BLOCKCHAIN

DLMCSEBCQC01
BLOCKCHAIN
 MASTHEAD

Publisher:
IU Internationale Hochschule GmbH
IU International University of Applied Sciences
Juri-Gagarin-Ring 152
D-99084 Erfurt

Mailing address:
Albert-Proeller-Straße 15-19
D-86675 Buchdorf
media@iu.org
www.iu.de

DLMCSEBCQC01
Version No.: 001-2024-0621

N.N.

© 2024 IU Internationale Hochschule GmbH

This course book is protected by copyright. All rights reserved.
This course book may not be reproduced and/or electronically edited, duplicated, or dis-
tributed in any kind of form without written permission by the IU Internationale Hoch-
schule GmbH (hereinafter referred to as IU).
The authors/publishers have identified the authors and sources of all graphics to the best
of their abilities. However, if any erroneous information has been provided, please notify
us accordingly.

2
 TABLE OF CONTENTS
BLOCKCHAIN

Introduction
Signposts Throughout the Course Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Suggested Readings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Required Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Learning Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Unit 1
Basic Concepts 13

1.1 The Functional View: Distributed Ledger Technologies (DLT) . . . . . . . . . . . . . . . . . . . . . 14

1.2 The Technical View: Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.3 History of Blockchain and Distributed Ledger Technology . . . . . . . . . . . . . . . . . . . . . . . . 27
1.4 Consensus Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
1.5 Limitations of Blockchain Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Unit 2
Bitcoin 35

2.1 The Bitcoin Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

2.2 The Technology Behind Bitcoin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
2.3 Security of Bitcoin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.4 Scalability and Other Limitations of Bitcoin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
2.5 Bitcoin Derivatives and Alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Unit 3
Smart Contracts and Decentralized Apps 61

3.1 Smart Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3.2 Decentralized Apps (DApps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.3 Ethereum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.4 Hyperledger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.5 Alternative Platforms for Smart Contracts and DApps . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Unit 4
Security of Blockchain and DLT 81

4.1 Components of Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

4.2 Attacks on Blockchain and DLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4.3 Resolving Bugs and Security Holes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.4 Long-Term Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

3
 Unit 5
Blockchain and DLT Application Scenarios 99

5.1 Benefits and Limits of Applying Blockchain and DLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

5.2 Financial Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
5.3 Supply Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5.4 Healthcare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.5 Governments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
5.6 Real Estate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
5.7 Sports and Entertainment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
5.8 Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Unit 6
Development of Blockchain and DLT Applications 135

6.1 Architecture of Blockchain and DLT Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

6.2 Platform Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6.3 Platform Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
6.4 Design of Blockchain and DLT Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Unit 7
Blockchain and Society 155

7.1 (Mis-)Trust in Institutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

7.2 Blockchain and the Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
7.3 Cyber-Currencies in the Darknet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
7.4 ICO Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Unit 8
Legal Aspects 181

8.1 DLT and Smart Contracts as Legal Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

8.2 Cryptocurrencies as Legal Currencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
8.3 Regulation of ICOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
8.4 Data Protection/Privacy in Blockchains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Appendix
List of References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
List of Tables and Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

4
INTRODUCTION
 WELCOME
SIGNPOSTS THROUGHOUT THE COURSE BOOK

This course book contains the core content for this course. Additional learning materials
can be found on the learning platform, but this course book should form the basis for your
learning.

The content of this course book is divided into units, which are divided further into sec-
tions. Each section contains only one new key concept to allow you to quickly and effi-
ciently add new learning material to your existing knowledge.

At the end of each section of the digital course book, you will find self-check questions.
These questions are designed to help you check whether you have understood the con-
cepts in each section.

For all modules with a final exam, you must complete the knowledge tests on the learning
platform. You will pass the knowledge test for each unit when you answer at least 80% of
the questions correctly.

When you have passed the knowledge tests for all the units, the course is considered fin-
ished and you will be able to register for the final assessment. Please ensure that you com-
plete the evaluation prior to registering for the assessment.

Good luck!

6
 SUGGESTED READINGS
GENERAL SUGGESTIONS

De Filippi, P., & Wright, A. (2018). Blockchain and the law. The rule of code. Harvard Univer-
sity Press.

Meinel, C., Gayvoronskaya, T. & Schnjakin, M. (2018). Blockchain: Hype or innovation. Uni-
versitätsverlag Potsdam.

Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system [white paper].

Tapscott, D., & Tapscott, N. (2018). Blockchain revolution. How the technology behind bit-
coin is changing money, business, and the world. Portfolio.

Xu, W., Weber, I., & Staples, M. (2019). Architecture for blockchain applications. Springer.

