Professor Whitfield Diffie on the Challenges of Securing Data on the Blockchain
Blockchain technology has come a long way since it was introduced as the underlying technology driving Bitcoin. As the field continues to advance, modern blockchains such as Ethereum, EOS, NEO, Cardano and others are becoming software platforms where startups can build entire products and utilize decentralized features inside their own applications. Today, blockchain technology is being used to transform supply chain management, e-commerce, real estate, healthcare, and many other industries.
For example, Propy is building a decentralized real estate title transfer platform on the Ethereum blockchain. And a project created by the MIT Media Lab, known as MedRec, has developed a solution to use blockchain smart contracts to create a decentralized content-management system for healthcare data across providers.
Yet as blockchain technology continues to enter the mainstream, a number of challenges have developed.
“The attempt with blockchains is to arrange distributed data storage in a way that is secure and auditable by everybody involved. Yet the variety of problems are issues of scaling and issues of decentralization by proof-of-work that turn out to be unnecessarily expensive relative to the results that wish to be achieved,” Professor Whitfield Diffie, inventor of public key cryptography, stated during the Impact and Cryptography panel at CPC Crypto DevCon.
Professor Diffie is known for being one of the early pioneers of public-key cryptography. Diffie famously co-authored a landmark paper in 1976 that laid the foundations for public key cryptography, a key element of modern internet security and cryptocurrencies.
According to Diffie, there are a number of challenges facing blockchain technology today, especially in terms of securing data storage on the blockchain.
Data Privacy
For example, data privacy is one of the main challenges companies face with the application of blockchain technology. This is because a number of projects deal with sensitive data that cannot be openly stored in a public ledger. For instance, Propy deals with real estate transactions, and the title transfer information for these transactions are quite sensitive. This information usually includes agreements, home addresses, transaction prices, and even the digital wallet addresses and identities of the buyer and seller.
However, there currently are not many solutions available to ensure data privacy for blockchain applications. And while there are different options to help with data privacy, each comes with pros and cons. For instance, one of the simplest methods would be to store the encryption key inside a smart contract and automatically encrypt or decrypt the data. While this approach works, it is still vulnerable to hackers who can reverse engineer the smart contract and retrieve the key.
Another option would be to use multiple keys for data storage, allowing each user to encrypt or decrypt their own data using their wallets’ private keys. If the user’s private key were compromised, only the data of that particular user would be breached and not the entire dataset. Unfortunately, this approach is viable only for a subset of projects.
Using biometrical data could also be a solution. However, according to Diffie, the best option here would be a combination of both biometrical data and digital keys.
“I think a combination of both digital and biometrical data would be the way to go moving forward. Biometrics are, in some sense, antithetical to the basic notion of crypto protection. Because the important thing about cryptography, and in communication cryptography in particular, is that if the key is compromised, this may have an effect,” explained Professor Diffie during his panel. “If you are depending on something that is derived from biometric property, the one difficulty is that biometrics may not have the same stickiness to the characteristic that you’re trying to represent.”
Scalability
Scalability is the ability to process a certain number of transactions per second. Yet scalability has always been a bottleneck for the Bitcoin blockchain, as it focuses primarily on decentralization and security and less on scalability.
Currently, the average transaction time is ten minutes for Bitcoin transactions and seventeen seconds on average for Ethereum transactions. Also, the cost per transaction can be high, and there is still a limited ability of the network to interface with real-world information.
Ethereum’s PoW will soon be replaced by the PoS protocol Casper, which already runs in the testnet. The main functionality is working and demonstrating good results, yet there are still issues that will need to be solved in order to resolve the scaling problems.
EOS could also be considered here. EOS is a smart contract platform for building decentralized applications aimed to solve some of blockchain’s biggest problems. Block.one, the developer of EOS, claims the platform has eliminated transaction fees and has the ability to process millions of transactions per second.
However, EOS has recently faced a round of criticism for its lack of decentralization and its underwhelming technical robustness. The problem results from the system’s lack of mediating capacity and centralized enforcement over the pool of Block Producers – twenty-one entities elected by token holders and responsible for validating transactions under the Delegated Proof of Stake consensus mechanism. EOS has recently sparked a round of controversy for not having a clear procedure to follow when dealing with security breaches, which goes against the entire decentralized structure on which the blockchain community is built.
“In security systems and in cryptographic systems in particular, the question has always been how to couple the technicalities of these systems to the social phenomena they’re trying to support. The obvious thing that we worked on a lot with cryptography, and certifying authorities, shows that we want to support the sort of credential systems that existed in the world without the foundation of governmental and corporate authority structures,” said Diffie. “We cannot have any of these existing authority structures. We can build a peer-to-peer entity by doing that.”
State Of Storage
Finally, the state of storage is another issue facing blockchain platforms. All blockchain protocols currently store all the states in each node, including smart contract code, balances, storage, etc. This greatly adds to the security of data, but also severely limits scaling and delays transactions.
Bitcoin’s blockchain of simple transactions is upwards of 150GB in size. Yet any business institution using blockchain technology for a traditional database can expect every node to require much more space than that. This problem would be compounded if a company were to operate a private blockchain and control every node itself.
A solution to consider is sharding, which involves splitting the states into partitions or shards, where each shard contains only part of the data. A blockchain platform like Zilliqa is designed to scale using sharding technology, which allows transaction rates to increase as the network expands and scales with an increase in the number of miners. Yet while it may sound simple, there are a lot of challenges involved such as cross-shard communication, data availability, and a whole range of security issues that must be resolved.
by Rachel Wolfson via NullTX