Cracking the Code of Privacy in the Blockchain

S&P Global
Written By: Eric Turner, Thomas Zakrzewski, Courtney Stout and John Kingston
S&P Global
Written By: Eric Turner, Thomas Zakrzewski, Courtney Stout and John Kingston

If 2018 is going to be the year when blockchain hype begins to turn into blockchain reality, one question that should be of interest to anybody tracking the adaption of distributed ledger technology is just how much information we are willing to share in the name of distributed trust.

While many may attempt to divide distributed ledger applications between public or private, it is perhaps more important to understand who can use a blockchain, and how widely available personal or institutional data should be.

Bitcoin has gained wide coverage in the news not only due to its rise in price, but because it was the first application of a blockchain. Bitcoin uses a fully public ledger of transactions. Anyone wishing to use the network can do so easily, making it permissionless. All you need is a computer or mobile device. Anyone can track transactions, prices, and the overall usage of the network. You can even watch a graphic representation of real-time bitcoin trading at Bitbonkers.

The level of transparency in bitcoin is a necessity of the network, which relies on thousands of independent computers around the world—also known as nodes--to verify transactions. This distributed verification is known as consensus. With the majority of the nodes adding verified transactions to the ledger, trust in the network is provided despite the fact that participants may be unknown to each other.

Reaching consensus among a large group of participants in a public blockchain does come with a cost: speed.

Eric Turner, Thomas Zakrzewski, Courtney Stout and John Kingston

However, reaching consensus among a large group of participants in a public blockchain does come with a cost: speed. Bitcoin for example allows for only one block of transactions to be added every 10 minutes, though other networks like Ethereum use faster block times. Private ledgers can process transactions even faster by using only a few nodes to add or verify transactions, which only works if the participants are already known and trusted counterparties.

Still, there are limitations in speed in all distributed ledgers, and the tradeoff between the speed of fewer nodes and the security of a large network, is a constant battle. It’s one of the reasons why for now, blockchain technology is not being viewed as able to displace the powerful central systems that keep the trade volume flowing at exchanges such as the Chicago Mercantile Exchange or the Intercontinental Exchange.

But it is expected to be capable of replacing current systems —or in some cases, paper--that drive back-office operations, which was most evident in the December announcement by Digital Asset. In what is easily one of the most concrete commercial applications in the blockchain world so far, the Australian Stock Exchange announced that it was replacing its legacy clearing house electronic subregister system, known as CHESS, with a blockchain solution to be built by DA.

Digital Asset had to deal with the tradeoffs between permissions and privacy when creating their solution. We contacted Dan O’Prey, DA’s Director of Marketing and a panelist at the Fintech Intel conference sponsored by S&P Global Market Intelligence, and asked him how DA would describe the public/private definition for the ASX system.

He said the system was not a public blockchain. Nor was it a “permissionless” blockchain where, as he said, “anyone can participate.” However, he did add that the permissionless part usually describes the part of the activity that takes place before an actual transaction, such as mining. Others have noted that it can include connecting with peers and sending or verifying transactions.

But definitions are not consistent in the field, and it is important that people understand that as they take their early steps through the ecosystem, sometimes scratching their head as they go. For example, we found another explanation of public vs. private that clearly uses the term “public” and “permissionless” interchangeably. In the piece, the author, Devon Allaby, business designer at Fjord Australia, says, “The most famous blockchain projects…bitcoin and ethereum…are permissionless blockchains.”

The ASX blockchain solution that DA is building will be, according to O’Prey, a “permissioned, private distributed ledger.” Entry into the ledger can be granted only by ASX, and the only data that a participant can see is the data that “pertains” to them.

The DA/ASX move from proof of concept to commercial application, as one of the most important developments in the real-life adaptation of blockchain technology, will contribute to the ongoing discussion over definitions. Just as importantly, the definition debate takes a back seat to the question of which one is “better.”

Colin Thompson , the managing director of Intrepid Ventures, summed up the heart of the debate in a piece for Blockchain Daily News, which he subtitled “A simple explanation for dummies.”

