NIST report attempts to dispel common misconceptions about blockchain technology
As hype around cyrptocurrencies and their underlying technology, blockchain, reaches new heights, the National Institute of Standards and Technology (NIST), a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce, has released a report which attempts to dispel certain misconceptions around the technology.
The NIST document, titled Draft NIST Interagency Report (NISTIR) 8202: Blockchain Technology Overview, explains blockchain architecture and its components, discusses its use in electronic currency, and goes on to discuss broader applications in areas such as banking, supply chain management and categories of blockchain.
The NIST report’s authors hope it will be useful to businesses that want to make clear-eyed decisions about whether blockchain would be an asset to their products.
Dylan Yaga, a NIST computer scientist who is one of the report’s authors, said, “We want to help people understand how blockchains work so that they can appropriately and usefully apply them to technology problems. It’s an introduction to the things you should understand and think about if you want to use blockchain.”
The report raises the question of when is the use of blockchain appropriate, as there can be the temptation to use blockchain merely for its novelty.
“In the corporate world, there’s always a push to adopt new technologies. Blockchain is today’s shiny new toy, and there’s a big push to adopt it because of that. We want to help people to see past the hype, as lofty a goal as that is,” added Yaga.
One of the misconceptions the report talks about is that permissionless blockchains are systems without control and ownership. However, while no user, government, or country controls a blockchain, there is still a group of core developers who are responsible for the system’s development. These developers may act in the interest of the community at large, but they still maintain some level of control.
The report asserts that the phrase “no one controls a blockchain!” would be better stated as, “no one controls with whom and when you can perform transactions, within the rules of the blockchain system.”
Another common misinterpretation the authors seek to address is that there is no “trusted third party” in a blockchain and assuming blockchain systems are “trustless” environments. They point out that while there is no trusted third party certifying transactions in permissionless blockchain systems (in permissioned systems administrators act as an administrator of trust by granting users admission and permissions), there is still trust required to work within a blockchain system. For example, there is trust in the cryptographic technologies, trust in the developers of the software to produce software that is as bug-free as possible, trust that most users of the blockchain are not colluding in secret, as well as trust that nodes are accepting and processing transactions fairly.
If a single group or individual can control more than 50 percent of all block creation power, it is possible to subvert a permissionless blockchain system. However, obtaining the necessary computational power is usually prohibitively expensive. The authors also mention that cryptographic algorithms utilised within most blockchain technologies for public/private key pairs will need to be replaced if a powerful quantum computer becomes a reality.
The report highlights constraints in blockchain technology, such as long processing time and high electricity consumption in blockchain systems using a proof of work consensus method, where a user gets the right to publish the next block by solving a computationally intensive puzzle. (A single bitcoin transaction requires as much electricity as the daily consumption of 1.6 American households.)
Moreover, there are limitations on the amount of data that can be stored on blockchains. They are not meant to be a general storage medium. In order to quickly calculate hashes on transactions and distribute transactions amongst the network, transactions need to be relatively small.
There’s also a security concern, as users must manage their own private keys, in the absence of a centralised system. If they lose their key, or it gets stolen, then digital assets related to that private key are lost. Centralized key management solutions can be put into place, but then they have the problem of having a central point of failure, which is a problem blockchains are supposed to solve. (In the recent Coincheck hack, hackers stole the private key for the hot wallet where NEM coins were stored, according to Cointelegraph.)
Another important myth this NIST report takes up is that blockchain intrinsically supports identity management. The authors explain there is no one-to-one relationship of private key pairs to users (a user can have multiple private keys), nor is there a one-to-one relationship between blockchain addresses and public keys (multiple addresses can be derived from a single public key).
A blockchain’s transaction signature verification process links transactions to the owners of private keys, but does not provide any facility for associating real-world identities with these owners. It might be possible to connect real-world identities with private keys through processes outside, but these are not explicitly supported by the blockchain. Typical blockchain implementations are not designed to serve as standalone identity management systems.
Finally, the report notes that blockchains will most probably be another tool that can be used to solve newer sets of problems. Financial organizations are most likely to experience greatest impact from blockchains, possibly needing to adapt or even completely change their practices to focus on being platforms for value exchange and not just places to store value.
Read the complete report here.