The blockchain for everyone !

Appeared in 2008 to allow the creation of a cryptocurrency, the Bitcoin. It is important to note that this technology, independent of sound initial use, now allows (and even more so tomorrow) many other applications. However, the specificities of Bitcoin have coloured the perception of the blockchain.

The blockchain is part of a larger class of technologies called “distributed registers”. It is essentially a new database organization. The initial concept emerged in
the 1960s around a centralized structure. In this paradigm, there is a single version of the active database (which can however be
copied). This approach is now mature and appropriate for many applications. However, the concentration on a single machine means that the base is inoperative, or even destroyed, if the machine is no longer in working order. To mitigate this problem, distributed databases are scattered over several servers. They thus offer fault tolerance. Distributed registers (such as the blockchain) go further. In the traditional approach, the database owner controls the data stored in the database. Its takeover allows potentially undetectable manipulations. Users must therefore have confidence in the maintenance of the integrity of the database by its owner at all times. Distributed registers provide, at least in principle, assurance that the database is protected from manipulation. This is referred to as Byzantine fault tolerance. The security of the blocks is based on their encrypted matching, their spreading on different sites with simultaneous updates.

In the case of the blockchain, there are two central elements. The data are stored in “blocks” linked between them by cryptographic elements in a chain that grows with time.

In addition, the database is replicated on several machines (the number of which may be limited or high). It is important to stress that these are not simple copies but multiple databases active simultaneously. It is therefore essential that these different versions do not diverge in the long term. To prevent this, there is a “consensus mechanism” that constantly brings them together. In the case of Bitcoin, the machine (or “node”) that solves a mathematical problem (specific good) first gets the right to burn the next block in the permanent version of the database. This mechanism, which consumes a lot of energy, is however specific to Bitcoin. Most other applications use different mechanisms that do not have the same cost (but may have other problems).

There are public blockchains, which can be joined by anyone, and private blockchains which are subject to authorization by stakeholders. Most crypto-currencies use the first approach while supply chains use the second.
In the latter case, only accredited suppliers may participate in the blockchain with different levels access to data according to their situation (for example, to avoid that competitors may consult confidential information).

Although older, the technology has actually begun to emerge in the last two years. It is therefore in full evolution and offers less information processing capacity than centralized databases. To date, finance and logistics are the sectors where applications are most developed, although many others are interested in them.

It should be noted that, while cryptography is used to link the blocks together, the information contained in these blocks is not necessarily encrypted. In fact, blocks can simply contain a link to data stored outside the chain. This approach increases the processing speed but reduces the protection provided by the blockchain. This external link may be dynamic or offer a guarantee (in the form of a “hash”) that the information contained outside the chain has not been subsequently modified. It is often mistakenly considered that the information in a blockchain is immutable. Apart from hacking and code errors, there are at least two other ways to modify this data. The first possibility is that the different stakeholders collectively decide to change the properties of the chain. This is referred to as a “hard fork”. A second and more recently developed possibility is based on the so-called “chameleon hashes” technique, which allows blocks to be written a posteriori if a certain number of predefined conditions are met. Security and Confidentiality The distributed registers have a number of disadvantages in terms of confidentiality and security.

Safety and security
The chain itself must be distinguished from its immediate environment. The content of the channel seems relatively well protected to date, but this security cannot be absolute. The development of applications that may require millions of lines of code, errors or intentional mistakes is possible. This development is often carried out by innovative SMEs that may have
priorities other than safety. In addition, at least one State not integrated into NATO seems to be developing a policy of systematic infiltration of technical committees for strategic purposes.

Another vulnerability is the destruction of the physical infrastructure of the chains. Some are so distributed that this situation is unlikely. However, this risk seems more significant for private channels and even for some public channels. For example, NEO is a cryptocurrency with a theoretical valuation in excess of $1 billion. It seems to rest on a handful of nodes, all under the control of the founding entity in China. This concentration can also be used to take control of the network through false identities (referred to as a Sybil attack). More generally, blockchain is a new technology and its weaknesses may not yet have been clearly identified. Medium-term cryptographic developments, for example with quantum computers, may have implications that are currently poorly understood.

