Embed Size (px)
Citation preview
An introduction to Blockchain and Distributed Ledger Technology
This knowledge guidance gives an overview of Blockchain, what it is and the implications to Procurement. The content has been provided by Gary Nuttall, who provides consultancy and thought leadership on blockchain.
CIPS members can record one CPD hour for reading a CIPS Knowledge download that displays a CIPS CPD icon.
©CIPS 2018 1
Distributed Ledger Technology (DLT) and Blockchain are terms used to describe a new technology protocol which was first used by Bitcoin in 2009. It is gaining considerable attention, particularly in Financial Services, as over $2.5Bn has been invested since 2015 in exploring new ways of conducting business “peer to peer”, i.e. without an in-termediary. It is much more than just a foundation for crypto-currency trading though as it provides a number of capabilities that will dramatically affect many sec-tors, industries and organisations. In this paper we will explore the technology, re-move a few myths and share some thoughts about why it should be of interest to CIPS members. Many articles on the subject start with a history of blockchain, how it’s the foundations of a cryptocurrency called Bitcoin and quickly descend into techno-babble about Merk-le Trees and Byzantine Fault Tolerance. My advice here is forget what you have been told so far! The great news is that you don’t need to understand the inner workings of the technology to see how to use it. By comparison, most readers probably haven’t heard of TCP/IP or HTTP but are more than able to use the Internet and World Wide Web. To help, I’ll start by dispelling a few misnomers: There is no one blockchain (although some techie evangelists may argue that the Bitcoin Blockchain is “the” blockchain). There are in fact many blockchain protocols (of which Bitcoin, Ethereum, Monax and Hyperledger are some of the better known ones). Some are deployed as Public (which means anyone can have access) whereas others are deployed as private/permissioned – which means they’re accessible only to ap-proved organisations (rather like an insurance syndicate) Blockchains are not just about crypto currencies – they offer the potential to record asset ownership, transfers, document links, provide identity management and so much more. A blockchain implementation is, if well designed, very secure – people talk about hacks of exchanges as evidence that blockchains aren’t secure. That’s a bit like saying that a break-in at a bank branch is proof that the entire banking system is insecure. Blockchains and crypto currencies aren’t all about illegal activities such as drug dealing silk road, ransomware, etc. Whilst the likes of Bitcoin are connected with payment for nefarious activities, so too are the British Pound and US Dollar.
©CIPS 2018 2
What is “Blockchain” ? There are various types of blockchains and Distributed Ledgers and there is no single formal definition. Broadly speaking however, a blockchain is a write-only, programmable, distributed and decentralised database in which all entries are timestamped and cryptographically secured. This means that it is tamper and censorship resistant and provides a completely trusted, transparent, single source of data. Blockchains may be public (accessible to all) or private (restricted to specified participants, e.g. members of a consortia). When well designed, end users do not even know that they underlying technology is based on a blockchain and that records are held in blocks that are chained together. A blockchain will often contain just cryptographic hashes of data, documents and files. The actual original documents may be held ‘off-chain’, e.g. using cloud storage or on a server or may be stored using a distributed system such as IPFS or Swarm. Some applications act simply as a digital ledger – recording the history of assets and their ownership, others allow the creation of cryptocurrencies (Bitcoin being the original). Many projects are addressing identity management and personal data ownership and finally there are smart contracts which enable a blockchain to automatically respond to a trigger event. A simple example of this is flight delay insurance whereby a claim is paid automatically if a flight is delayed, without the need to make a claim. The terms Distributed Ledger Technology (DLT) and Blockchain are often used interchangeably and a purist would argue that this is incorrect. DLT refers to how the data is shared and blockchain to how it is stored. However you will often see just blockchain or DLT used when an implementation is using both components. I wouldn’t get too hung up about this as it’s quite like using the term “Hoover” when we actually mean Vacuum Cleaner. The analogy works well because quite often people talk about their Dyson, which is neither a hoover or a vacuum cleaner. The important thing is that all three are used for cleaning dust!
