Disclaimer:This technology is quite complex and I only skimmed the top of it, just out of interest. I read loads of articles and checked some API documentations. It led to a general understanding. This is probably how many articles are researched but being a software engineer I know how fast things use to change as soon as you actually get your hands dirty…
The usual “a blockchain is …” continues with an analogy from accounting. Seen from a tech perspective I see it more as a write-only database. But with a very sophisticated security system and without a central server (that’s what they claim, I have some doubts – what about business models and access control?) It looks like there is a little weakness with transaction speed, which won’t show for example with real estate contracts – but a transaction latency measured in seconds is not what we are accustomed to in computer science. And the friends at realtime stock trading are probably also not as excited as the rest of fintech industries. But this will improve soon. One’s mess is always another one’s opportunity.
There are many interesting areas where blockchains are evaluated, but I think they should definitely be applied where they are already very strong: in security protocols.
There are two main challenges today when it comes to implementing secure communications:
- Keep the stack up to date.
The algorithms commonly used today are supposed to be reasonably secure. But eventually they will have to be replaced by even better standards. And there is always the risk of fatal errors in the implementation of the algorithms and all the glue code that is needed to make them actually useful. So it is essential to have a – secure! – protocol of how to update every component and their configuration. - Public Key management.
It is commonmly agreed that a combination of (slower) public key encryption combined with fast symmetric stream encoding is the way to establish secure point-to-point communication.
This means that everything relies on the integrity of the public key. It has to belong exactly to the other side, or else it’s impossible to even tell what is really transferred in the communication stream or who is reading or tampering along the line.
I believe that blockchains or a similar technology will be the perfect answer here. Although in parts the currently used system of certificate chains is meant to be a sufficient approach here. But there are reasons to not trust them fully. Also the services included mainly consist of establishing SSL connections, no transaction APIs and sadly no well-defined upgrade path for code.
A security system based on blockchains would have two essential benefits:
- The maintenance of the code has to be an integral part. It has to enforce security levels beyond any doubt. Replacement code has to come from somewhere safe and integrity has to be checked. Regarding blockchains this is basically a simple one to many operation – database lookups – and to be fair: the challenge lies more in a rock-solid upgrade procedure.
- More important: It will serve as an immutable global store for public keys where every update will be transparent and retraceable, it would make the current system of trusted certificate chains obsolete and at the same time enable a convenient (!) and affordable registry for everybody.
So who will build this for us? Or already has done so? Remember, this is core technology. Secondary applications like Fintech, Legal or eHealth will probably be happy to build upon and pay for a proven API.