Kotlin | Cryptography | Testing | Software Engineering | Microservices | SecurityPOP Goes the BlockchainMarch 11, 2018
Neil Chaudhuri (He/Him)
Neil Chaudhuri (He/Him)
I can probably stop here. Merely having the word on the Vidya site will increase blog readership more than if I posted a deleted scene from Black Panther.
There are already thousands of thought pieces explaining Blockchain, how it will revolutionize commerce, how it will transform the Internet. There is even a company whose decision to add Blockchain to its name led to a 600% stock surge and a financial windfall for its CEO!
And after all that and an entire decade of obsession with Bitcoin, almost no one knows what blockchain is and why it matters. I won't be able to fix that today, but that isn't my goal. My goal is to help you understand why y'all need to slow your roll. Blockchain has great potential, but there are significant obstacles to address if it is to emerge from basements and garages to prove it is ready for prime time after all these years.
Those obstacles are Performance, Openness, and Privacy. POP! Let's understand why Blockchain must address these concerns to become mainstream and how they are a microcosm of critical paradoxes we continue to wrestle with as a society.
A Brief Blockchain Explainer
A blockchain is an immutable, append-only list of transactions among parties on a peer-to-peer network of computers. While our ancestors conducted business by going to the bank or the post office, there is no central authority on a blockchain, which means that incompetence or malice won't compromise everyone (Like what happened with, not to call out anyone by name, but something that rhymes with Requifax).
Parties conduct business directly with each other according to rules agreed upon by the network, and the transactions are recorded to varying levels of detail by everyone on the network (full nodes and light nodes). Think of a transaction as a row on a spreadsheet. A block is a fixed amount of transactions--like a single worksheet while the blockchain is the entire Excel workbook.
Central authority is replaced by computer science and computer hardware. When a block reaches capacity, "miners" race to achieve consensus that all the transactions on that block are legitimate according to a consensus protocol. In its most common form originated by Bitcoin, proof-of-work, mining invests significant compute power in a cryptographic problem that's hard to solve but whose solution is easy to verify. Whoever pulls it off first gains consensus from the blockchain, adds the block to the ledger, gets rewarded in some currency, and serves as the standard for each new node to join. That solution is also integral to generating a hash of the block that is recorded by the next block, which is a fancy way of saying that any attempt to tamper with the transactions will be easily detectable by everyone. This is the foundation of security on Blockchain.
Bitcoin made Blockchain famous, but Bitcoin represents one very narrow implementation of it. There are lots of ways to implement a blockchain. Also, don't assume all transactions are financial. Companies are investing heavily in Blockchain to manage their supply chains, where transactions are goods bought or shipped or sold. In an online voting blockchain, transactions could be votes. In biotech, transactions could be genetic sequences. In communities ravaged by war forcing refugees to seek asylum elsewhere, transactions could be life events as proof of identity.
You are only limited by your imagination.
That was a lot, and even still I barely scratched the surface. If you want more, check out the work of Blockchain experts like Preethi Kasireddy, Subhan Nadeem, and Daniel van Flymen along with Blockchain podcasts from Software Engineering Daily.
So the ideas are transformative; the tech is cool; and big institutions in government and industry abuse our trust all the time. What's the problem?
Performance: Blockchains are slow and use a lot of energy
Absent an ostensibly responsible central authority, Blockchain combines cryptography and clever data structures like Merkel trees to build trust. Blocks are deemed valid during the mining process by solving that complex cryptographic problem as proof-of-work. It takes time to solve these problems, which means that the mining process can be far slower than what users are used to in their daily interactions with the web. When you consider how many resources are out there dedicated to shedding every millisecond you can off HTTP responses from a website, you realize how directly performance relates to revenue.
Besides time, you need machines running at high intensity for a while to generate proof-of-work, and this demands more power than a time-traveling Delorean. In an era where even China and India signed the Paris Climate Agreement, sustainability matters. This means Blockchain will have to become much more efficient to make Richard Hendriks's vision a reality.
(Watch Silicon Valley. Seriously.)
Ethereum addresses proof-of-work scalability with a consensus protocol called proof-of-stake, but even if that helps, there are memory considerations. All nodes on a blockchain contain the entire ledger of transactions, which can get into the terabytes for full nodes in a real-world application. Transactions are executed by smart contracts written in the Solidity programming language. In order to keep matters between the parties involved, a smart contract needs to maintain state-- everything there is to know about how the contract is executed. You store that state in memory on the Ethereum Virtual Machine using the Solidity API. As contracts become more complex and store more data--and developers possibly mismanage memory like in the old C++ days--memory can be a concern along with compute.