UNIT 1

Yaga, D., Mell, P., Roby, N., & Scarfone, K. (2019). Blockchain technology overview. National
Institute of Standards and Technology. 1—29. Database: EBSCO

UNIT 2

Marino, N., Lieser, J., & Clark, C. (2018). The dark side of bitcoin. Los Angeles Lawyer, 41(6),
36—41. Database: EBSCO

UNIT 3

Schneider, L., Evans, J., & Kim, A. (2018). Why blockchain smart contracts matter. Interna-
tional Financial Law Review, 1. Database: EBSCO

UNIT 4

Zhu, L., Zheng, B., Shen, M., Yu, S., Gao, F., Li, H., Shi, K., & Gai, K. (2018). Research on the
security of blockchain data: A survey. Beijing Institute of Technology. Database: EBSCO

UNIT 5

Alexopoulos, C., Charalabidis, Y., Androutsopoulou, A., Loutsaris, M. A., & Lachana, Z.
(2019). Benefits and obstacles of blockchain applications in e-government. In Proceed-
ings of the 52nd Hawaii International Conference on System Sciences 2019. Database:
EBSCO

7
 Leeming, G., Cunningham, J., & Ainsworth, J. (2019). A ledger of me: Personalizing health-
care using blockchain technology. Frontiers in Medicine (6). Database: EBSCO

UNIT 6

Marchesi, M., Marchesi, L., & Tonelli, R. (2018). An agile software engineering method to
design blockchain applications. Database: EBSCO

UNIT 7

Marian, O. (2018). Blockchain havens and the need for their internationally-coordinated
regulation. North Carolina Journal of Law & Technology, 20(4), 529. Database: EBSCO

8
 REQUIRED READING
UNIT 1

Răzvan, M. (2018). Blockchain technologies: A new approach to old challenges. Young

Economists Journal / Revista Tinerilor Economisti, 15(31), 7—21. Database: EBSCO

Ugarte, J. L. (2018). Distributed ledger technology (DLT): Introduction. Economic Bulletin, 1

—11. Database: EBSCO

UNIT 2

Dickson, B. (2018). Why bitcoin is struggling to become a mainstream currency. PC Maga-

zine, 25—32. Database: EBSCO

Varma, J. R. (2019). Blockchain in finance. Vikalpa: The Journal for Decision Makers, 44(1), 1
—11. Database: Sage

UNIT 3

Wu, K. (2019). An empirical study of blockchain-based decentralized applications. Peking

University. Database: EBSCO

UNIT 4

Zhang, R., Xue, R., & Liu, L. (2019). Security and privacy on blockchain. ACM Computing Sur-
veys, 52(3), 1—34. Database: EBSCO

UNIT 5

Chong, A. Y. L., Lim, E. T. K., Hua, X., Zheng, S., & Tan. C.-W. (2019). Business on chain: A
comparative case study of five blockchain-inspired business models. Journal of the
Association for Information Systems, 20(9), 1308—1337. Database: EBSCO

Lacity, M. C. (2018). Addressing key challenges to making enterprise blockchain applica-

tions a reality. MIS Quarterly Executive, 17(3), 201—222. Database: EBSCO

UNIT 6

Pedersen, A. B., Risius, M., & Beck, R. (2019). A ten-step decision path to determine when to
use blockchain technologies. MIS Quarterly Executive, 18(2), 1—17. Database: EBSCO

9
 UNIT 7

Baldwin, J. (2018). In digital we trust: Bitcoin discourse, digital currencies, and decentral-
ized network fetishism. Palgrave Communications, 4(1), 1—10. Database: EBSCO

Werbach, K. (2018). Trust, but verify: Why the blockchain needs the law. Berkeley Technol-
ogy Law Journal, 33(2), 487—519 Database: EBSCO

UNIT 8

Mirchandani, A. (2018). The GDPR-blockchain paradox: Exempting permissioned block-

chains from the GDPR. Fordham Intellectual Property, Media & Entertainment Law Jour-
nal, 29(4), 1201. Database: EBSCO

Werbach, K. (2018). Trust, but verify: Why the blockchain needs the law. Berkeley Technol-
ogy Law Journal, 33(2), 487—519 Database: EBSCO

10
 LEARNING OBJECTIVES
Introduced in 2008, blockchain provides distributed ledger technology based on distrib-
uted databases in a peer-to-peer network of computing environments. Blockchain’s tenets
of decentralization, consensus mechanisms, transparency, and security of data all support
the concept of providing a trustless ecosystem for the use of cryptocurrencies in a myriad
of transactions. Since inception, blockchain has gained maturity, yet continues to present
challenges that need to be overcome in order to encourage the growth of the platform.

Bitcoin is the first major implementation of blockchain, introduced by Satoshi Nakamoto,

the pioneer of blockchain. Bitcoin is the name of the blockchain platform as well as the
name of the cryptocurrency that is transacted upon the platform. Bitcoin is an active cryp-
tocurrency environment, however, the limitations of blockchain, the limitations of bitcoin,
and the security breaches that been experienced have caused an instability in the plat-
form and in the value of the Bitcoin cryptocurrency.

Smart contracts are a significant capability of blockchain. They automate a contractual

agreement between two or more parties by writing the terms of the contract into lines of
code, which then executes on the blockchain and records information into the blockchain
ledger. Smart contracts are useful in a number of industries such as health care, financial
services, supply chain, voting, and so much more.

Blockchain presents a number of social and legal issues. It is stated by some that block-
chain falls within a neoliberalism policy model. A significant concern is how, from a legal
position, this runs contrary to the need to establish regulations to stabilize the blockchain
implementations while providing assurances to both the investors and users of block-
chain. Other social concerns include environmental impact and the use of blockchain to
conduct illegal activities. Meanwhile, legal concerns include what should be regulated.
This is complicated by the worldwide implementation of blockchain and the level of
blockchain acceptance in different parts of the world.

