfoundation.ning.com/forum/topics/bitcoin-open-source
Nakamoto, S. (n.d.). Bitcoin: A peer-to-peer electronic cash system. Bitcoin. http://
www.bitcoin.org/bitcoin.pdf
Narayanan, A., Bonneau, J., Felten, E., Miller, A., & Goldfeder, S. (2016). Bitcoin and cryptocurrency technologies: A comprehensive introduction. Princeton University Press.Natoli,
C. & Gramoli, V. (2016). The balance attack against proof-of-work blockchains: The r3
testbed as an example. Cornell University. https://arxiv.org/abs/1612.09426
Ng, J. (2019). Voting on blockchain: How it works. Medium — Coinmonks. https://
medium.com/coinmonks/voting-on-a-blockchain-how-it-works-3bb41582f403
Noonan, L. (2018). Banks complete first syndicated loan on blockchain. Financial Times.
https://www.ft.com/content/2b12d338-e1d1-11e8-a6e5-792428919cee
Obie, S. J., & Rasmussen, M. W. (2018, July 17). How regulation could help cryptocurrencies grow. Harvard Business Review. https://hbr.org/2018/07/how-regulation-couldhelp-cryptocurrencies-grow
O’Donnell, J., & Wilson, T. (2019, June 21). Global money-laundering watchdog launches
crackdown on cryptocurrencies. Reuters. https://www.reuters.com/article/us-moneylaundering-crypto-fatf/global-money-laundering-watchdog-launches-crackdown-oncryptocurrencies-idUSKCN1TM1I8
www.iubh.de
220
Appendix 1
O’Neal, S. (2019, July 29). Differences between tokens, coins and virtual currencies,
explained. Cointelegraph. https://cointelegraph.com/explained/differences-betweentokens-coins-and-virtual-currencies-explained
OpenLaw. (2019). The era of legally compliant DAOs. Medium. https://medium.com/
@OpenLawOfficial/the-era-of-legally-compliant-daos-491edf88fed0
Orcutt, M. (2019, February 19). Once hailed as unhackable, blockchains are now getting
hacked. MIT Technology Review. https://www.technologyreview.com/s/612974/oncehailed-as-unhackable-blockchains-are-now-getting-hacked/
Osborne, C. (2018). These are the warning signs of a fraudulent ICO. ZDNet. https://
www.zdnet.com/article/here-are-the-warning-signs-of-a-fraudulent-ico/
Oza, H. (2018, November 17). How to easily select the right platform for blockchain app
development. Hyperlink InfoSystem. https://www.hyperlinkinfosystem.com/blog/howto-easily-select-the-right-platform-for-blockchain-app-development
Parker, E. (2019, September 18). In cryptocurrency, will Asia supass the US? Exclusive
interview with SEC commissioner Hester Peirce. LongHash. https://en.longhash.com/
news/in-cryptocurrency-will-asia-surpass-the-us-exclusive-interview-with-sec-commissioner-hester-peirce
Pollock, D. (2018a, December 13). Merging internet of things and blockchain in preparation for the future. Forbes. https://www.forbes.com/sites/darrynpollock/2018/12/13/
merging-internet-of-things-and-blockchain-in-preparation-for-the-future/
#300a509141fc
Pollock, D. (2018b, March 19). Crypto vs cash — How the numbers stack up on drugs,
guns, murders. Cointelegraph. https://cointelegraph.com/news/crypto-vs-cash-howthe-numbers-stack-up-on-drugs-guns-murders
Power Technology. (2017, April 11). The Brooklyn microgrid:blockchain-enabled community power. https://www.power-technology.com/digital-disruption/blockchain/featurethe-brooklyn-microgrid-blockchain-enabled-community-power-5783564/
Principles of Bitcoin.
ples_of_Bitcoin
(n.d.).
In
Bitcoin
Wiki.
https://en.bitcoin.it/wiki/Princi-
Privacy. (n.d.). In Merriam Webster.com dictionary. https://www.merriam-webster.com/
dictionary/privacy
Privacy Canada. (n.d.). Hash collision attack. https://privacycanada.net/hash-functions/
hash-collision-attack/
Public key infrastructure.
Public_key_infrastructure
www.iubh.de
(n.d.).
