I introduced my wife to Python around nine months ago, and now she’s tinkering and had drawn a tortoise on her MacBook. After spending more time on geeky websites, she became more inquisitive, asking me one day, “Can you explain to me what blockchain is and why it is a game changer?” It sounded like a challenge!
With my 15 years of experience in banking, audit, and IT security, I should be able to nail this. I opened my mouth and mentioned some terms I’ve read on blogs and news websites—distributed ledger, low transaction cost, no central computer, smart contracts, etc. After 45 minutes and some drawings, she asked, “Why the fuss? Is it like a database with hash?”
It looked like I was able to explain what blockchain is but failed to justify why it is groundbreaking. Her question on how a distributed ledger can profoundly transform the internet was unanswered.
That question also struck me. Despite reading so many articles on the importance of blockchain and how it could change our digital life, not many people can explain in layman’s term how the technology is so different from other internet tech and its role in our lives.
I started reviewing my readings, and here now is my second attempt at explaining blockchain in understandable terms.
It all started in the 1970s when military research labs invented TCP/IP (transmission control protocol/internet protocol), the foundation of the internet with high priority on resilience and recoverability. Researchers could add/remove nodes to/from the system (following some protocols) without affecting other network components.Trust (or simply security) was secondary. If your enemy could cripple your network with one strike, protecting the system against espionage or infiltration was irrelevant. Flexibility and resiliency were implemented first, but came as costs. A lack of security design made the network and data transmitted on it exposed to spoofing and wiretapping.
Confidentiality and integrity features were not mandatory in the first version of the internet. Most of the security features we are using today are patches on a design that was focused on availability and recoverability. SSL (secure sockets layer), OTP (one-time password), and PKI (public key infrastructure) were adopted after the internet started proliferating. Internet is virtual and intangible and the integrity of information is not guaranteed. You don’t know whether you are chatting with a dog. Trust does not exist. Elements of trust like authenticity, accuracy, and non-reversible records are hinged on a non-security-minded design (just like when the first version of the internet was built) and decades of patching.
A software bug or control lapse may allow anyone with access to system to make unauthorized changes. For example, a bank staff may exploit a known vulnerability and edit records in the credit score database. And many organizations and systems rely on secondary control to detect unauthorized changes when the primary control like ACL (access control list) failed. Secondary controls or compensation controls are mainly focused on error detection. Trust in cyberspace is derived from security controls, but it was already proven that no security control is 100 percent effective.
Since the virtual world is intangible and alterations are sometimes hard to detect, when security controls fail, users need to go back to the physical world to fix it either by calling a call center or even visiting an office. We cannot trust the cyberspace since records and interactions there are virtual. Without trust, physical human interventions are still necessary.
In Germany, many carpenters still do an apprenticeship tour that lasts for no less than three years and one day. They carry a small book in which they collect stamps and references from the master carpenters with whom they work along the way. The carpenter’s traditional (and now hipster) outfit, the book of stamps they carry, and (if all goes well ) the certificate of acceptance into the carpenter guild are proofs that here is a man or woman you can trust to build your house.
Being in control doesn’t mean it would be easy to lie. Similar to the carpenter’s book of references, it should not be possible to just rip out a few pages without anyone noticing. But being in control means having a way to save credentials, to carry them around with us, and to share them with an employer if we chose to do so.
You may say it is old-fashioned or outdated, but carpenters trust it—even now. Their trust is built on their understanding that the paper is not easily tampered without a trace. Each page is linked to the next and alterations are easily detected without relying on a third party.
The virtual and physical worlds
Blockchain is the new form of paper in cyberspace, which breaks the wall between the virtual and the physical world. Records created using blockchain technology are immutable and do not require other systems or entities for verification. The immutable properties of blockchain are defined by mathematics, similar to how paper follows the law of physics.
An interaction that recorded using blockchain system cannot be altered, but you can add a new record that supersedes the previous one. Both the first and the new versions are part of the chain of records. Blockchain is a technology that defines how the chain of records are maintained.
In blockchain, a hash is a cryptographic number function which is a result of running a mathematical algorithm against the string of data in a block and results in a number which is entirely dependent on the block contents.
What this means is that if you encounter a block in a chain of blocks and want to read its contents you can’t do it unless you can read the preceding block’s contents because these create the starting data hash (prefix) of the block you are interested in.
And you can’t read that preceding block in the chain unless you can read its preceding block as its starting data item is a hash of its preceding block and so on down the chain. It’s a practical impossibility to break into a block chain and read and then do whatever you want with the data unless you are an authorized reader.
Bringing properties of the physical world into the virtual world is why blockchain is groundbreaking.
For my next post, I will write about the physical properties that blockchain creates and how they are related to trust.
Originally published on TechInAsia