Overall, blockchain has a tremendous amount of potential for individuals and businesses
alike. Blockchain’s mix of complex technologies creates a sound environment that, after
more than ten years, is gradually becoming everything that Satoshi Nakamoto intended.

11
 UNIT 1
BASIC CONCEPTS

STUDY GOALS

On completion of this unit, you will have learned …

– the evolution of financial accounting to include distributed ledger technologies.

– how blockchain is an implementation of distributed ledger technologies.
– the technologies and processes that enable blockchain technologies.
– the consensus mechanisms of blockchain that assure the security and accuracy of the
data.
– the limitations of blockchain technologies.
 1. BASIC CONCEPTS

Introduction
Accounting for the transfer of money, goods, and services between parties has been a
common practice since at least 7,500 B.C. The abacus, calculators, and ultimately, com-
puters, are quite an improvement compared to traditional clay tablets. Centralized com-
puter systems allowed people and corporations to perform their internal financial tracking
for many years and continue to do so today. With the advancement of various technolo-
gies and the migration to the internet, the opportunity was presented to automate
accounting transactions between two parties that otherwise lack a connection. In order to
take this opportunity, we must first answer the following questions:

• How can transactions be conducted securely?

• How can transactions be processed correctly and consistently?
• What are the technical components of the architectural solution?
• What are the limitations of the solution, and how can we improve upon these limita-
tions in the future?

1.1 The Functional View: Distributed

Ledger Technologies (DLT)
People have always actively engaged in the exchange of goods and services, even in early
human history. The act of recording these exchanges was demonstrated as long ago as
7,500 B.C., when tokens and clay balls were used to denote inventory figures representing
agricultural goods such as wheat, sheep, and cattle. These initial rudimentary approaches
eventually evolved into an ancient balance around the year 5,000 B.C. Historians deter-
mined that, at this time, Sumerians marked clay tablets with sticks to account for the trad-
ing of goods.

Over 2,000 years ago, the Roman Empire had a banking system that enabled people to
transact with people in other regions in the empire. Paper checks allowed them to record
and track transactions. In the 14th century, Venetian merchants created the concept of
double-entry bookkeeping, an act which became an established “business practice fol-
lowing the Industrial Revolution and the globalization of trade starting the latter part of
the 19th century” (Yusuf, 2018, p. 18).

Accounting for these transactions, most typically in the form of ledger entries, was very
much a manual process conducted on paper until the ubiquitous presence of the com-
puter became common within businesses of all sizes. Moving into the last quarter of the
20th century, enhanced computerization led to the understanding that “data gathering, its

14
management and analysis, the recording of transactions, and the entry and execution of
contracts […] can all be done more efficiently and swiftly using computer files” (Yusuf,
2018, p. 18).

Most financial transactions involve an intermediary, such as a bank or the state, to main-
tain records, vouch for their accuracy, safeguard their integrity, and help to complete a
transaction. When a transaction involves an intermediary, all parties involved in the trans-
action need to put their trust in the integrity of the intermediary. A technological solution
could potentially eliminate the intermediaries while preserving “an inviolable record of
transactions and contracts” (Yusuf, 2018, p. 18).

The Database of Distributed Ledger Technology

Technology options for data storage have expanded and matured in past decades. One of
the most common options is a centralized database. Here, transactional data is stored and
maintained in one physical location, on one server, controlled by a single entity. A distrib-
uted ledger is a distributed database in which there are identical copies of the data
located across multiple nodes. These copies are stored in one or more physical locations,
and updated in a synchronized manner by a consensus of the parties involved. An impor-
tant difference between a distributed ledger and a traditional distributed database is that
the participants of a traditional distributed database trust and cooperate with one another
to maintain data accuracy and consistency, whereas in a distributed ledger, the parties do
not completely trust each other and may have conflicting interests.

The following figure shows that all distributed ledgers are built on distributed databases,
but not all distributed databases function as a distributed ledger.

Figure 1: Distributed Databases and Distributed Ledgers

Source: Created on behalf of IU (2023).

Key attributes of DLT are:

15
 • Shared record keeping: Multiple parties can create, maintain, and update the ledger.
The storage, maintenance, and updating of ledgers in a distributed ledger is the core of
the technology, and the task of updating the ledgers is divided between the nodes.
• Consensus: To achieve data accuracy and consistency in a distributed ledger, a way to
verify transactional data before the ledgers are shared must be established. This mech-
anism needs a set of agreed-upon rules or procedures that have been approved by all
involved parties before the updates to synchronize all databases can be performed.
• Independent validation: Each participant has the ability to verify the state of their trans-
actions.
• DLT cannot rely on a central coordinator to be the authority mechanism.
• Immutable ledger:
◦ Tamper evidence: Each participant has the ability to detect non-consensual changes
to transactions.
◦ Tamper resistant: Enforces barriers to resist changes to historical transactions.

