Blockchain offers a radical solution for transaction security, but will it provide the controls required to unleash true commercial innovation? A combination of onchain and offchain techniques could be the key to success.
In a world under threat from new forms of cybercrime, blockchain promises exceptional security. A string of financial transactions can be packed into one time-stamped block of data, launched into the public Internet and dispersed across a worldwide network designed to survive a nuclear holocaust. There is no practical way that anyone can now compromise the transaction, because any majority of surviving copies would be enough to validate it. Could this blockchain model be scaled for broader business applications for true commercial innovation?
The original Bitcoin system was designed for purely financial transactions, where the only relevant details are the transaction amount, the exact time, and the public wallet addresses of those involved. Real-world business transactions demand a lot more information. Logistics tracking – for example a container loaded and shipped from China to Los Angeles – could involve dozens of different parties. Each should be able to validate and monitor their own sub-processes within the full transaction – but not the other parties’ confidential data.
You can create a “permissioned blockchain” only accessible to those who need to know, but most blockchains cannot control what individual data fields can be accessed by different authorized users. Various industry forums and blockchain technology providers are looking at options to address these challenges, but most of these raise concerns about access policy management and enforcement, scaling complexity, interoperability between other participating systems, and operational performance as utilization grows.
Hyperledger Fabric (HLF), for example, defines parallel “channels”, where subsets of information are accessible to specific users with authorized access to a particular channel. In an enterprise environment, where large numbers of unique contracts are executed over time, HLF could demand hundreds of thousands of channels to be created and maintained for extended time periods. As users and their access levels change, the administrative burden could become intolerable. Response times and user experience are likely to suffer as the number of channels surge. And questions about how to achieve interoperability across other systems which may use different forms of privacy control adds to the complexity.
Mastercard has been awarded a patent for a method to partition a blockchain, making it capable of storing multiple transaction types and formats. For cases such as card transactions, where the operational parameters are consistent, this could be a neat solution. But how well will it extend to more open-ended uses where the parameters are more widely diverse or tied to legacy systems which are difficult to modify?
A more promising approach to privacy control combines blockchain with “offchain” technologies such as encryption key management. Each field of data in the block is encrypted, and a key management system automatically distributes keys to each authorized user, but only the key to the fields they are authorized to access. This approach supports massive scalability, and it works across any blockchain technology. Rather than being limited to HLF or other technologies that natively support privacy control, enterprises can select their most appropriate blockchain technology – and be free to migrate to new technologies as they emerge – while maintaining a common privacy control system that works across the board.
The big challenge with encryption is how to cost-effectively generate, secure and manage the cryptographic key materials across potentially large numbers of users from multiple companies. Key management systems will be a target for hackers, because gaining access to a key server means they’ll have access to all of the data on the blockchain. To mitigate these threats key servers are often deployed with hardware security modules (HSMs). Considering the high availability requirements of most commercial operations, HSMs are an expensive option. They are often hard to scale, complex to administer, and dependent on a centralized trusted authority – which is challenging across multiple companies and administrative domains.
A better solution is a threshold key management system (Threshold KMS), which use a threshold cryptographic technique to distribute trust across multiple untrusted parties. Threshold KMS uses multiparty computation (MPC) to generate “shares” of each key, such that no key server ever holds an entire key. This makes it extremely secure against key theft. These shares are distributed across multiple virtualized threshold key servers that are typically hosted in multiple clouds – they may even be owned and operated by different organizations. The “threshold” nature of these systems means you do not need 100% participation: even if one or more key servers are compromised or off-line, the system works as long as the number of key-shares reaches an agreed safe threshold. This makes the system highly fault tolerant. And cloud hosted, software centric Threshold KMS eliminates the cost and complexity of proprietary hardware and redundant system configurations.
Threshold KMS is a secure way to simplify operations, minimize the cost of key management, and deploy offchain techniques to control blockchain privacy. It means that enterprises can now seriously consider blockchain technologies to support commercial innovation.
Frank Wiener, CMO of Sepior