Openness: Blockchain lacks standards, needs tooling, and must avoid a class system
I am using the term openness as an umbrella for three ideas: defining open standards to support transactional integrity and interoperability among blockchains, accessibility of blockchain development for software engineers via open and powerful tools, and maintaining parity among nodes on the blockchain to facilitate open competition among nodes.
Every transformative technology emerges from open standards. The Internet has HTTP, SMTP, FTP, JSON, XML, and on and on; databases have SQL. Blockchain needs the same to thrive. The problem is that both the community and the technology underlying Blockchain are antithetical to centralized governance. It is a solvable paradox, but I question whether the community even sees this as a problem. The Ethereum Foundation is a one small step in that direction.
Once-powerful companies like Oracle, IBM, and SAP--basically the Celebrity Big Brother of tech--are rushing to get back on the A-list by embracing Blockchain and glossing over the closed nature of their proprietary, fragmented solutions. Once upon a time, Service-Oriented Architecture (SOA) was a legitimate, powerful concept whose hype motivated vendors to sell overengineered solutions to doe-eyed customers desperate to appear visionary only to find themselves locked into heavyweight, proprietary products. And SOA had far more standardization than Blockchain. Today people are more scared to utter "SOA" than they are "Voldemort" despite its vindication by modern microservices architectures.
I worry the same fate could befall Blockchain.
Blockchain also needs to be open to developers to build mindshare and excitement--perhaps ultimately even create so many Blockchain developers they become cheap. This means as always there needs to be tooling support for syntax checking and debugging along with automation of all the software engineering tasks we have come to appreciate over the last decade or so of agile software development: testing, static analysis, continuous integration, and continuous delivery. Blockchain tools are strewn about the landscape--the MetaMask Chrome plugin, the Mist browser, an alpha-stage Solidity plugin for IntelliJ, and various language-specific clients like Go Ethereum. Despite the passion behind these initiatives, they are all very immature.
Given these barriers, it is no surprise that as of this moment there are over 1000 times more Java questions on Stack Overflow than there are Blockchain questions. The comparison is flawed to be sure, but that many orders of magnitude illustrates the point given that Bitcoin has been around for a decade.
Just as centralized governance runs at odds with an architecture and community suspicious of centralization, so too should the possibility of the emergence of a class system among nodes in a blockchain. Given the resource-intensive nature of proof-of-work, only machines endowed with sufficient memory and processing power can act as miners. This could theoretically (though improbably) lead to a 51% atack, and the few who can afford that kind of power will dominate. Meanwhile, only nodes endowed with sufficient collateral can place winning bets in proof-of-stake. This leads to a "rich get richer" scenario. In both cases, you build a class system where certain nodes become dominant and potentially pernicious--analogous to the economic phenomenon Progressive- and New Deal-era reforms in the United States were designed to address through the very centralized institutions whose failures motivated the birth of Bitcoin.
All of this can lead you down the rabbit hole of pedantic economics debates on Facebook and Reddit that inevitably devolve into which user is most like Hitler. The point is Blockchain needs to devise a consensus protocol that balances decentralization with equality of opportunity if not necessarily in outcome.
Security and privacy aren't the same; locking the door doesn't stop anyone from seeing what's inside. Blockchain is similar. The clever computer science in place to secure transactions doesn't obfuscate them. Needless to say, Blockchain is a nonstarter as a pervasive technology if it can't solve the privacy question.
Bitcoin is totally unencrypted; as there is a finite number of Bitcoins, it is necessary to trace a Bitcoin's history through the blockchain. The flaws in its pseudonymity apparatus were exposed when American federal agents traced Bitcoin transactions to the nefarious parties involved in illegal drug trafficking on Silk Road. (Note here again Blockchain lies at the center of a broader debate--in this case, the right to privacy vs. the empowerment of law enforcement). Similarly, everything about a smart contract in Ethereum is public; you have to handle encryption yourself to hide the details from prying eyes.
There are a lots of ideas out there for solving this problem with Zcash arguably the most promising. Zcash is a cryptocurrency that offers privacy through even more clever cryptography in the form of zero-knowledge proofs. Another compelling alternative is Corda, an open-source "Blockchain for business" written in Kotlin that makes privacy (along with interoperability and tooling) a first-class citizen. Various vendors offer proprietary solutions as well.
To echo a previous point, standards related to privacy would sure come in handy here.
Blockchain has been around for a decade and only just now is emerging as a compelling solution for everything from banking to health care to improving the taste of fat-free ranch dressing. Until Blockchain learns the lessons of the past and resolves its own inherent paradoxes, we will not realize the true potential of this otherwise transformative technology if enough early adopters get burned to turn off future ones.