Blockchain

Blockchain provides the underlying technical environment where a historical recording of

digital transactions can be retained, whether it is an exchange of currency, goods, or serv-
ices. Tapscott (2016) describes a blockchain as an “incorruptible digital ledger of economic
transactions that can be programmed to record not just financial transactions but virtually
everything of value.” The original objective of blockchain is “to support an electronic pay-
ment system based on cryptographic proof instead of trust” (Waldo, 2019, p. 38). With
respect to both definitions, the functional requirement is for an environment that assures
the anonymity of blockchain users, a ledger of transactions that cannot be altered once it
has been verified and agreed to, and a system that is independent of a central authority.
Blockchain is implemented as a distributed database that captures shared transactional
data in blocks. A blockchain, the linked list of blocks containing the transactions, is also
referred to as the “ledger.”

Distributed databases can be used for a variety of purposes, and a distributed ledger is a
use case for a distributed database structure. Some distributed ledgers are implemented
in a blockchain architecture. With all of the previously described attributes, distributed
ledgers that are implemented as a blockchain enable transactions to be processed and
stored in connected blocks that form a chain. The integrity of the data stored in the chains
is accomplished and guaranteed by cryptography. The append-only structure allows data
to be added to the database, but the alteration or deletion of previous transaction data in
earlier blocks is impossible.

The following figure shows that all blockchains are distributed ledgers, but not all distrib-
uted ledgers are implemented as blockchain.

16
Figure 2: Distributed Ledgers and Blockchain

Source: Created on behalf of IU (2023).

Functional Characteristics of Blockchain

The functional characteristics of blockchain include the characteristics of distributed

ledger technology (DLT) together with other blockchain-specific characteristics.

Decentralization

Blockchain data is decentralized, rather than centrally stored. The use of a peer-to-peer Peer-to-peer
(P2P) network eliminates central access, authority, and control of data. New transactions This is a decentralized
communications model
are validated, added to a block, and the block is added to a blockchain. The updated in which each node has
blockchain is then distributed to every node on the blockchain network. In a P2P network, the same capabilities.
each node contributes computing resources. P2P was introduced in the late 1970s and
became well-known with the introduction of Napster, a website allowing users to share
music.

Security

Blockchain uses cryptography to secure the user’s address and assets using a combination
of public and private keys. Private keys are used to sign transactions, and public keys are
used to verify that the transactions come from the entity they say they are from. For exam-
ple, when Amy sends Bob money, Amy uses her private key to sign a message that is trans-
mitted to blockchain which pays Bob with a cryptocurrency. Bob uses Amy’s public key to
verify that the message came from her.

Blockchain also uses cryptography to secure the transactional data and the construction,
or linkage, of the blocks in the blockchain. This ensures the immutability of the data.

17
 Asymmetric cryptog- Available since the early 1980s, asymmetric cryptography enables the secure exchange
raphy of data between two parties. Cryptography authenticates the sender, ensures the integrity
Also called public-key
cryptography, asymmet- of the message, and prevents third parties from accessing the information if it is inter-
ric cryptography uses cepted (Romeo Ugarte, 2018).
pairs of keys: public keys
which may be distributed,
and private keys which Consensus
are known only to the
owner.
Consensus mechanisms are the ways that a blockchain network reaches agreement on
the validity of transactions. The consensus mechanisms ensure that the protocol, or rules,
are being followed. For example, the Bitcoin protocol defines the procedure that should
be followed by a Bitcoin transaction from its creation, through its validation, to its final
confirmation. It defines how the nodes should interact, how the data should be transmit-
ted between them, and the requirements for a successful block validation. Bitcoin’s con-
sensus algorithm is responsible for performing the actual verification of bitcoin balances
and signatures, confirming transactions, and validating the previous blocks in the block-
chain.

Introduced in the 1990s, consensus mechanisms ensure that all ledgers are identical, and
that there is no fraud or duplication of information. There are different consensus meth-
ods which can be used, with the most common one being “proof of work” (PoW).

Trust

A trustless system is one that is not dependent on the intentions or actions of its partici-
pants, good or bad. The system always acts in the same manner. Since blockchain is based
on a P2P protocol, it is considered to be a trustless system. As a result of the inherent
design of blockchain, trust is not a requirement; hence, the designation of it as a trustless
system. As stated by Kaushal and Tyle (2015),

Computers verify each transaction with sophisticated algorithms to confirm the transfer of value
and create a historical ledger of all activity. The computers that form the network that are proc-
essing the transactions are located throughout the world and importantly are not owned or con-
trolled by any single entity. The process is real-time, and much more secure than relying on a
central authority to verify a transaction (para. 6).

Transparency

All participants in a blockchain have access to the same historical details, they do not have
individual copies. Data on a blockchain is more accurate, consistent, and available to par-
ticipants with permissioned access, resulting in a greater level of transparency.

Public versus Private Blockchain Networks

The blockchain network of a DLT environment can be public or private, depending on how
access is granted to the participants.

18
Public blockchains

A public blockchain, also referred to as a permissionless blockchain, is open and anyone

can participate in it. Public access can be granted to:

• Read data
• Write data
• Participate in the consensus process, which determines which blocks are added to the
chain.

Public blockchains are secured by cryptographic fingerprints and a consensus protocol.

The most well-known implementation of blockchain, Bitcoin, is delivered on a public net-
work.