In
Wikipedia.
https://en.wikipedia.org/wiki/
Appendix 1
221
List of References
PWC. (2017, April 14). Blockchain is here. What's your next move? https://
www.pwc.com/gx/en/issues/blockchain/blockchain-in-business.html
Radix. (2018a, June 7). What is an eclipse attack? https://www.radixdlt.com/post/whatis-an-eclipse-attack/
Radix. (2018b, June 14). What is a double spend attack and how to prevent them?
https://www.radixdlt.com/post/what-is-a-double-spend-attack/
Rathore, A. (2019). How to develop a blockchain application — overview. NAPPD. https://
enappd.com/blog/how-to-develop-a-blockchain-application/4/
Ream, J., Chu, Y., & Schatsky, D. (2016, June 8). Upgrading blockchains: Smart contract use
cases in industry. Deloitte Insights. https://www2.deloitte.com/us/en/insights/focus/
signals-for-strategists/using-blockchain-for-smart-contracts.html
Reese, F. (2018, July 27). ICO regulations by country. Bitcoin Market Journal. https://
www.bitcoinmarketjournal.com/ico-regulations/
Reiff, N. (2019a). What is bitcoin gold, exactly? Investopedia. https://www.investopedia.com/tech/what-bitcoin-gold-exactly/
Reiff, N. (2019b). How to identify cryptocurrency and ICO scams. Investopedia. https://
www.investopedia.com/tech/how-identify-cryptocurrency-and-ico-scams/
Reiff, N. (2019c). What are the legal risks to cryptocurrency investors? Investopedia.
https://www.investopedia.com/tech/what-are-legal-risks-cryptocurrency-investors/
Reiff, N. (2020a). Bitcoin vs bitcoin cash: What is the difference? Investopedia. https://
www.investopedia.com/tech/bitcoin-vs-bitcoin-cash-whats-difference/
Reiff, N. (2020b). Bitcoin vs. Ripple: What’s the difference? Investopedia. https://
www.investopedia.com/tech/whats-difference-between-bitcoin-and-ripple/
Reiff, N. (2020c). Why bitcoin has a volatile value. Investopedia. https://www.investopedia.com/articles/investing/052014/why-bitcoins-value-so-volatile.asp
Roberts, J. J. (2019). Can blockchain solve the mess of medical records? IBM announces
tie-up with healthcare providers. Fortune. https://fortune.com/2019/01/24/ibm-blockchain-healthcare/
Romeo Ugarte, J. L. (2018, October 23). Distributed ledger technology (DLT): Introduction.
Banco de Espana. https://ssrn.com/abstract=3269731
Rosic, A. (n.d.-a). 17 blockchain applications that are transforming society. Blockgeeks.
https://blockgeeks.com/guides/blockchain-applications/
www.iubh.de
222
Appendix 1
Rosic, A. (n.d.-b). Cryptocurrency wallet guide: A step-by-step tutorial. Blockgeeks.
https://blockgeeks.com/guides/cryptocurrency-wallet-guide/
Rosic, A. (n.d.-c). What is ethereum gas? [The most comprehensive step-by-step guide
ever!]. Blockgeeks. https://blockgeeks.com/guides/ethereum-gas/
Rühl, G. (2019, January 23). The law applicable to smart contracts, or much ado about
nothing? University of Oxford Faculty of Law. https://www.law.ox.ac.uk/business-lawblog/blog/2019/01/law-applicable-smart-contracts-or-much-ado-about-nothing
Samuel, N. (2018). Decentralized applications: An introduction for developers. Skinny
Bottle Publishing.
Sayeed, S. & Marco-Gisbert, H. (2019, April 29). Assessing blockchain consensus and
security mechanisms against the 51% attack. MDPI: Applied Sciences. https://
www.mdpi.com/2076-3417/9/9/1788/pdf-vor
Sedgwick, K. (2018, August 29). 25% of all smart contracts contain critical bugs. Bitcoin.com. https://news.bitcoin.com/25-of-all-smart-contracts-contain-critical-bugs/
Sedgwick, K. (2019, September 22). What Google’s quantum breakthrough means for
blockchain cryptography. Bitcoin.com. https://news.bitcoin.com/what-googles-quantum-breakthrough-means-for-blockchain-cryptography/
Secure Hash Algorithms.
Secure_Hash_Algorithms.
(n.d.).