The environment of the blockchain is much more fragile. For example, users of cryptocurrency use “electronic wallets” that allow them to carry out transactions through specialized platforms. The private encryption keys required for these operations are often poorly protected, either by end users or by these platforms (this is the encryption of transactions stored in blocks and not the encryption of links between blocks). A second case is the automatic execution of contracts on the chain (smart contracts). For example, a temperature can trigger the payment of an insurance premium. However, this temperature is measured off-line and communicated by a protocol (or “oracle”). The handling of this transmission is possible even if the execution of the contracts itself is completely secure. A third example is the hacking of computers to allow the wild production of crypto-currencies (the costs are borne by the victim, the benefits accrue to the pirates).

Privacy and confidentiality
A distinction must be made between “anonymization” and “pseudonymization”. The latter consists of processing the data so that it is not possible to assign them to a person without using additional information (for example, by knowing a digital identity).

Anonymization, on the other hand, is a process that totally and irreversibly prevents the possibility of identifying a person. Anonymization is technically difficult, most of the information stored on the blockchains are therefore at best pseudo-anonymous. This creates confidentiality problems but provides audit trails for law enforcement. For example, computer seizures can be used to reconstruct histories of illegal transactions. In addition, computers that execute transactions on blockchains are not normally able to read the data. However, they can extract metadata (data on other data) and identify important empirical recurrences.
The data added to the chain is not immutable but is difficult to destroy. It is conceivable that copies (protected by cryptographic techniques that have become obsolete) may be lost. This difficulty in erasing data can also be exploited for criminal purposes. For example, the Bitcoin database unfortunately contains child pornography. It is therefore possible to implant, almost definitively, personal or illegal documents in public blockchains for the purpose of blackmail or dissemination.

Identity
Distributed registers also offer clear advantages in terms of security and confidentiality, although the question of the deletion of personal data may be raised. Many of these applications have not yet been deployed. In particular, the blockchain can facilitate identity management, both for individuals and for machines. This is important because, in an interconnected world, cyber defence is increasingly linked to identification. For example, the management of connected objects could be facilitated by the deployment of blockchains. These objects often suffer from low security but can play an important role in computer ecosystems. Distributed registries have the potential to track these objects individually and increase trust, transparency and traceability in their deployment. For example, these records may contain security certificates, know the properties of the different components of a system, make sure that it is not a question of copies, or allow the location of objects to call them back if necessary.

The blockchain can also facilitate the identification of natural persons. For example, it can facilitate the portability of documents in “customer knowledge” procedures in the banking sector, but also the creation of synthetic identities for international migrants. For example, the “Id 2020” project aims to help the one billion people without an officially recognized identity. The blockchain can also help to reconcile identity verification and privacy by offering different reading rights depending on the situation. For example, a person responsible for verifying age at the entrance to an establishment can in principle use an identity contained in a blockchain without the controlled person having to reveal his name and address (or even his date of birth).

Operational strategy
The digital transformation is giving rise to the emergence of new tools, including the blockchain is a jewel. Supported by a decentralized peer-to-peer network, it offers authentication that guarantees discretion. The blockchain is not limited to cryptomones and is deployed within public, semi-public or private channels. The latter can be useful in facilitating information sharing within large, multi-stakeholder organizations, as is the case with military entities. Decentralization facilitates intermediation that allows the transfer of multiform information including transport protocol and encryption. In addition, the horizontality of the system increases its resilience and is combined with the immutability of the information that is deposited within the Blockchain. This is why the major powers are developing strategic projects in the areas of intelligence operations and military logistics.

Conclusion
Blockchain technology and more generally distributed registry technology can have significant implications for security and privacy. This is a new approach that is still
misunderstood. However, it is probably preferable to regulate it while it is still in its infancy. A legislative or even administrative approach is probably very much premature, but the development of working groups involving different stakeholders to understand and structure its development would be a good thing. It would be desirable for global actors to play a full role in it their role, unlike what happened for the Internet.

If you want to contribute, it’s here:

BitcoinSV: qp6wk07msnrg3ckfnw9sn22ta8lapgyt8cfah4r0lt
Litecoin: LZHxkatqWXaiN3q62QtNUPY8dbWQwEYENU
Bitcoin (le vieux): 1GjwMGxvSrLhWHMEaSPYKXj1vmhoUCKpGb

Related posts:

The passing of a person we love plunges us in a vortex of sadness that clouds our mind and leaves us feeling helpless and confused, unable to think clearly. This is especially true if the person was…