AI translated#blockchain #decentralization

Governance, Security—and a Dozen Other Unresolved Blockchain Issues

23.08.2023 ForkLog

The Alpina Publishing House has released the book Blockchain for Everyone. How Cryptocurrencies, BaaS, NFT, DeFi and Other New Financial Technologies Work by Doctor of Economic Sciences Artyom Genkin and digital-technology expert Aleksey Mikheev. We publish here, with minor omissions, a chapter that discusses some fundamental problems that continue to hinder truly scalable DLT adoption.

Why did this reasonable idea provoke such a flurry of discussion? First, bankers are inherently cautious and must constantly fear something — electronic money, cryptocurrencies and other phantoms…

Victor Dostov

There is a range of views on the main obstacles to the development of blockchain. For example, O. Kurchenko notes low awareness (despite the hype around Bitcoin and blockchain, only a tiny fraction of Earth\’s inhabitants are involved in these innovative technologies), the lack of universal standards and rules, a clear regulatory framework, a deficit of professional legal expertise, digital inequality, the absence of all‑in‑one solutions, low liquidity, and problems related to anonymity and pseudonymity.

According to a Deloitte 2020 survey, many organisations recognise the need to address blockchain-related accountability issues, in particular concerning customers, suppliers, investors, regulators and government bodies, and society at large. Problem areas also include cybersecurity, global digital identification, compliance with accounting, auditing and internal-control requirements, taxation and financial reporting, governance and the implications of the sector\’s ongoing growth and evolution of digital assets. Organisations and countries that fail to solve these problems will over time lose their market share.

According to the IMF, the risks of using DLT include: uncertainty in operation and safety arising from the technology, lack of operational interoperability with existing processes and infrastructures, uncertainty regarding final settlements, regulatory and legal issues in implementing DLT, the absence of an effective and reliable governance system and issues of data integrity, immutability and confidentiality.

We try to break down the problems encountered in blockchain adoption into several main types (though this is no easy task).

Intra-industry Problems

Blockchain must overcome a host of problems to become a foundational technology. One of the key issues concerns the development of the technology and its governance. Without a standard set that can guarantee functional interoperability of systems within an industry and supply chains, the technology will be hard to scale. It must be reconciled with legacy systems, as well as with private and public blockchains. Developers should provide a roadmap for blockchain evolution, in particular to increase the flexibility of smart contracts, dissemination and security of the technology.

In Gartner\’s 2019 report, the main problem was the lack of standardisation of blockchain platforms. Moreover, today the market for blockchain platforms is largely comprised of disparate offerings that often intersect or complement each other, making it difficult to choose a specific technology.

Blockchain enthusiasts and pioneers, in explaining its essence, often used complex language and technical jargon. Consequently, users still do not understand how blockchain works and what advantages it has over other existing technologies. It is necessary to demonstrate these advantages with concrete practical business examples.

Talent and Skills Gaps

Insufficient digital skills will impede blockchain adoption, especially for SMEs and micro‑enterprises with limited finances. Large players acting as hub centres of blockchain competencies will need to pull their suppliers up the value chain. There is a risk that the gap in digital skills could squeeze SMEs out of the digital-supply chain. Often, implementing a blockchain solution requires a full-scale reorganisation of a company\’s business processes, and sometimes of the sector as a whole.

Critics also pointed to consumers\’ weak blockchain literacy and their distrust of the technology.

Still the main obstacle to broad blockchain adoption is the need to ensure ease of use. A lack of knowledge and technical skills prevents certain groups of people from using blockchain.

Regulatory and Legal Factors

Regulatory issues also exist. Often blockchain is based on a multisided, cross‑border architecture spanning many regions with different regulatory regimes.

Legislation in many countries and regions directly affects the use of blockchain, even if legal norms do not pertain directly to it. For example — the General Data Protection Regulation (GDPR), which governs privacy in the EU.