Private blockchains

In a private blockchain, also referred to as a permissioned blockchain, participation is usu-

ally by invitation and/or by meeting certain requirements. A key difference is that in a pub-
lic network, participants do not necessarily know each other, whereas participants in a pri-
vate network know each other. Maersk, a container ship and supply vessel operator, and
Walmart, a large big box retailer, are both implementing private blockchains for supply
chain management.

Consortium blockchains

An extension of private blockchains, a consortium blockchain, also referred to as a shared

permission blockchain, is a group of entities within an industry that come together for a
common need. The attributes of a consortium blockchain are similar to that of a private
blockchain, except that governance is performed by a set of participants, rather than a
sole owner. An example of a consortium blockchain is Digital Trade Chain Consortium, a
group of European banks using blockchain to enable faster, easier, and cheaper trade
transactions.

The following chart presents a summary comparison of public, private, and consortium
blockchain networks.

Table 1: Comparison of Blockchain Networks

Consortium Block-
Public Blockchain Private Blockchain chain

Governance consensus is public consensus is managed consensus is man-

by single owner aged by a set of par-
ticipants

Participants don’t know each other know each other

Transaction validation any node authorized nodes

19
 Consortium Block-
Public Blockchain Private Blockchain chain

Transaction reading any node any node (without permission) or predefined nodes
(with permission)

Consensus without permission with permission

Access public to anyone by invitation

Examples Bitcoin, Ethereum, individual corporations industry

Monero, etc.

Source: Created on behalf of IU (2023).

1.2 The Technical View: Blockchain

Expanding upon the functional aspects of blockchain, this section will describe each of the
technical aspects and how they are used together to enable the blockchain process.

Key Technical Components

The following three technologies are key to the architecture of a blockchain environment
and the processing of transactional data onto the blockchain.

Peer-to-peer networks

In a P2P, or decentralized network, many computer systems, known as nodes, are con-
nected to each other by the Internet, collectively making up the network. Nodes are con-
sidered equal, and each node contributes computing resources without the need for a
central authority. In exchange for the blockchain work conducted by the nodes, including
the validation and storage of transactions, the owners of the nodes can collect transaction
fees in the blockchain’s underlying cryptocurrency.

20
Figure 3: Network Comparison Diagram

Source: Created on behalf of IU (2023).

Processing transactions may necessitate considerable computing and processing power.

Owners of professional nodes heavily invest in powerful computing resources. The elec-
tricity needed to power these computing resources is a significant factor. As a result, some
of the largest nodes are located in countries where electricity is cheaper, such as China or
Venezuela.

Cryptography

Cryptography ensures that identities are kept private and that every record written to a
blockchain is secured by a unique cryptographic key, which makes the blockchain and its
information immutable.

Digital signatures guarantee the integrity of the data on the blockchain. The digital signa-
ture of data would become invalid if the data was altered. Digital signatures secure the
data as well as the identity of the sender. Additionally, digitally signed transactions pro-
vide a quality of non-repudiation as something digitally signed by a user can be legally
binding.

The transactions that are going to be written into a block are hashed, and the hash value is
stored in the header of the block. Hashing is the process of taking an input, using a mathe-
matical algorithm to encrypt it, and producing an output. Hashing ensures that data (in
this case, the transactions) have not been tampered with. For example, data being sent
from Amy to Bob can be processed by Amy through a hashing algorithm to compute a
hash value. Upon receipt, Bob can process the data through the hashing algorithm. If the
two hash values match, Bob can be certain that the data was not tampered with. If the
hash values do not match, then the data was likely altered before it was received by Bob.

21
 Consensus mechanisms

With a distributed network of nodes, there is no central authority. With the lack of a cen-
tral decision-maker, the determination of correctness needs to be made by a consensus of
the involved parties. This is exemplified by the Byzantine Generals’ Problem, an analogy
based on the Byzantine army’s camp around an enemy city. The generals must agree upon
a battle plan to attack the enemy and be victorious, communicating only by messenger.
The challenges are that some generals may be traitors, some messengers may be traitors,
and/or a messenger could be captured by the enemy and be replaced by a fake messen-
ger. The Byzantine Generals’ Problem demonstrates the challenges that are faced in a dis-
tributed computing environment in its processing of transactions. These challenges must
be addressed to ensure the authenticity of the data, the agreement regarding the process-
ing of the data, and that the process is not compromised by bad actors.

At the center of blockchain technology, consensus mechanisms are the way that all nodes
in the network agree on the state of the data on the blockchain. Each blockchain chooses
an algorithm that will be used to create the agreement for the necessary validation and
security within its network.

In a public blockchain, since anyone can be a node, it is possible for a node to alter trans-
actions and include them in a new block. This results in a “fork,” where one fork in the
chain contains the altered transaction and the other fork contains the valid transaction. A
consensus mechanism aims to avoid forks and present a single version of the truth. In a
private blockchain where participating nodes are known, consensus is still necessary
because the honesty of the nodes cannot always be assumed. As a result, private block-
chains often use consensus mechanisms that are less resource intensive.

Blockchain Processing

This section will describe the process of a blockchain transaction from generation to com-
pletion.

22
Figure 4: Blockchain Processing

Source: Deloitte Development, 2018.