In
Wikipedia.
https://en.wikipedia.org/wiki/
Seth, P. (2018, June 13). An insight into hashing & digital signatures in blockchain. SYSTweak. https://blogs.systweak.com/an-insight-into-hashing-digital-signature-in-blockchain/
Seth, S. (2018). Public, private, permissioned blockchains compared. Investopedia.
https://www.investopedia.com/news/public-private-permissioned-blockchains-compared/
Shah, P. (2019, May 24). Part II: Designing smart contracts: Considerations involved.
Entrepreneur India. https://www.entrepreneur.com/article/334268
Sharma, A. (2019, April 2). Life cycle of smart contract development. QuillHash —
Medium.
https://medium.com/quillhash/life-cycle-of-smart-contract-development-8929fa073b7f
Sharma, R. (2019). Should cryptocurrency exchanges self-regulate? Investopedia.
https://www.investopedia.com/news/should-cryptocurrency-exchanges-selfregulatethemselves/
www.iubh.de
Appendix 1
223
List of References
Sheldon, R. (2019, September 5). How blockchain sharding solves the blockchain scalability issue. TechTarget. https://searchstorage.techtarget.com/tip/How-blockchainsharding-solves-the-blockchain-scalability-issue
Silver, S. (2019, April 17). Blockchain technology and ux principles. Key Lime Interactive.
https://info.keylimeinteractive.com/blockchain-technology-and-ux-principles
Sloan, K. (2018, April 21). 3 reasons cryptocurrency needs to be regulated. Due. https://
due.com/blog/cryptocurrency-needs-to-be-regulated/
Solidity. (n.d.). Solidity. https://solidity.readthedocs.io/en/latest/
Soska, K. & Christin, N. (2015, August 13). Measuring the longitudinal evolution of the
online anonymous marketplace ecosystem. In Proceedings of the 22nd USENIX Security
Symposium. Washington DC. 33—48. https://www.andrew.cmu.edu/user/nicolasc/publications/SC-USENIXSec15.pdf
Snyder, S. T. (2019, January 14). The privacy questions raised by blockchain. Bradley.
https://www.bradley.com/insights/publications/2019/01/the-privacy-questions-raisedby-blockchain
Stambolija, R. (2019, January 22). Healthcare on blockchain: Exploring the use cases.
Medium.
https://medium.com/mvp-workshop/healthcare-on-blockchain-exploringthe-use-cases-aea40190b26e
Strukhoff, R. & Gutierrez, C. (2017, March 15). Blockchain for trade finance: Real-time visibility and reduced fraud. Altoros. https://www.altoros.com/blog/blockchain-for-tradefinance-real-time-visibility-and-reduced-fraud/
Swish Team. (2019, January 4). The 5 best blockchain platforms for enterprises and what
makes them a good fit. Swish Labs — Medium. https://medium.com/swishlabs/the-5best-blockchain-platforms-for-enterprises-and-what-makes-them-a-goodfit-1b44a9be59d4
Szabo, N. (1997, September 1). Formalizing and securing relationships on public networks. First Monday, 2(9). https://doi.org/10.5210/fm.v2i9.548
Takyar, A. (2019). Top blockchain platforms of 2019. LeewayHertz. https://www.leewayhertz.com/blockchain-platforms-for-top-blockchain-companies/
Tang, G. Y. (2018, December 13). Building trusted supply chains in the chemical industry.
Blockchain institute — Medium. https://medium.com/deloitte-blockchain-institute/
building-trusted-supply-chains-in-the-chemical-industry-1dd113578838
Tang, G. Y. (2019, April 10). Blockchain in the seafood industry. Blockchain institute —
Medium.
https://medium.com/deloitte-blockchain-institute/blockchain-in-the-seafood-industry-29d8ae2370d3
www.iubh.de
224
Appendix 1
Tapscott, D. (2016). How the blockchain is changing money and business [transcript].
TED.
https://www.ted.com/talks/don_tapscott_how_the_blockchain_is_changing_money_and_business/transcript?language=en&source=post_page--------------------------Tatar, J. (2019). How blockchain technology can change how we vote. The balance.
https://www.thebalance.com/how-the-blockchain-will-change-how-we-vote-4012008
Thake, M. (2018, December 2). Blockchain vs. dag technology: A brief comparison.
