The European Union Agency for Network and Information Security (ENISA) explains what Blockchain is and how it is revolutionising the public sector
As more and more services are offered by governments in electronic format, the sector has to continually evolve into the modern era. Blockchain is considered one technology that could revolutionise many sectors, one of which could be the public government sector. This technology has many opportunities and challenges, which are not very well known. The EU 1 is setting up a new Blockchain observatory to monitor and encourage the use of the technology.
The European Union Agency for Network and Information Security (ENISA) as part of its cyber protection of critical sectors, more specifically finance sector, has been advised to give an initial overview of the cyber challenges in the technology.
What is Blockchain?
Distributed ledger technology, or commonly known as Blockchain, is a distributed peer-to-peer network in which all nodes could have a copy of the ledger. The transactions are added to the ledger through a consensus agreed between all participants in the network. The consensus is the way a given transaction is proved valid and accepted to the ledger and all transactions are recorded in the ledger without the possibility to be modified at a later stage. This is also due to the fact that every transaction is tied cryptographically to the previous transaction. This way there is continuation and traceability of the transactions. One unique feature of the Blockchain is that information could only be added to the ledger.
The distributed ledger allows participants to use smart contracts 2. Smart contracts are essential actions that could be triggered after a certain event has occurred. They allow participants to verify that counterparties have fulfilled their obligations and provide for an accelerated, automated, settlement once the required conditions have been met (such as a payment or asset transfer). The distributed ledger also provides enhanced transaction security and privacy. The transactions in the ledger are signed and/or encrypted by a public key. The private key associated with that public key is only available to the owner.
What is very interesting for governmental organisations is the use of permission ledgers. This type of ledgers operates as a “members club”. Participants in this type of ledger could be allowed only after approval of the members. Also, if encryption is enabled in the ledger, visibility inside the ledger is not available for the outside world.
Opportunities for governments
Trust
Traditionally, in order to make a transaction one needed to rely on trusted third party to provide ownership verification. With the distributed ledger, if one could provide a signature which is associated with a given asset, then this is sufficient.
Traceability
Since in the distributed ledger one transaction is tied to the previous it is a possibility to trace the ownership of an asset from the beginning of the system. This way it would be very easy to verify if a painting, for instance, is original or not.
Privacy
Without a public information as to whom a given key belongs to, it is virtually impossible to determine who the owner is. If the transaction is also encrypted it would be only visible to the participants involved, and not to the general public. This does not prohibit the use of a know-your-client (KYC) systems, where one could have a match between identity and keys.
Challenges coming out of the technology
Due to its nature key management becomes paramount for the operating of the assets on the Blockchain. Since keys could be copied from a machine without leaving a trace, the owner might not even realise that key has been compromised until it is too late.
Consensus hijack is another challenge that could potentially render the Blockchain system unusable. Depending on the case and where consensus is formed through majority, taking control of a large enough portion of participants could allow an attacker to tamper the validation process. This accepting fraudulent transactions – like double spending an amount.
A key challenge is also denial of service to the system. This could be done if sufficient participants in a system try to add bogus transactions. Since time and computing power are required for the validation of a certain transaction, wasting these resources on bogus transactions, could block the processing of legitimate ones.
Smart contracts are essentially code written by people. Based on previous experience written code could have bugs and make actions which are not intended. Since transactions once accepted to the ledger are irreversible, this could lead to potential problems. In addition, based on the fact that smart contracts are code, this could potentially mean that one could store malware on the system.
Another key challenge is also that the current antimony laundering/ anti-fraud tools are not working in Blockchain system. Though it might be possible to identify who owns a given key, it is not possible to block transactions in advance.
You may find more information about these and other challenges on ENISA website.
2 Szabo, Nick. “The idea of smart contracts, 1 997.” (1997).
European Union Agency for Network and Information Security (ENISA) – The EU Cyber Security Agency