Seventy percent of Deloitte\’s 2020 survey respondents believe regulatory changes in the blockchain space are moving quickly or very quickly. With the growing number of regulators concerned about potential blockchain risks, the regulatory framework for the technology in various jurisdictions becomes uncertain and unpredictable. A sizeable portion of stakeholders views regulatory uncertainty as the main obstacle to adoption.

Cybersecurity Issues

Sixty-six percent of Deloitte\’s 2020 survey respondents consider cybersecurity issues to be the primary obstacle to broad adoption and use of blockchain.

One might think that blockchain, with its cryptography, offers a degree of protection against cyberattacks. And the distributed nature of blockchain implies a level of transparency that should help detect attacks quickly. But even such a system can be vulnerable to attacks that may originate from any critical access point. Perhaps advances in quantum computing could render current cryptographic methods securing blockchain platforms obsolete by breaking all public-key cryptography.

Possible technical vulnerabilities of blockchain projects are well described in this article on Habr.

Using corporate blockchain solutions creates additional risks. According to Positive Technologies, 71% of blockchain pilot projects had vulnerabilities in smart contracts, and half had vulnerabilities in applications for data access on the blockchain. And for a successful attack, only one vulnerability is enough, because the blockchain system controls critically important data

\n

«Among the consequences of attacks can be: unauthorized entry of data into the register, attacks on users from the blockchain, a complete shutdown of system functionality. Hypothetically, this could lead to an attacker gaining full control over an organisation\’s critically important resources,” says Arseniy Reyutov of Positive Technologies.

\n

«Cyberattacks on blockchain solutions will intensify as these systems emerge, especially those automating settlements and other financial processes and instruments,” says Artem Kalikhov of Waves Enterprise.

Many companies developing blockchain solutions pay too little attention to security. Meanwhile, auditing blockchain solutions would help to identify vulnerabilities in advance and protect users from attacks.

In case of a hacker attack on a public blockchain, there are two main remedies: either a hard fork or a rollback to the blockchain state at the time of the attack and added transactions only from that moment (but then all transactions after the incident would be lost and would have to be re-added) or accepting the consequences of the attack.

Technical Problems Specific to Blockchains

Blockchains tend to consume a large amount of memory. Decentralisation, where every participant stores the same information, and the natural growth in transaction numbers can lead to memory becoming insufficient.

Transaction processing speed on blockchains is extremely low compared with traditional payment systems. Blockchains lag behind traditional databases in performance, since the cryptographic component that gives blockchains their key advantages requires complex computations.

Consensus-based blockchain verification mechanisms require considerable computing power and can slow transaction speeds as data-storage needs grow. This is a serious technical barrier to blockchain scalability and to achieving the scale‑out effect.

Each network decides for itself which of the three properties (scalability, security and decentralisation) it will prioritise. This is the so-called blockchain trilemma: only two of these three properties can be fully realised at once. Scalability is the ability to process a higher volume of transactions. Security is the reliability of data storage in the blockchain and its resistance to tampering. Decentralisation is the degree of control distributed across the network. Altchains are an attempt to solve the blockchain trilemma.

Overall, blockchain technology remains immature in terms of scalability and is still trying to cope with a high volume of transactions.

The authors of the 2021 ISACA/AICPA & CIMA study, “Blockchain Risks. Recommendations for Professionals,” identified five principal risk groups for closed blockchains: development-stage risks, infrastructure (related to data exchange and transmission), risks in key‑security management, and smart‑contract vulnerabilities.

The study details the potential vulnerabilities of each group and their consequences. For example, insufficient reliability of a key security measure jeopardises digital assets’ safekeeping. And the lack of protocols for unconfirmed transactions generates opportunities for fraudulent operations that were previously rejected.

Thus, a matrix is formed that businesses can use to assess and mitigate potential risks when implementing blockchain.

J. Bloomberg, in a Forbes article “Dont Let Blockchain Cost-Savings Hype Fool You,” listed a number of blockchain drawbacks:

• Rather than justifying retirement of mainframes, blockchain provokes banks and others to double down on mainframes. IBM\’s mainframe leader has bet on blockchain on its mainframes. Yet the question remains whether such a mainframe‑centric approach to blockchain, tailored to banking, can deliver cost savings as the main advantage.