Thompson discusses the fact that private blockchains are expected to be far faster than the blockchains that run bitcoin or Ethereum. But in the blockchain world where emotion and political philosophy play as much of a role as code, as Thompson notes: “Blockchain purists aren’t impressed. A private platform effectively kills their favorite part of this nascent technology: decentralization. They see the advent of private blockchain systems as little more than a sneaky attempt by big banks to retain their control of financial markets."

Searching for various discussions on private vs. public illustrates this conflict clearly. One can’t help but read them and think of that old adage: “The perfect is the enemy of the good.” Thompson, in his piece, sums up that argument in talking about private blockchains: “Just because it is unlikely to revolutionize our world doesn’t mean it can’t play a role in making the world better.”

For example, a government title registry, which has been seen as one of the most promising potential uses of blockchain technology, needs to be public. Titles are a matter of public record, and a wide variety of interested parties in the ownership of a parcel of land needs to be able to see the full scope of a piece of land’s history. But the ability to add or change records should be permissioned, meaning that only certain parties can update the ledger.

This becomes more important for cases of specific business needs, such as the complicated processes needed to complete a commodity trade, the so-called “back office,” the contained community may find that DLT works fine for their needs without opening up the doors to a broader audience.

In a blog post from August 2015—eons ago in the blockchain world—Ethereum founder Vitalik Buterin described a view held by some that permissioned blockchains were “a desperate act of dinosaurish middlemen trying to stay relevant.” But he then goes on to note there are many who are “in this fight simply because they want to figure out how to best serve humanity, or even pursue the more modest goal of serving their customers.”

The private vs. public debate is actually an oversimplification. The reality is that there is a third type of blockchain in the discussion: a consortium blockchain.

Will our data be distributed in certain public blockchains? If they are private, just how private will they be?

Eric Turner, Thomas Zakrzewski, Courtney Stout and John Kingston

As we on the S&P Global blockchain task force have looked at how to interact with the growth of distributed ledger technology, we have begun to confront these questions of definition. Will our data be distributed in certain public blockchains? If they are private, just how private will they be? And if they are a consortium blockchain, who will control the consortium? But before the answers to those questions can be reached, we needed to sort through readings and conversations, and have come up with definitions.

In our view:

Public blockchain: The easiest to define. The definition is aided by the fact that the best-known and most active applications of blockchain technology are fully public: bitcoin and Ethereum. Anyone can participate and the data on the blockchain is fully public. These blockchains are also permissionless, and anyone can use them.

These solutions are ideal for parties that don’t have natural trust, because they are rarely, if ever, counterparties.

In Buterin’s public vs. private paper referenced earlier, he provides another example of a public blockchain—the sale and trading of internet domain names—that doesn’t exist but could benefit from a public blockchain if it did: “If we have a domain name system on a blockchain, and a currency on the same blockchain (his emphasis on the value of a cryptocurrency), then we can cut costs to near-zero with a smart contract: (An entity) can send the domain to a program which immediately sends it to the first person to send the program money, and the program is trusted because it runs on a public blockchain.” Given that the transfer of these domain names would likely occur between parties that might not naturally have anything to do with each other, a transaction like this can’t happen on anything other than a public blockchain. It may be that Buterin’s example isn’t fully in line with complex trademark laws, but it still serves as a helpful example.

One aspect that should not be overlooked is that there may be methods in which a public/permissionless blockchain will not have full transactional disclosure. For example, Ethereum is looking at moving to a system using zero knowledge proof. It is more complex than we will explain here, but the point is that there could be a system of public blockchains without total transparency and is used in other blockchains like zcash.

Private blockchain: This is where the definitions begin to get tricky. Private blockchains are also referred to as “permissioned,” but there are also writers on the blockchain ecosystem who will write as if the two are distinct. (Note DA’s reference to the ASX blockchain as a “permissioned, private” distributed ledger.) IBM, in its own primer on the subject, described private blockchains as those where an invitation to participate is required “and must be validated by either the network starter or by a set of rules put in place by the network starter.” That latter, definition, as we’ll see, can be applied to consortium blockchains. Permissioned blockchains will generally default to transactional privacy giving only counterparties or approved entities like regulators access to underlying details.

