Statuscheck BLOCKCHAIN
NIST seeks to demystify
distributed ledger technology
A new dra  report aims to help agencies understand how blockchain works and decide whether it’s right for them
BWY SARA FRIEDMAN
ith the hype and buzz around blockchain con- tinuing to grow, the Na-
tional Institute of Standards and Tech- nology set out to dispel some of the common misconceptions surrounding distributed ledger technology.
The draft NIST interagency report, “NISTIR 8202: Blockchain Technology Overview,” gives a high-level explana- tion of the mechanisms behind block- chain technology and provides current examples of the platform’s uses. To help IT managers make informed de- cisions about using blockchain for spe- cific applications, NIST also addressed several common false impressions.
1. No one is in control. There are two basic kinds of blockchains. In permis- sioned blockchains, individuals are invit- ed to read and write on a private, shared distributed ledger. Permissionless block- chains are decentralized platforms that are open to all users under a consensus methodology that validates transactions on the ledger to “prevent bad users from easily subverting the system.”
A core group of developers is respon- sible for the system’s development, and they maintain some level of control in the interest of the larger community. But they don’t have control over who can per- form transactions within the rules of the blockchain system.
2. It’s totally secure. Blockchains can
enforce transaction rules and specifica- tions, but they cannot prevent malicious users from controlling a large enough stake in the system or processing power to cause damage. Those bad actors could ignore specific users or nodes and dis- rupt information distribution by refusing to transmit blocks to other nodes in the system. Their actions can be combatted with hard forks, which require all users to adopt a change to the protocol.
3. There is no need for trust. Despite the lack of a third party to certify transac- tions in a permissionless system, trust is a key component of blockchain, NIST said. All users must trust the underlying cryp- tographic technologies and software, accept that most users of the blockchain
are not colluding in secret, and believe transactions are being accepted and processed in a fair manner.
4. It’s lightweight processing.
Verifying blockchain transactions re- quires significant processing time and electricity. And because blockchain is not designed to be a storage medi- um, transactions tend to be relatively small, and large amounts of data are stored “off chain,” with pointers and references stored within the chain.
5. It supports identity manage- ment. Although each user has a blockchain wallet containing a pub- lic/private key pair, it is not a one-to- one relationship. A single user can
have multiple private keys, and multiple blockchain addresses can be derived from a single public key. Therefore, typi- cal blockchain implementations are not designed to serve as stand-alone identity management systems.
NIST’s goal in releasing the draft pub- lication was to go beyond the rumors and hype surrounding the technology and give decision-makers some perspective, said Dylan Yaga, a NIST computer scien- tist and one of the report’s authors.
“IT managers need to be able to say, ‘We understand this,’ and then be able to argue whether or not the company needs to use it based on that clear un- derstanding,” Yaga said. “Some people are saying you should use it everywhere for everything. We wrote with the per- spective that you shouldn’t use it if it’s not necessary.” •
 GCN.com
GCN covers blockchain and other emerging technologies on a daily basis at GCN.com. For the full NIST report and other blockchain updates, go to GCN.com/blockchain.
   GCN FEBRUARY/MARCH 2018 • GCN.COM 29
JEFF ZEHNDER/SHUTTERSTOCK