Blockchain: sometimes a misconception of added trust
27 October 2020
While the industry evolves, we see many new blockchain products. As a stakeholder in the wider ecosystem, we receive many marketing emails about yet another revolutionising product. Some are inspiring; some are not. With many of them, we wonder if the world really needs them, or if it provides an added value. It seems like some businesses try to put the blockchain into everything. Then, every so often, there are the ones that trouble us because they sell a false sense of added trust.
The promise of decentralised blockchain is a trust-less system that records immutable records of truth. However, we have detected severe vulnerabilities when looking under the hood of some products currently surfacing in the market. Often the vulnerability is not with the blockchain protocol nor the consensus algorithm. In these products, it is the basic design, architecture and workflows that are sensitive to manipulation.
Most of us see through companies trying to take advantage of a buzzword and implement a blockchain solution where it is merely a gimmick. However, advertising a false sense of trust to consumers goes entirely against the blockchain promise and can damage the industry. We therefore found it necessary to bring some more awareness to our readers so you can recognise these products.
So what kind of products are we referring to?
The products promise trust, guaranteed or enforced by the blockchain. They appear as a certification or as label of trust that boast a network of already integrated businesses. The products are advertised as B2B, advocating that integration of the blockchain product can offer your customers an additional layer of trust. An immutable record that your customers can access confirming a transaction. To the consumers they advertise that they can trust businesses that have integrated their product and display their label or certification or trust. After all, the blockchain guarantees an immutable record.
The design of the product is where it goes wrong. A business that participates in such a scheme integrates by implementing a file transfer protocol. On a daily, hourly or other time interval basis, the business will transmit event/transactional data from their database and the platform posts that data on a Blockchain.
The customer wrongfully believes that the event creates an immutable record at the time of the transaction. In fact, the record only becomes immutable after the business has posted this event to the blockchain platform and subsequently on the ledger. It is still possible to alter the data from the time that the transaction took place until the data scheduler transmits the records to the blockchain platform. This is not the trust and immutability promised by blockchain technology. For the transaction to be truly immutable, the transaction needs governance from a smart contract directly on the blockchain. Figure 1 below illustrates the difference between a genuine blockchain transaction and mis-sold trust.
As an example, we can look at the gambling industry. There are trust labels that work exactly as described in this article. A gambling company advertises a false sense of security in which the punch line states that all the outcomes of bets and wagers create an immutable record on the blockchain. There is no lie in the sentence as such, just a vast amount of ambiguity. As a customer, you would expect that the gambling company would have no possibility of interference in the transaction after the outcome of the bet or wager. A solid reason to trust the provider. However, the gaming machine must post the result directly to the smart contract so that the gambling operator cannot interfere with the outcome. Figure 2 below illustrates how a trusted Blockchain integration on a gambling website should look like.
For another example, we can look at royalties. You may be publishing your artwork, music or photos on a platform that records royalty payments on views, downloads and other redistributions. However, for the count to be immutable on the blockchain, each view or download must be executed through a smart contract. As we have demonstrated in figure 1 above, posting the view count to the blockchain in intervals is a process vulnerable to manipulation.
We are not suggesting that businesses that incorporate this type of implementation are fraudulent. Actually, most of the businesses will conduct a legitimate business. The business management might not even be aware themselves that the trust mark gives no contribution or benefit.
Protect yourself from a false sense of security by always asking the question; Are my transactions executed through a smart contract directly on a distributed ledger? Visit the website of the trust label or blockchain platform and ask them the question. Our advice as a starting point is not to give your trust that easy. For a trust label to integrate with businesses on a smart contract level, it requires a significant amount of development work. Each type of transaction requires a specific smart contract. Each business is different and often use different software. Therefore, these smart contracts are not widely compatible.
We encourage businesses to adopt distributed ledger technology to create a trust-less environment. However, if you do, then do it right! Live up to the blockchain promise and be honest, not ambiguous.
By Rick Landman, Chief Technology Officer, Infinex Partners