Cryptocurrency continues to capture headlines, with many regulators warning about potential scams and data breaches. The Better Business Bureau has warned that the market's growth is stymied by a lack of consumer education, little regulation, and the fact that banks are not relied upon for transaction verification. The emergence of cryptocurrency has raised these concerns and more regarding the future of finance and the ability of financial firms not only to adapt but also to secure transactions.
Cryptocurrency is just one of the applications for blockchain technology in the financial markets. The technology has become an increasingly important cornerstone for decentralized finance, trading, payment, and other systems and solutions. That's why it's critical to understand the requirements for implementing both the technology and the new business models it enables.
Hyperledger Foundation Chief Technology Officer Hart Montgomery says two of the largest concerns related to transactions on blockchain are scalability and confidentiality. "These are exciting areas for research and development in blockchain, and we are currently seeing quite a bit of progress on both fronts," he says.
Scalability and Confidentiality on Blockchain
In terms of scalability, blockchain only can process a certain number of transactions per second, and adding more hardware does little to solve the scalability problem. Montgomery explains, "For instance, people usually estimate that Bitcoin can process something like five to 10 transactions per second, and adding more miners does not speed up the process." He adds that this would not be sufficient for many applications where people want to use blockchain.
"However, there are sidechains or Layer 2 solutions for Bitcoin transactions, as well as many permissioned or semi-permissioned blockchains to process transactions more quickly than Bitcoin," Montgomery says. "Most approaches today are not fast enough for all blockchain applications. Those that are fast enough typically have drawbacks in other areas." There will always be a security/efficiency trade-off with blockchain. "Cryptographic techniques that ensure privacy, confidentiality, and security against malicious adversaries are often expensive in terms of both computation and network communication," he explains. "Systems with strong properties in these areas are often less performant than those without."
Confidentiality is another major concern with blockchain. According to Montgomery, "Unlike traditional systems where transactions are done in a peer-to-peer manner and only the relevant parties can see those transactions, everyone with visibility into the blockchain can see the transactions." Traditional systems ensure confidentiality, but it makes it hard for "other people who need to see the transaction information or ownership chain in the future," he explains.
"In turn, seeing the entire blockchain can be problematic, particularly for applications where data privacy is important or even mandated by regulations." Confidentiality can be improved on the blockchain, notes Montgomery, with new cryptographic techniques like zero knowledge proofs (ZKPs) or blind signatures. ZKPs are a method in which one party of a transaction can prove to another party that a given statement is true without disclosing any additional information other than that the statement is true. Blind signatures, on the other hand, are a digital signature in which the content of a message is disguised before it is signed, while still enabling the signature to be publicly verified against the original unblinded message.
Legacy systems can have a "single point of failure," says Montgomery, which means that if one organization is compromised, then the entire system can fail. "For example, in a traditional database, if the root key is compromised, then the whole database is toast," he explains. However, blockchain is a tool that enables decentralized trust, and those that use consensus algorithms with strong enough properties can prevent the entire system from failing. "Some fraction of the participants in the blockchain may be completely compromised, but the blockchain itself will still retain integrity and be fully functional," he says. "In a world of hackers and bad software bugs — all of which have the potential to compromise databases and servers — having this extra redundancy and compromise resistance is a fantastic tool and one of the main reasons why people are using blockchains today."
Blockchains are one tool to enable the sharing of data between enterprises that do not trust one another and cannot agree on a central verifying enterprise for transactions. Montgomery shares, "For instance, Bitcoin can be thought of as a (massive) distributed database for money where the participants don’t have to trust any central authority, and Ethereum could be viewed as a distributed database of programs (smart contracts) without a trusted central authority."
In the financial markets, blockchain can help enterprises verify if certain companies own the data or assets they are selling. "A database that contains authenticated ownership information for some particular type of asset would be extremely desirable in this situation, but who runs it? In many cases, it’s not clear who the arbiter of this information should be, and, in these cases, a blockchain is an ideal solution," he explains. "We’ve seen this kind of thinking push blockchain into practice in a number of applications built by the Hyperledger community, including everything from government documentation, supply chain management, central bank digital currency (CBDC), and more. Anywhere that decentralized trust is necessary is where blockchain has the potential to affect enterprise technology."
Preventing Financial Fraud With Blockchain
Blockchain's smart contract code, according to Montgomery, can help firms enforce rules, even if the code doesn't necessarily mean "the code is the law." He adds, "We can still enforce basic rules and incentivize good behavior with code. While privacy can be an issue, this is clearly something that is not possible with point-to-point transactions where colluding parties can ignore the rules." Further, he explains, "If we consider a hypothetical blockchain handling some sort of financial transactions. We could allow an auditor or some governmental agency responsible for regulating the transactions access to the blockchain."
According to Montgomery, "even if transactions were private, the auditor could provide a set of rules and the parties making the transactions could prove in zero knowledge that the transactions adhered to the rules and post the proof on the blockchain. This is something that wouldn’t be possible without a blockchain."
There may be production systems using ZKPs for auditing, and, he says, that's where an auditor or arbiter of the law is on the blockchain with all of the participants. "ZKPs were first popularized in the blockchain community by ZCash, and are an exciting tool that can help us build private blockchains," Montgomery adds. "While they aren’t a complete solution — traffic analysis is still a problem — they are certainly a step in the right direction." He forecasts, "We are already seeing more and more blockchains use exciting new ZKP techniques, and I suspect this trend will continue."
One of the best pieces of advice for enterprises Montgomery shared was "don’t get security and cryptography, get security experts and cryptographers." These experts can institute and maintain best practices in security and cryptography. "It can be expensive, but it is well worth the money when compared to what can happen due to a catastrophic security event," says Montgomery. Even as cryptocurrencies capture headlines, Montgomery points out that enterprise blockchain has a lot of real-world applications where databases with decentralized trust can be used and will eventually replace legacy systems. He expects that blockchains will use new innovations from the cryptography community to build systems with better privacy, confidentiality, and security properties.
Don’t get security and cryptography, get security experts and cryptographers. It can be expensive, but it is well worth the money when compared to what can happen due to a catastrophic security event.