NIST examines blockchain misconceptions
- By Sara Friedman
With the hype around blockchain continuing to grow, the National Institute of Standards and Technology set out to dispel some of the common misconceptions surrounding distributed ledger technology.
The new "Draft NIST Interagency Report (NISTIR) 8202: Blockchain Technology Overview" gives a high-level explanation of the mechanisms behind blockchain technology and provides current examples of some of the platform's use. To help IT managers make informed decisions about using blockchain for specific applications, NIST also addressed several common false impressions:
No one is in control. There are two basic kinds of blockchains: permissioned and permissionless. In permissioned blockchains, individuals are invited to read and write on a private shared distributed ledger. Permissionless blockchains are decentralized platforms that are open to all users and use a consensus method to validate transactions on the ledger in order to “prevent bad users from easily subverting the system.”
A core group of developers is responsible for the system’s development, and they maintain some level of control in the interest of the larger community. But they don’t have control over who can perform transactions within the rules of the blockchain system.
It's totally secure. Blockchains can enforce transaction rules and specifications, but they cannot prevent colluding, malicious users from controlling a large enough stake in the system or processing power to cause damage. These bad actors could ignore specific users or nodes and disrupt information distribution by refusing to transmit blocks to other nodes in the system. Their actions can be combatted with hard forks, which require all users to adopt a change to the protocol.
No need for trust. Despite the lack of a third party to certify transactions in a permissionless system, trust is a key component of blockchain systems, NIST said. All users must trust the underlying cryptographic technologies and software, accept that most users of the blockchain are not colluding in secret and believe transactions are being accepted and processed in a fair manner.
It's lightweight processing. Verifying blockchain transactions requires significant processing time and electricity. And because blockchain is not designed to be a storage medium, transactions tend to be “relatively small,” and large amounts of data are stored “off chain” with pointers and references stored within the chain.
It supports identity management. Although each user has a blockchain wallet containing a public-private key pair, it is not a one-to-one relationship. A single user can have multiple private keys, and multiple blockchain addresses can derived from a single public key. Therefore, typical blockchain implementations are not designed to serve as standalone identity management systems.
NIST’s goal in releasing the draft publication was to “get past the rumors” and hype surrounding the technology and give decision-makers some perspective, according to Dylan Yaga, report co-author and a NIST computer scientist.
“IT managers need to be able to say, we understand this, and then be able to argue whether or not the company needs to use it based on that clear understanding,” Yaga said. “Some people are saying you should use it everywhere for everything. We wrote with the perspective that you shouldn’t use it if it’s not necessary.”
Public comments on the draft report are due on Feb. 23. Read the full report here.