Distributed Ledger Technology Ever since the beginning of commerce, ledgers have been maintained to track transac-tions between counterparties. Traditionally, each organisation maintained its own ledger to show inflows and outflows – sales ledgers, purchase ledgers, etc. As the vol-ume of transactions and counterparties increased so did the need to reconcile ledgers and to audit their proper use. DLT means that instead of everybody having their own ledger, which is separately maintained, reconciled, etc. a single ledger is created and everybody has an automatically synchronised copy. Effectively everyone sees the same ledger, which means there’s no longer a need for each party to separately check that their version of data is the same as each other.
©CIPS 2018 3
FIG 1 – DLT Each participant, or “Node” holds a synchronized copy of the ledger, which can be cryp-tographically stored such that a participant can only see the unencrypted data which relates to them. Whilst the example given shows financial transaction, other assets, such as profes-sional accreditation, registra-tion of asset ownership, etc. can also be held in the ledger
Blockchain The term blockchain was adopted to describe how the data is secured such that it can’t be subsequently altered. It means that data written to a blockchain is considered im-mutable – i.e. it cannot be subsequently deleted or amended. This tamper resistance means that the requirements for auditing are greatly simplified as all records are re-tained and a complete transactional history is automatically produced. Just like how original records in a financial system can’t be altered and instead Journal Entries are applied to make corrections, the same approach is enabled because of a blockchain being write only.
©CIPS 2018 4
FIG 2 – BLOCKCHAIN To understand how a blockchain works, im-agine a traditional paper ledger which con-tains a list of transactions. Then at the bot-tom of the first page a “cryptographic hash”, a complex mathematical calculation which creates a unique digital signature, is applied. The mathematics are such that a change to any entry on the page (even a single digit) would result in the page having a completely different digital signature. Now this hash value is copied at the beginning of the sec-ond page. The second page is the used to record transactions until the end of the page is reached, whereupon a cryptographic has is applied to that page (which now includes the hash of the previous page). This now means that each page has a unique digital signature, containing the previous page’s signature. This means that a change to a value any-where in the ledger would require every sin-gle subsequent page to have its digital signa-ture recalculated. So, the data is written in blocks, which are chained together with the signature – hence the term “blockchain”.
In the Bitcoin Blockchain, this hashing is done by “Miners” who compete to be first to calculate the hash and to achieve consensus across the network (i.e. everyone agrees on the results). This consumes a lot of computing power.
Smart Contracts In addition to holding records of assets and financial transactions, some block-chains/DLT’s are also programmable. This allows business rules to be implemented in the system which can respond to external events. A simple example of the use of a smart contract is flight delay insurance – Data on de-layed flights can be ingested via what is known as an Oracle, or trusted data source. In the event that somebody is affected by a flight that is reported as delayed, a smart contract can automatically execute a compensation pay-out. Another example, that has been tested in the commercial insurance sector, is that of a Natural Catastrophe bond – In the event that an Earthquake registering above a certain severity is reported, a catastrophe bond is paid to the affected government to support disaster relief. Smart Contracts are poorly named as they are, in fact, neither smart nor truly con-tracts (at least in the legal sense). In future it is possible that they will be written in a
©CIPS 2018 5
legally enforceable way. Currently there are no standards in place for Smart Contracts and they can be developed in a number of programming languages, depending upon the exact protocols used.
