May 2018

Quo Vadis Blockchain?

In the past two months, I did a really deep dive into Blockchain technology. When you read about Blockchain in the news, you get the impression that everything is ready to start. You have the choice of an endless list of Blockchain providers, there is a huge number of startups in that space that draws your attention.

Actually, when you try to set up a simple project, you will figure out a lot of problems with that technology at the moment. I will do a short list of problems and thoughts that I faced on my first baby steps with blockchain.

1 Which Blockchain to use?

Let’s start with a really tough one. Which Blockchain technology should I use? There are thousands out there!

The problem here is that every startup will tell you that they did the best Blockchain. So one way to go is to look for the market capitalization and network usage. What makes a Blockchain secure is, that there are a lot of (different) miners involved, that share the mining power. So if you ask yourself that question, you will come to Bitcoin and Ethereum, as they have the biggest networks. Other possibilities are Stellar, Neo, NEM,…

Another question could be, how robust a current Blockchain technology is. Bitcoin has the longest history – Ethereum got attacked multiple times. So my personal suggestion is to choose the Blockchain that got attacked most time because only then, you can be sure that it got already more secure than Blockchains without attacks.

2 Do you really need a Blockchain?

You have to think clearly about what is your final goal. Do you really need a Blockchain for that? Think about that Blockchains are very slow due to their distributed consensus. Think about using a normal Database first. A Blockchain is only needed if you have doubts to trust the other participants. The most senseless Blockchains for me are private ones. If you want to do a business with somebody, of course, there has to be trust. So you can program your Smart Contracts just a usual (without a Blockchain), share the code with your contractor, review that and fine. No real need for a Blockchain. The only real use case in a private scenario could be security, because of decentrality. But what about spreading your infrastructure all over the globe with a lot of replications? More control for you.

3 External data

A very big problem, that you have at the moment is the use of external data in a Smart Contract. As Smart Contracts have to be deterministic for the consensus, you can not make external calls (only to other Smart Contracts) to get external data.

The only thing you can do is to build an oracle (external data service) that feeds your data into the smart contract. Of course, this is a single point of failure. So you have to use multiple oracles with multiple data sources. But what if your data source gets hacked? Do you want to trigger a payment, just because somebody fed wrong data into your contract? This is a very critical issue at the moment and a lot of startups try to work on that. At the moment, I do not know any service that is really secure. The field of external data is itself a really big area of research.

4 Scalability

Scalability is a problem that every Blockchain has at the moment. Ethereum just launches their hybrid Proof of Stake / Proof of Work network. Nobody knows really if this will work in the long term. So if somebody likes to sell you a Blockchain with Proof of Importance, Proof of Stake, Proof of Whatever, don’t rely on it. The only thing working (and tested) at the moment is simple, power wasting Proof of Work.

5 Smart Contract Security

Every few months, you will find out that there got another Smart Contract hacked. So attackers can steal all the money, connected to that Smart Contract. It is not really possible at the moment, to proof the security of a Smart Contract code. So don’t do things with an extreme amount of money. We still have to find out, how to do it in a good and secure way. An audit of your Smart Contract code is absolutely mandatory to achieve a minimum amount of security.

6 Privacy

Remember that everything on the Blockchain is completely public (and it has to be for the consensus algorithm and validation). No private customer data can be involved. So the main idea is to calculate parameters off-chain and just input the result into the Smart Contract. Different technologies are working on that problem, but nothing is really there.

7 Data Storage

Where to store your data? Storing it in a Smart Contract is super expensive! Some technologies where you can store your data (immutable) are IPFS and Ethereum Swarm. These are really in development and not production ready (IPFS is more mature). So you have to store your data in a Cloud (and your Clients have to trust you again). Also, this will yield to a single point of failure.

8 Limited Computations

When you want to do computations in a Smart Contract, you are super limited in the capabilities. First of all, computations are expensive, because they are replicated on all miner’s nodes. Secondly, even if you are willing to pay a lot for your computations, Smart Contract languages like Ethereums Solidity are absolutely limited. Even no real floating point numbers, no higher math functions etc. A solution for this could be off-chain computations as proposed by TrueBit. This is a network itself and absolutely not production ready. What to do? Calculate your stuff on your normal Cloud machines, and feed the data into your smart contract. Indeed, this is again a single point of failure and a single attack point, thus not very secure.

9 Code Immutability

In software development, we are used to fixing bug with releasing new versions. For a Blockchain Smart Contract, this is not possible as the code is immutable. So what you can do, is to use a proxy Smart Contract, that will route your requests to the most recent version of your Contract. The questions you have to ask yourself is, how to shift the state of a Smart Contract to a new one? Customers send their funds to a current version of a Smart Contract, and “sign” to that version. If you shift the funds, how about legal issues? It is indeed not the same contract, after you updated it? Also an open topic.

10 Lacking research

In the Blockchain space, you just have projects with pseudo-scientific whitepapers. Don’t take these as real research papers, because they are not. The problem at the moment is, that we have no really scientific ground for the Blockchain. There are a few base technologies underlying, but scientific publications are rare. Everything is just starting.

Summary

The life in the Blockchain space is hard but also very interesting. Nothing is really ready at the moment, the practical use is just for digital currencies in the case of Bitcoin. Everything else lacks security issues or limited capabilities. Indeed you should be aware of the future development, as the Blockchain technologies can revolutionize the whole way we deploy and manage applications. My guess is that will take 2-5 years more until we can really do something useful.