• Because blockchain has a distributed architecture, it requires multiple processing nodes spread across several participants, which increases total transaction costs and leads to scalability and performance issues.

• The strength of the chain depends on the weakest link, which is true for blockchains as well. If one node has performance, scalability or security issues, they can affect other nodes.

• In addition to energy resources, blockchains consume storage resources whose requirements will always grow because each node must maintain an immutable register of all transactions.

J. Omaar, in his blockchain database development model in 2017, calculated that the cost of storing one gigabyte of data for a Bitcoin node would exceed $22.7m, based on current operating costs.

Lori Heino-Rey er, director of business development at Daimler Trucks North America, sees some potential risks in industry blockchain adoption:

• Immutability makes data input inherently prone to human error.

• If the company\’s private key is damaged or mismanaged, the blockchain becomes unverifiable and data loss may occur.

…

Unconfirmed Transactions and Mem Pools

As the popularity of cryptocurrencies grows, the number of transactions added to validation increases and mempools form — a set of all transactions awaiting verification by miners. Transactions are queued to be added to a block. The higher the fee, the faster miners will include the transaction. Consequently, fees rise and low-fee transactions may wait for confirmation for hours or days. For small transfers, the fee can be several times the value of the transaction.

When after Bitcoin\’s price surge in December 2017 its mempool grew to 200,000 unconfirmed transactions, many popular crypto exchanges could not cope with the load. Users had to pay high fees, up to $32 per transaction, to avoid delay in confirmation.

The High Cost of the Technology

Another critical problem is the potentially high costs — financial and organisational — required to implement blockchain technology, even at pilot stage. Firms must weigh the potential benefits of blockchain adoption against costs of testing concrete use cases, including integration with legacy systems, and account for a shortage of skilled personnel for blockchain projects. Consortia form to share costs of building and using blockchain infrastructure, but questions about alignment and conflicts of interest remain.

As with any IT project, DLT requires investments in infrastructure, development costs, consulting, R&D and talent through direct hiring or outsourcing to BaaS providers.

Risk of Centralisation

A. Seyun notes: despite the open-source nature and egalitarian peer-to-peer network, blockchain technology without a governing body or institution can lead to a new oligarchy and a polarised society. Moreover, current cryptocurrency networks already show a tendency toward centralisation or elitism.

М. Атзори reminds: “Theoretically, an open-source protocol is designed to foster global collaboration, and anyone can contribute to code development via an online forum (github.com). In practice, however, decisions are carried out by a small group of core developers, and they form a governance body with exclusive authority to approve contributions.”

But actual adherence to openness can be questioned, as individual people or organisations\’ possession of the technical know-how necessary to perform these functions allows participation in shaping the more complex aspects of the blockchain, so that the “core developers” retain a large share of control. Thus, the “revolutionary potential of network governance as an absolute, fully horizontal [i.e., non‑hierarchical] form of political and social organisation is often overstated and unrealistic.”

Industry Problems in Blockchain Adoption

D. Sachdev notes a number of issues that arise when applying blockchain to manage supply chains (USC).

First, security concerns: supply-chain transactions are private, and a user wants their identity known only to trusted partners. Yet Bitcoin\’s blockchain is a public ledger, transactions of which can be viewed by all participants. Bitcoin is a pseudonymous system: even if a transaction uses only the owner\’s address, the user\’s identity can be identified by analysis of tagged data.

Another problem is role-based access control: in a permissioned environment where new partners are constantly added to the chain, there should be a way to determine write and update access at the user-group level.

Additionally, IoT automation should provide petabyte-scale data storage for supply-chain partners. However data must be tagged with metadata defined by the user so that it can be discovered by other users.