23
 Generate a transaction

Amy is going to pay Bob a number of bitcoins for a service. Amy obtains Bob’s public key
from her wallet. Amy creates the transaction which includes Bob’s public key, the amount
of cryptocurrency to be paid to Bob, and any fee associated with the transaction. The
transaction is signed with Amy’s private key.

Gather transactions

Once a transaction has been created to exchange data representative of money, contracts,
or any asset, the transaction is placed in a queue of pending transactions.

Based on the rules of the network, after a set period of time (for example, Bitcoin uses
every ten minutes) the transactions are gathered into a block for processing.

Mining

Mining is the term given to the processing of transactions in a blockchain that uses the
proof of work consensus algorithm, such as Bitcoin. Blockchains that use other consensus
mechanisms may use a different term, such as forging.

Validation

The transactions in the block are validated to verify that the transactions are not mali-
cious, do not result in a double spend of cryptocurrency, etc.

Consensus mechanism

Blockchains that do not use the proof of work consensus mechanism will have a way that
the network can select the node to publish the block to the network. For blockchains that
use the proof of work consensus mechanism, the following section describes the process-
ing that will occur.

Proof of work

To determine the node that will publish the block to the network, Bitcoin miners compute
hashes until they find a hash that is less than the difficulty target, a number set by the
Nonce software protocol. To find the correct hash, miners must find the right nonce that,
A nonce is an arbitrary together with the data in the block, produces a hash that is less than the difficulty target.
number.
The node will hash the block header repeatedly, changing the nonce, until the hash out-
put is less than the target hash. The first miner that finds the target hash, and whose work
is accepted by the others in the network, will receive a reward in Bitcoins in addition to
transaction fees.

The lower the difficulty target, the more difficult it is to reach, and will require the plug-
ging of more nonces to get an acceptable result. Difficulty values were established to con-
trol the creation of new blocks at a steady rate.

24
Create the block header

A block header will be created to contain metadata about the block. Common data fields
are shown below:

• Timestamp
• Size of the block
• Metadata specific to the consensus algorithm — Blockchains that use the proof of work
consensus algorithm store a nonce and a difficulty level in the block header.
• Hash of the previous block — In blockchain, the input to the hashing process is the
entire blockchain, all previous transactions, and the new transactions that are being
added. The first block in the blockchain, called the genesis block, contains transactions
that, after validation, are used to produce the first hash. For the second block, the first
block’s hash and all the transactions that are being processed into the second block are
combined to create a second hash that is used for the second block of the chain. This
repeats as transactions are validated, then used to create and add new blocks to the
chain.

The header of each block contains the hash of the previous block. The result is that each
successive block has a hash reflecting a chain back to the previous block. Because the
hash of the previous block is contained in the hash of the new block, the blocks all con-
nect to each other. This cascading effect creates a dependency that furthers the security of
blockchain and its immutable characteristic. A change to a block would force the recalcu-
lation of all subsequent blocks, which would be a significant computational effort.

Creating a hash representation of the block data is often done by generating a Merkle tree
and storing the root hash, or by using a hash of all the combined block data.

Figure 5: Merkle Diagram

Source: Created on behalf of IU (2023).

25
 Merkle trees allow the validity of an individual transaction to be determined without
downloading the whole blockchain. In the example above, if you have the root hash
(HABCDEFGH), you can confirm transaction (TH) by accounting for hashes (HG), (HEF), and
(HABCD). If those three hashes are on a blockchain, then transaction (TH) is valid. As stated
by Vitalik Buterin, the co-founder of Bitcoin magazine and Ethereum, “Merkle trees are a
fundamental part of what makes blockchains tick. Although it is definitely theoretically
possible to make a blockchain without Merkle trees, simply by creating giant block head-
ers that directly contain every transaction, doing so poses large scalability challenges that
arguably put the ability to trustlessly use blockchains out of the reach of all but the most
powerful computers in the long term” (Buterin, 2015).

Complete the process

Once validation has been completed and the node to publish the block is determined, the
selected node distributes the block to the network so that each node can add the block to
the chain.

The reward and/or transaction fees will be distributed to the node that has earned the
right to publish the block.

Challenge of Double-Spending

With digital currencies and other digital goods, there arises the challenge of double-
spending. Double-spending is when the owner attempts to spend or transfer the balance
of a digital currency or good more than once. The result is referred to as the double-
spending problem which, until now, has prevented the peer-to-peer transfer of digital
assets (Tapscott, 2016). Unlike cash, where if you use €20 to pay for an item, then you no
longer have the €20 to pay for another item, when using digital currencies and goods, mul-
tiple transactions can be generated that result in a double spend.

If a person with one unit of currency tried to send it to two recipients, both transactions
would go into the queue of pending transactions. The first transaction would be verified,
confirmed, and stored with a hash that includes the timestamp. The second transaction
would not be determined as valid and would not be confirmed. The first transaction,
meanwhile, would gather more confirmations, the number of blocks added to the block-
chain after the transaction was recorded.