Nakamo.to — Medium. https://medium.com/nakamo-to/blockchain-vs-dag-technology-1a406e6c6242
The Linux Foundation. (n.d.). About Hyperledger. Hyperledger. https://www.hyperledger.org/about
Thota, N. R. (2018, July 18). Developing blockchain application is no different from the
current software development. Innominds. https://www.innominds.com/blog/developing-blockchain-application-is-no-different-from-the-current-software-development
Tor (anonymity network).
Tor_(anonymity_network)
(n.d.).
In
Wikipedia.
https://en.wikipedia.org/wiki/
TradingView. (n.d.). Cryptocurrency market. https://www.tradingview.com/markets/cryptocurrencies/global-charts/
Trauth, M. (2018). Neoliberalism and the rise of bitcoin: Is bitcoin a neo-liberal product?
A socio-economic analysis [extract]. Bournemouth University. https://m.grin.com/document/441772
Trust. (n.d.). In YourDictionary. Retrieved https://www.yourdictionary.com/TRUST
tutorialspoint. (n.d.). Public key encryption. https://www.tutorialspoint.com/cryptography/public_key_encryption.htm
U.S. Securities and Exchange Commission. (n.d.). Spotlight on Initial Coin Offerings (ICO).
https://www.sec.gov/ICO
Universa. (2017). Decentralized autonomous organization — What is a dao company?
Medium — UniversaBlockchain. https://medium.com/universablockchain/decentralized-autonomous-organization-what-is-a-dao-company-eb99e472f23e
Usenet. (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Usenet
Varshney, N. (2018, May 30). Here’s how much it costs to launch a 51% attack on PoW
cryptocurrencies.
TNW.
https://thenextweb.com/hardfork/2018/05/30/heres-howmuch-it-costs-to-launch-a-51-attack-on-pow-cryptocurrencies/
www.iubh.de
Appendix 1
225
List of References
Vault. (n.d.). Real estate. https://www.vault.com/industries-professions/industries/realestate
Vincent, J. (2019, July 4). Bitcoin consumes more energy than Switzerland, according to
new estimate. The Verge. https://www.theverge.com/2019/7/4/20682109/bitcoinenergy-consumption-annual-calculation-cambridge-index-cbeci-country-comparison
(n.d.).
Putting
blockchains
on
the
road.
Volkswagen.
https://
www.volkswagenag.com/en/news/stories/2018/08/putting-blockchains-on-theroad.html
Waldo, J. (2019). A hitchhiker’s guide to the blockchain universe. Communications of the
ACM, 62(3), 38—42. https://doi-org.pxz.iubh.de:8443/10.1145/3303868
Weaknesses (1.3) Sybil attack. (n.d.). In Bitcoin Wiki. https://en.bitcoin.it/wiki/Weaknesses#Sybil_attack
Weaknesses (2.6) Attacker has a lot of computing power. (n.d.). In Bitcoin Wiki. https://
en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power
Werbach, K. (2019, February 8). People don’t trust blockchain systems. Slate. https://
slate.com/technology/2019/02/blockchain-government-regulation-cryptocurrency-bitcoin.html
White, M. (2018, January 16). Digitizing global trade with Maersk and IBM. IBM. https://
www.ibm.com/blogs/blockchain/2018/01/digitizing-global-trade-maersk-ibm/
Wilson, T. (2018, November 20). Bitcoin for payments a distant dream as usage dries up.
Reuters.
https://www.reuters.com/article/us-crypto-currencies-payments-analysis/
bitcoin-for-payments-a-distant-dream-as-usage-dries-up-idUSKCN1NP1D8
World Economic Forum. (2016). The future of financial infrastructure: An ambitious look
at how blockchain can reshape financial services. http://www3.weforum.org/docs/
WEF_The_future_of_financial_infrastructure.pdf
World Health Organization. (2018). Substandard and falsified medical products. https://
www.who.int/news-room/fact-sheets/detail/substandard-and-falsified-medical-products
Xu, W., Weber, I., & Staples, M. (2019). Architecture for blockchain applications. Springer.
Yaga, M., Mell, P., Roby, N., & Scarfone, K. (2018). Blockchain technology overview.