Benefits of DLT Each of the features of DLT can be achieved through other technologies and it is the combination of them which makes DLT compelling. There are five main benefits of DLT: Immutability – The fact that it is a write-only data store means that a complete audit trail of every record, and every update, is maintained. Synchronized – With every node on the blockchain being replicated automatically, there is no need for separate reconciliation processes as the DLT serves as the “single source of the truth”. Distributed – Each participant, with most blockchain protocols, has a complete (syn-chronized) copy of all data. This means that the system is resilient against cyber-attack and system failure. Some protocols are exploring alternate techniques to make the system more efficient and this may mean that future blockchains won’t require a complete copy of all data being held by every participant. Decentralised – A blockchain can be implemented such that it is “public” and permis-sionless. This means that there is no central control (or single point of failure). The majority of commercial applications being developed are typically “private” and per-missioned, i.e. a central authority/organisation is responsible for deciding who can ac-cess the system. Cryptographically secured – The data can be held in an encrypted form using a mix of public and private cryptographic keys. This means that whilst everyone may hold a synchronized copy of the data, without the requisite key it isn’t possible to see the underlying data. This also makes the solutions resistant to ransomware (which is when a hacker encrypts data) as they would need to decrypt the data before encrypt-ing it. Programmable – The concept of smart contracts which are responsive to triggers (both internal and external) makes it easier to automate processes. Use Cases There are currently around eight major themes developing around DLT Use Cases:
• Financial Transactions – such as Bitcoin, Cashaa (Remittance payments) and BTL
©CIPS 2018 6
• Asset Register – Honduran Land Registry (through Factom, a US company) • Provenance – High value goods such as Diamonds, (Everledger), Fine Art
(Trace.io) and ethical goods (Provenance.org) • Identity Management – Estonia e-Registry • Public Services – UK Benefits Agency • Smart Contracts – The DAO, Etherisk • Voting Systems – Follow My Vote, Augur • Decentralized Markets – Open Bazaar, slock.it
There are over 1200 DLT/Blockchain startups worldwide, so the list of use cases is growing rapidly. There are also major projects being run through industry-specific consortia, such as R3CEV (Banking and Financial Services) and B3I (38 Insurance com-panies).
Supply Chain and Provenance The provenance of goods and managing the traceability of raw materials, completed parts, documentation, etc. are all areas well suited to blockchain/DLT. It’s fascinating to see the number of projects being announced. Just a few recent ones include: In September 2017 a consortium of technology companies including Robert Bosch GmbH, Cisco Systems Inc., and Gemalto NV was formed to set standards to boost the adoption of blockchain software and internet of things (IoT) networks for supply chain applications. Known as the "Trusted IoT Alliance," the group is led by vendors such as TCompanies Inc., IBM Corp, and SAP. Logistic and supply chain giants DP World Australia and DB Schenker announced in February 2018 the creation of a consortium, facilitated by blockchain start up TBSx3, using blockchain technology. The intention is that it will use blockchain architecture to combat the global counterfeit goods industry, protect global supply chains and ulti-mately help companies restore consumer trust in supply chains. The alliance complet-ed one of the largest blockchain trials to secure cargo across a global supply chain in Q2 2017, which tracked the distribution of wines from Coonawarra, South Australia to the port of Qingdao in north-eastern China. In January 2018, Maersk and IBM announced the intention to establish a joint venture to provide more efficient and secure methods for conducting global trade using block-chain technology. The new company aims at bringing the industry together on an open global trade digitization platform that offers a suite of digital products and integration services. The platform is currently being tested by a number of selected partners who all have interest in developing smarter processes for trade. As we incorporate learnings and
©CIPS 2018 7
continue to expand the network, a fully open platform whereby all players in the glob-al supply chain can participate and extract value is expected to become available.
Summary To simply think of DLT as a foundation for a cryptocurrency platform is however akin to thinking of the Internet being the foundation for sharing videos of cats. A few key points to observe:
• Likely to be as disruptive/innovative as the Internet and World Wide Web. • Major threat to intermediary activities – it provides systemic trust. • Banks have invested over $1Bn R&D and are now moving from Proof of Con-
cept to pilot • Gartner’s Hype cycle suggested 2017 was ‘peak of inflated expectations’. The
reality is that there has been even more hype since • McKInsey suggests widespread adoption in 3-5 years • There is a limited talent pool, with very few skilled people with any deep exper-
tise • Immature technology that is evolving rapidly • Likely to be major use cases that we haven’t even thought about • Organisations are currently in an evaluation phase to understand what threats
and opportunities the technology provides • There are very few productionised platforms yet – many organisations have
announced Proof of Concepts or pilots and are using these to understand more about the technology
Conclusion There is no doubt that DLT is going to provide major opportunities to reshape existing businesses and to disintermediate many unless they work out how to use it to their advantage. Many organisations ran PoC’s in 2016/17 to learn about the technology and to explore its potential. We are likely to see a number of projects going live in 2018 as early adopters take advantages of the capabilities that the technology pro-vides.
Author
Gary Nuttall
©CIPS 2018 8
LinkedIn The author is a well-known evangelist and thought leader on blockchain, and particularly its adoption in insurance and legal sectors. He provides bespoke education and consultancy through his own practice. https://www.linkedin.com/in/garynuttall/