As stated by Nakamoto (2008), a possible solution to the double-spending problem is:

using a peer-to-peer distributed timestamp server to generate computational proof of the chro-
nological order of transactions […] The network timestamps transactions by hashing them into
an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without
redoing the proof-of-work […] The system is secure as long as honest nodes collectively control
more CPU power than any cooperating group of attacker nodes (Introduction, para. 2)

26
1.3 History of Blockchain and Distributed
Ledger Technology
Blockchain and DLT history is often described in three generations. In addition to versions
1—3, there are a number of contributing factors that occurred to enable Blockchain (Pre-
Block chain), and there are current discussions regarding the next generation, Version 4.

Pre-Blockchain

In the 1970s, 1980s, and 1990s, a number of technologies were introduced that contrib-
uted to the development of Blockchain.

• The early 1970s marked the development of major advances in public key infrastructure
(PKI). In 1976, secure key exchange and asymmetric key algorithms were introduced by
four cryptographers. PKI and cryptography will become instrumental to maintain the
security and privacy of a blockchain.
• In 1979, USENET was introduced as an early point-to-point architecture. The key differ- USENET
ence was the absence of a central server and dedicated administrator. Point-to-point A distributed messaging
system of the 1970s.
networks are the foundation of blockchain, enabling a trustless architecture.
• Also in 1979, Ralph Merkle patented the concept of hash trees, or Merkle trees, which
use a tree structure where every leaf node is labeled with the hash of a data block and
every non-leaf node is labeled with the cryptographic hash of the labels of its child
nodes. Hash trees enable efficient and secure verification of the contents of large data
structures (Merkle tree) and will evolve to do so for the transactions and blocks of a
blockchain.
• In 1982, the problem of obtaining consensus was formalized by Lamport, Shostak, and
Pease in a paper describing the Byzantine Generals’ Problem. This is a condition where
components in a distributed computer system may fail and actors must come to a con-
sensus to avoid system failure, with the expectation that some of the actors are not act-
ing in a reliable manner. The paper develops an algorithm to ensure that those who are
loyal to the process can reach an agreement. This algorithm was leveraged in block-
chain to determine consensus amount the network nodes.
• From 1982—1990, David Chaum with his company, DigiCash, implemented the first
attempt at crypto-currency. It required software to make withdrawals and designate
specific encrypted keys before sending to a recipient. Chaum also constructed a set of
cryptographic protocols which removed the ability to trace the personal payments con-
ducted online (DigiCash, 2019).
• In 1991, Haber and Stornetta published a paper on time-stamping digital documents so
that one can certify when a document was created or last modified by creating an
unforgeable timestamp. The solutions that they proposed use one-way hash functions
and digital signatures (Haber & Stornetta, 1991).
• Since 1993, Secure Hash Algorithms (SHA) have evolved from SHA-0 to SHA3. SHA is a
family of cryptographic hash functions published by the National Institute of Standards
and Technologies (Secure Hash Algorithms, n.d.).

27
 • In 1999, Jakobsson and Juels coined the term “proof of work,” elaborating on an idea
discussed by Dwork and Naor in 1992, which states that a moderately difficult computa-
tional problem will deter spammers and ensure that all completed processes are desira-
ble (Daniel, 2018a).

Blockchain Generation 1.0 — Transactions or Currency

Referred to as the generation of “transactions” or “currency,” the implementation of DLT

led to the first blockchain applications for cryptocurrencies. Satoshi Nakamoto is credited
as the creator of Bitcoin. It is still unknown whether Nakamoto is an individual or group of
people, as Nakamoto has chosen not to be identified. Bitcoin is the name given to the cur-
rency as well as to the network that shares the public ledger. On May 22, 2010, Laszlo
Hanyecz conducted the first bitcoin transaction by buying two pizzas for 10,000 BTC, an
amount that would be worth over 84 million USD in mid-2019. In 2011, Silk Road was
launched, an online black market and platform for the sale of various contraband. Bitcoin
was the sole form of currency on the site.

First generation blockchains used resource-intensive proof of work consensus mecha-

nisms while primarily serving as a payment system.

Blockchain Generation 2.0 — Contracts

The second generation of blockchains are more than payment processors. Blockchains are
now being built to function as smart contracts and computer programs that transfer cur-
rencies or assets between parties based on contractual conditions. In 2013, Buterin intro-
duced the smart contract concept. For example, the digital lock of a vacation home can be
set automatically and made available upon receipt of the rental payment. The Ethereum
Blockchain is a key player in the blockchain contract space. NEO, another company that
specializes in smart contracts, adds the focus of being regulatory compliant, requiring any
entity on their platform to have a unique and verifiable digital identity.

Blockchain Generation 3.0 — Applications

In the third generation, the use of blockchain has expanded to include DApps, or decen-
tralized applications for the automation of business processes. DApps are built on the
smart contract capabilities of blockchain. DApps are similar to traditional web applica-
tions, however, instead of working with databases, they work with blockchain data. Other
Open source criteria for DApps are that they are open source, operate autonomously, and cannot be
This is software that is controlled centrally (Filipova, 2018). In short, a DApp is smart contract with a web-based
freely available to be
redistributed and modi- frontend application.
fied.
In 2016, Hyperledger was launched by 30 founding corporate members. The goals of
Hyperledger are to:

• create enterprise-grade, open source, distributed ledger frameworks and code bases to
support business transactions,
• provide neutral, open, and community-driven infrastructure supported by technical and
business governance,

28
• build technical communities to develop blockchain and shared ledger proof of con-
cepts, use cases, field trials, and deployments, and
• educate the public about the market opportunity for blockchain technology (Hyper-
ledger, n.d.).