National Institute of Standards and Technology: U.S. Department of Commerce. https://
doi.org/10.6028/NIST.IR.8202
Yates, B. & Chan, R. (2018). Blockchain and the future of data protection. Hong Kong
Lawyer. http://www.hk-lawyer.org/content/blockchain-and-future-data-protection
www.iubh.de
226
Appendix 1
Yusuf, S. (2018). Blockchain/distributed ledger technologies: Where they came from,
where they are heading. Economy, Culture & History Japan Spotlight Bimonthly, 37(6), 18
—22.
Zuluaga, D. (2018, June 25). Should cryptocurrencies be regulated like securities? CATO
Institute. https://www.cato.org/publications/cmfa-briefing-paper/should-cryptocurrencies-be-regulated-securities
www.iubh.de
Appendix 2
List of Tables and Figures
228
Appendix 2
List of Tables and Figures
Distributed Databases and Distributed Ledgers
Source: Author.
Distributed Ledgers and Blockchain
Source: Author.
Comparison of Blockchain Networks
Source: Author.
Network Comparison Diagram
Source: Author.
Blockchain Processing
Source: Deloitte Development, 2018.
Merkle Diagram
Source: Author.
Bitcoin Price in USD
Source: Beigel, 2019.
Historic Daily Bitcoin Transaction Fees (In Dollars Per Transaction)
Source: Billfodl, n.d.
Block Header
Source: Blockchain, 2019.
Remainder of Block
Source: Blockchain, 2019.
Transaction: View Information About a Bitcoin Transaction
Source: Blockchain, 2017.
Bitcoin Security Breaches
Source: Author.
www.iubh.de
Appendix 2
229
List of Tables and Figures
Hyperledger Umbrella
Source: Author, based on Hyperledger, n.d.
Comparison of Hyperledger Platforms
Source: Author.
Symmetric Cryptography
Source: icao, n.d.
Public Key Encryption
Source: tutorialspoint, n.d.
Encrypted Digital Signature
Source: Idris et al., 2016.
Annotated Merkle Diagram
Source: Author.
Blockchain Industry Leaders
Source: PWC, 2017.
Blockchain Country Growth
Source: PWC, 2017.
Global Payments: Current-State Process Depiction
Source: World Economic Forum, 2016.
Global Payments: Current-State Pain Points
Source: World Economic Forum, 2016.
Global Payments: Future-State Process Depiction
Source: World Economic Forum, 2016.
Global Payments: Future-State Benefits
Source: World Economic Forum, 2016.
www.iubh.de
230
Appendix 2
Supply Chain — Current
Source: White, 2018.
Supply Chain — Future
Source: White, 2018.
GTD Improvements to Supply Chain Processing
Source: White, 2018.
Blockchain in Government
Source: Consensys, n.d-b.
Initial Assessment of Blockchain as Technology
Source: Kashyap, 2019.
Detailed Assessment of Blockchain as Technology
Source: Naab et al., 2019.
Public, Private, Permissioned Assessment
Source: Author, based on Thota, 2018.
Characteristics of Money
Source: Liu, L., 2019.
Functions of Money
Source: Liu, L., 2019.
Hash Rate
Source: Liu, L., 2019.
Bitcoin Energy Consumption Index Chart
Source: Digiconomist, n.d.
Bitcoin Annualized Total Footprints
Source: Digiconomist, n.d.
www.iubh.de
Appendix 2
231
List of Tables and Figures
Bitcoin Transaction Footprints
Source: Digiconomist, n.d.
Bitcoin Network Statistics
Source: Digiconomist, n.d.
Ethereum Network Statistics
Source: Digiconomist, n,d.
Size of Bitcoin Blockchain from 2010 to 2019
Source: Liu, S., 2019.
Fraction of Sales Per Item Category
Source: Soska & Christin, 2015.
Worldwide Legal Status of Cryptocurrencies
Source: Library of Congress, 2019.
Regulatory Framework for Cryptocurrencies
Source: Library of Congress, 2019.
Countries Issuing National/Regional Cryptocurrencies
Source: Library of Congress, 2019.
Summary of Regulations by Country
Source: Author, based on Reese, 2018.
www.iubh.de
IUBH Internationale Hochschule GmbH
IUBH International University of Applied Sciences
Juri-Gagarin-Ring 152
D-99084 Erfurt
Mailing address:
Albert-Proeller-Straße 15-19
D-86675 Buchdorf
Phone: +49 30 311 988 55
media@iubh.de