Blockchain can guarantee provenance and integrity of data, but not establish their rightful owner. This leads either to input of false data or to granting rights to data to an unauthorized owner. For example, farmers could tamper with IoT sensor data by placing physical barriers: if a sensor is covered with a cover, climate data would be distorted. And for example, if a tire-pressure sensor measures pressure, the data owner could be the tire company, the car manufacturer, the car dealer, the insurer or the driver.

Problems of Blockchain Consortia

The emergence of new blockchain consortia worldwide further stimulates adoption and deployment of blockchain-based solutions.

In governance and structuring within blockchain consortia, four key problem areas have emerged — decision-making and authority, funding and revenue distribution, legal structures and risks, and intellectual property and ownership.

As Deloitte\’s study shows, many consortia sharing the objective of succeeding in blockchain ventures often fail due to internal rivalries and unfairness in addressing these issues.

John Matonis, director of the Bitcoin Foundation, said that bank‑run private blockchains could simply create \”yet another cartel\” and would perform as poorly as a payments consortium.

The Problem of Freedom of Speech Boundaries

The Italian developer Alessandro Segala ceased work on his apps and publicly stated a divergence from the DLT path. The reason is that he sees dangers created by unlimited freedom of expression and does not want to technically facilitate this. \”Given previous experience, it is unlikely that decentralised technologies will not become the Wild West in the worst sense of the word,\” the developer concluded. As an example, he cited a blockchain-based video hosting platform, replete with dubious content about weapons, conspiracy theories, advertising of cryptocurrency pyramids and pornography.

…

Conflict of Interest

Blockchain adoption in the banking sector is paradoxical. Investments in blockchain could disrupt banks\’ existing business models. If blockchain delivers on expectations, banks could offer services faster, cheaper and more simply, which would erode their revenues, something they would resist. Moreover, millions of jobs could be at risk.

In 2018, Boston Consulting Group published a fairly sceptical report on blockchain adoption in retail networks. The authors argued that it remains unclear, economically, whether switching to blockchain platforms makes sense and whether retailers are prepared to adopt a blockchain that could reduce even small profit margins by removing information asymmetry that underpins intermediation payments. At the same time, analysts argued that blockchain use could increase transparency, creating a more efficient and liquid market.

Privacy and Digital Inequality

At the national blockchain conference “Blockchain/Finance 2021,” Artyom Genkin noted: \”Today it is legitimate to ask the question somewhat differently than before, when blockchain was seen as a panacea… Could the technology be on the side of good or evil, on the side of financial inclusion or digital inequality?\” DLT could amplify, make more difficult to overcome the so‑called digital divide. China\’s social-ranking system, which becomes a means of controlling access to financial services, if used in a blockchain framework, provides access to social-credit data and tracking at a national level. Depending on the social score, there could be restrictions on contracting with certain counterparties, asset types, access to financial resources, and even employment. A powerful tool of social influence is being formed.

The blockchain technology could spawn a large number of private social ratings. The spur for their creation was the Covid-19 pandemic. The so‑called \”immune passport\” could become a driver of amassing vast biometric data about a person alongside information about financial transactions and social activity. A person would enjoy full civil rights only by agreeing to be a source of big data. Dostov agrees the amount of information about a person already being collected is well beyond what it used to be, and technology indeed opens many possibilities for tracking and control — from social media profile analysis to examination of shopping receipts.

In this context, it is particularly important to check whether the data‑collection goals and purposes are not discriminatory, and to assess ethically any technological solutions that imply restrictions or provide benefits to users. After all, blockchain itself is neutral, Genkin reminds: \”The application nuances matter: in biased hands the technology will increase rather than reduce digital inequality. This requires extreme caution; ethics come first.\”

Concerns about payment privacy in light of possible digital euro adoption have been voiced by market professionals and EU publics alike, notes Dmitry Kochergin of St. Petersburg State University. For consumers, payment privacy is much more important than security. As the expert explains, because of its programmability and traceability, digital currency technology implies heightened surveillance of money in circulation. This markedly raises the level of oversight and control over citizens\’ spending.