The Unfortunate Rise of Permissioned Blockchains

    Well-Known Member Staff Member
    Likes Received:
    Trophy Points:
    September 13, 2018 at 04:57
    What Is A Permissioned Blockchain?

    What if you could have your very own blockchain, one in which you set the parameters as to who can join? One in which only networks of known, vetted actors are allowed to participate, where detailed information about transactions is exchanged between companies, And where financial institutions – not miners – validate transactions. That is, more or less, the premise behind permissioned blockchains.

    In essence, its blockchain technology as favored by centralized organizations, And as such, its the current darling of established tech and financial services companies. Particularly the latter, as it makes complying with Anti-Money Laundering and Know Your Client laws much easier. However, any consortium of companies may create a private blockchain. And far larger and more diverse private blockchains are beginning to emerge as well.

    The Desire for Control

    Unfortunately, the financial institutions seeking to implement permissioned blockchains want to “have their cake and eat it too.” That is, they desire all the advantages that blockchain technology offers – namely fast, cheap, and immutable transactions – without the anonymity afforded to node owners (transaction validators). Instead, these institutions typically replicate existing structures where a trusted intermediary exists (they just can’t let go!). As blockchain pioneer Nick Szabo notes,

    “[Bank] bureaucracies are so heavily invested in the expertise and importance of local regulations and standards that it’s extremely difficult for them to cut the Gordian knot and implement seamless global systems. So they keep trying to re-inject points of control, and thus points of vulnerability, into blockchains, e.g. through ‘permissioning’; but this nullifies their main benefits, which come from removing points of vulnerability.”

    Alas, the desire for more control is ultimately counterproductive. Which, as Nick Szabo points out, is ironic given that the auditors, accountants, and others who currently serve as financial controls are already decentralized. But that’s missing the point, as the blockchain is meant to move us past the “mutually untrusting national silos” (1) that currently exist.

    If banks fail to embrace this mindset, their permissioned blockchains may simply be viewed as being similar to the “centralized payments networks we have right now, without the benefit of the network effect of bitcoin.” (Joe Matonis)

    Unique Security Concerns

    By their very nature, permissioned blockchains are perceived as being more secure than any public (permissionless) blockchain. After all, any industry or company consortium, a blockchain tends to exhibit high internal trust as it is (and single entities allow for full in-house control). Unfortunately, it’s this very sense of internal control that makes a permissioned blockchain far less secure.

    Indeed, permissioned blockchains are uniquely prone to various security vulnerabilities. Given the scenario above, for instance, transaction blocks can easily be altered after the fact – and without approval from the other nodes. And such alterations would be relatively easy to make in permissioned blockchains operated by small consortia.

    As MIT professor Christian Catalini notes,

    “If the nodes collude, or nodes are compromised, you can just rewrite history. So if you’re a regulator, maybe you wouldn’t want a set of banks or a set of financial institutions to be able to collude and rewrite the ledger. It’s not even a 51% attack – they already have the keys to the dataset, so you may not even need the majority to fool the system.

    As with any closed system, governance over security protocols is prone to arbitrary decision-making. And, as history has shown, collusion among financial institutions is always a risk when survival is at stake.

    Lax security is also a concern. In the Hyperledger fabric network, for instance, Membership Service Providers provide the credentials to access a permissioned blockchain. Clients use these credentials to authenticate their transactions, and peers use these credentials to authenticate transaction processing results. However, Membership Service Providers prove to be a centralizing aspect of an otherwise decentralized system and proves to be a weakness of the permissioned blockchain network (Davenport).

    Moreover, the semblance of trust mentioned above can provide for lax oversight, leading to DoS and spam attacks. Similarly, lax security governance in such an environment can lead to improperly stored private keys. This oversight tends not to be rectified until after the damage is done.

    Finally, smart contracts serve as another vulnerability point in permissioned blockchains. Since the latter rely on asynchronous Byzantine Fault Tolerance replication protocols to establish consensus, they reveal their low-level trust assumptions ( 3f + 1 consensus formula) to smart contract applications. Unfortunately, few smart contracts are set up to reason about such assumptions.

    The inability for smart contracts to execute on all nodes within a permissioned blockchain is another serious problem. Ultimately, any smart contract that fails to execute properly is, in effect, mounting a denial of service (DoS) on the blockchain network.

    Sexy Database or Intranet Redux?

    Will permissioned blockchains thrive, or even survive? For now, the technology continues to be mentioned in breathless headlines, such as World Bank Issues $79 Million Bond on Permissioned Blockchain. And with big money comes staying power. Nonetheless, critics continue to assert that the technology doesn’t even merit the blockchain label.

    Still others suggest that the technology is merely an exercise in sexy packaging, a gussied-up alternative to the company database. As Asheesh Birla, product head at Ripple stated “I’ve seen a lot of use cases out there to use permissioned blockchains and when I look at the problem they’re trying to solve, I feel like, wow, there’s a company out there that can solve that problem. That company is Oracle.”


    However, perhaps a better analogy was made by Marc Andreessen when he commented “Big companies desperately hoping for blockchain without Bitcoin is exactly like 1994: Can’t we please have online without Internet?” In the late 1990s, the new, shiny tool for larger corporations was the walled-off intranet. But that love affair was not to last, as maintaining it was cost inefficient and somewhat irrelevant to the end user. In a similar way, the permissioned blockchain may be oversold. Already, several new blockchain identity applications are emerging that appear to make the technology redundant. Will we all laugh about our naivete ten years from now?

    Would you like to know more?

    We don’t just publish articles, XTRABYTES is a whole new blockchain platform that allows DApps to be programmed in any language, utilizing a new consensus algorithm called Proof of Signature. In doing so, XTRABYTES presents a next – generation blockchain solution capable of providing a diverse set of capabilities to the general public.

    You can learn more on our website, where you can also help to spread the word through our bounty program and get rewarded in XFUEL, or join our community and hop into the discussion right now!







    The post The Unfortunate Rise of Permissioned Blockchains appeared first on XTRABYTES Today.

    Continue reading...