INNOVATION
Blockchain is still largely unknown to government, but some organiza- tions have started to explore it. The Department of Homeland Security, for example, published several Small Busi- ness Innovation Research solicitations in December seeking ideas for using blockchain in identity management, cryptography and other applications.
In January, Vermont issued a report on the opportunities and risk of block- chain, describing it as something the state should consider for future use while admitting that, “at present, the costs and challenges associated with the use of blockchain technology for Vermont’s public recordkeeping out- weigh the identifiable benefits.”
Blockchain — which in the bitcoin
THE POWER OF
application uses SHA-256 cryptography — combines peer-to-peer file-sharing techniques found in popular applica- tions such as BitTorrent with public-key cryptography to create a distributed network of trust that can confirm that transactions are valid and record them in a ledger.
Those records are immutable and can be updated only by a majority consen- sus of the entities involved. None of the historical information can be erased, which establishes a rock-solid, audit- able foundation for the transactions. With blockchain, the trust that is cur- rently vested in a centralized authority — an approach that is increasingly wor- risome for security and privacy profes- sionals — becomes more decentralized
BLOCKCHAIN
and reliant on the system itself rather than on the trust between the various parties involved in the transactions.
The secret sauce behind blockchain is evident in its title. In Bitcoin’s block- chain application, each block contains a full history of the transactions involved, and subsequent blocks in the chain carry that data forward, with each one containing a hash of the previous block. As the chain grows, it becomes compu- tationally much more difficult to inter- fere with.
A chain is considered valid only if all the blocks and transactions in the chain remain valid and only if the entire chain continues to start with the first block.
Enthused by the promise of block- chain, industry organizations are start-
44
GCN JUNE/JULY 2016 • GCN.COM
As a digital currency, bitcoin has had its up and downs, and
it’s still unclear whether it will survive or give way to the next crypto currency. That’s not the case for the blockchain technology underlying it.
Blockchain has been lauded as a starkly innovative way of confirming the identity and validity of parties that are trying to do business with one another — a critical function for bitcoin.
The problem with financially focused systems, which blockchain solves, is that it’s hard to set up a wholly trusted intermediary between two parties that want to do business electronically. Most likely, that trusted third party is a bank or other financial institution. However, although most transactions are trouble-free, acceptance
of a certain amount of fraud is built into current processes, and disagreements occur that require mediation. The situation raises both risk and cost.
Blockchain changes the equation by transferring risk from a human-based process to one in which cryptographic proof of, for example, contracts, agreements and prices replaces that variable trust. Each step, or block, in the process is locked down, and the details of each block are carried forward to the next, with each subsequent block containing a hash of the previous one.
As the chain grows, therefore, it becomes all but impossible to interfere with because it is considered valid only if every block and transaction remains valid and only if the chain continues to start with the original block, called the genesis block.
Essentially, the blockchain becomes a record or ledger of digital events that is shared among many different parties, with each party required to digitally sign a hash of a transaction and the public key of the next party in the chain before passing it along. No blockchain record can be updated without the agreement
of a majority of the entities involved, and none of the historical
information contained in a ledger can be altered because any attempt would change the old hash.
In essence, a blockchain-based system blends ironclad trust with a fully auditable sequence of digital events enclosed in a highly secure environment.
Its use for financially based transactions is obvious. At least in concept, however, it’s a system that could be applied to other trust- based environments, and various organizations are starting to explore if and how that could be done.
The Department of Homeland Security, for example, is seeking research proposals that would “design information security and privacy concepts on the blockchain to support identity management capabilities” that decrease the cost and risks of identity management while increasing security and productivity for users in the Homeland Security Enterprise.
The current HSE identity management process uses centralized authorities to vouch for the accuracy of the information it collects and maintains. Any transaction that requires validation of information — such as employment status, citizenship or eligibility to work — relies on a high level of trust that the who, what and how behind that transaction are all valid.
The research DHS wants to support would focus on whether “classic” information security concepts such as confidentiality, integrity, availability, provenance and privacy can be built on top of blockchain technology to “provide a distributed, scalable approach to privacy-respecting identity management.”
No one believes any of this will be easy, but the potential gains from successfully creating such systems all but guarantee that the effort will be made.
— Brian Robinson