IBM’s work in blockchain has mostly focused on the Hyperledger Fabric platform that is open source but hosted by the Linux Foundation. In its own explanation of private vs. public, it describes Fabric as a permissioned blockchain, private blockchains set up by businesses will proceed. “Only the entities participating in a particular transaction will have knowledge and access to it — other entities will have no access to it,” IBM wrote.

And it goes right to the heart of an advantage of private blockchains: speed that comes from limiting the scope of the ledger’s reach: “Permissioned blockchains also permit a couple of orders of magnitude greater scalability in terms of transactional throughput.” The trust in the private ledger comes from the authority of the entity that set it up, or from some sort of consensus mechanism provided by a small number of participants. By contrast, the trust in a public blockchain is provided by the confirmation of the broad network of participants, which is also its disadvantage in setting its speed limits. But the public blockchains allow broader reach. The blockchain taketh, the blockchain giveth.

Consortium blockchain: The next question to consider is if a blockchain is permissioned; who is granting access? We see two aspects unique to a consortium blockchain.

First, the central authority in it might be a group of companies or other entities with interest in a particular area of commerce that has come together to provide a DLT-based solution. (Think of the BP/Statoil/Shell tie-up in the oil trading sector with a consortium that already existed featuring trading company Mercuria, Dutch bank ING and French bank SocGen).

However, the mere fact that there are multiple members of the consortium does not necessarily make it different from a blockchain where there is still a central authority in charge. If the consortium creates a shared governing structure, and that “office” is completely in charge, it’s getting pretty close to a blockchain with one central authority, removing some of the trust in a decentralized system.

It is likely that enterprise applications will fall somewhere into the consortium model, where institutions trust each other enough that not every node must verify a transaction, and the underlying details of transactions remain only known to the parties involved.

In one vision of a consortium blockchain, it’s a hybrid: a pre-selected but limited number of nodes on the ledger will provide trust. Gavin Whyte, chief data scientist and a principal at Deloitte Australia, wrote about this aspect in a LinkedIn post. “(O)ne might imagine a consortium of three entities e.g., Bank A, Bank B and a regulator node, each of which operates a node and of which, three must sign every block in order for the block to be valid.” The earlier reference by IBM to “a set of rules put in place by the network starter” sounds very much like what Whyte is describing.

The amount of public information on the blockchain can vary among applications. There may be “hybrid routes” that would allow the public to “get back cryptographic proofs of some parts of the blockchain state,” Whyte writes. These proofs can be used to ensure transaction details are valid, without revealing the underlying details.

He also avoids favoring one or the other. Consortium blockchains, or what he refers to as “partly decentralized blockchain applications….I believe will certainly start to flourish in an accelerated manner.” As for fully private blockchains, their potential applications “are limitless, and if used correctly can (prove to) be very effective in reporting and accountability for each individual entity.”

He wraps up his piece by asking a question that anyone starting to consider DLT for their operations will need to ponder: “So where does this leave you with the application of BlockChain in your organization today?” 

Those of us on the S&P Global blockchain task force that have been asking those questions in our own organization would say that you should address the following areas:

What is the use case? Your company has numerous activities. Which ones would benefit from distributed ledger technology? And are there some small test cases that can be as much an educational experience as it is an improvement in process. How does blockchain add value? If a system is function well, and expected to do so for the foreseeable future, it may not be worth spending resources on a distributed ledger application. It is better to start with systems that can be easily replaced or need to be upgraded to transact with counterparties.

While public blockchains may be easier to explore, they may not meet your business needs. Consider the adaptable nature of a private, permissioned, solution, or a consortium. Networks will drive adoption so partnerships across industries are important, and can be driven by shared technology providers.