Blockchain Generation 4.0 – The Future

The definition of blockchain generation 4.0 is still in process. The general consensus is to
use the foundation of the previous generations to expand blockchain into information
technology (IT) systems. These might include supply chain management, financial trans-
actions, Internet of Things (IoT), health management, and much more.

1.4 Consensus Mechanisms

Consensus mechanisms are a key component of blockchain. The objective of consensus
mechanisms is to ensure the following:

• Unified agreement about which data are true and accurate: Referring to the Byzantine
Generals’ Problem, consensus mechanisms ensure that the public ledger is updated
with the consensus of the masses.
• Prevent double-spending: Rules built into the algorithm ensure that only valid and
authentic transactions are included in the public ledger, preventing a double spend of
digital currency.
• Align economic incentives: Consensus mechanisms incentivize good behavior and pun-
ish bad actors. Efforts to work against the network require a large amount of computing
and financial resources, which is theoretically better used for good behavior, rather
than bad.
• Fair and equitable: Consensus mechanisms ensure distributive empowerment over
processing.
• Fault-tolerant: Consensus mechanisms ensure that blockchains operate indefinitely,
reliably, and consistently (Aziz, n.d.).

Leading Consensus Mechanisms

Proof of work (PoW)

PoW is the leading consensus algorithm, being the one that was, and is, used by Satoshi
Nakamoto in the establishment of Bitcoin. Before confirming a new block of transactions,
Bitcoin miners compute hashes until they find a desirable number that is less than a num-
ber set by the software protocol called the “difficulty target.” Miners must find the right
nonce that produces a hash lower than the difficulty target set by the software. This is
called a hash-puzzle because the miner must add the nonce to the hash of the previous
block in the blockchain (Narayanan et al., 2016). The first miner that finds the target hash,
and whose work is accepted by the others in the network, will receive a reward in Bitcoins
in addition to transaction fees. Because of the increasing level of difficulty over time, min-
ers need an increasing amount of processing power, which in turn consumes a high

29
 amount of electricity. In addition, achieving PoW consensus is time-consuming. Between 7
and 30 transactions can be executed per second, a throughput that is not satisfactory for
business applications.

Proof of stake (PoS)

In PoS, the “validator” invests in the coins of the system and therefore owns a stake in the
network. Being selected to validate a block and earn the transaction fee is based on the
number of coins a validator owns (stakes). Different random elements are added so that
the process is not dominated by the wealthy. For example, coin age selection chooses vali-
dators based on how long their tokens are staked for. PoS consumes much less energy and
time, resulting in an execution of between 30 and 173 transactions per second.

“Nothing at stake” is the most commonly raised issue with PoS, suggesting that a PoS
environment is more vulnerable to attackers. “Nothing at stake” suggests that there are
minimal economic costs associated with a validator creating multiple competing transac-
tion histories and earning multiple transaction fees. Furthermore, signers (nodes that
need to approve the block before the block is committed) can also sign off on both blocks.
For the validator and the signers, there is nothing to lose if they are a bad actor. In addi-
tion, multiple transaction histories makes it difficult to have consensus of a true transac-
tion history.

Delegated proof of stake (DPoS)

DPoS is similar to PoS concerning the way that it uses validators for creating new blocks,
but only elected nodes can vote on new blocks. With the intent of speeding up the proc-
ess, voting is limited to 21—100 elected delegates, with voting power determined by those
most invested in the network. DPoS raises throughput to 25—2500 transactions per sec-
ond. EOS, Bitshares, Dispatch, and Steemit use DPoS.

Practical Byzantine fault tolerant mechanism (pBFT)

PBFT, when used, is done so with other consensus mechanisms. Nodes in a pBFT system
are sequentially ordered with one node being the leader and others referred to as backup
nodes. All nodes in the system communicate with one another, with the goal being that all
honest nodes will come to an agreement of the state of the system using a majority rule.
Communication between nodes has two functions: Nodes must prove that messages
came from a specific peer node, and they must verify that the message was not modified
during transmission. For the pBFT system to function, the number of malicious nodes
must not equal or exceed one third of all nodes in the system in a given vulnerability win-
dow. Similar to the proof of work consensus mechanism, the more nodes there are in a
pBFT network, the more secure it becomes. A supermajority of honest nodes can deter-
mine when a leader is faulty and replace them with the next leader in line (Lai & O'Day,
2018a). Hyperledger, Fabric, and Zilliqa use pBFT.

30
Delegated Byzantine fault tolerance (dBFT)

DBFT is similar to DPoS in that each user is able to choose delegates. Each time a new
block is generated, a “speaker” is randomly drawn from the group of delegates. The
speaker will propose a new block as “the truth” to the other delegates. A minimum of 66
percent of the delegates will then need to approve the proposed block. Once approved,
the transactions will be processed and recorded on the blockchain. If not approved, the
block is discarded. The speaker returns to a delegate role. The assumptions for dBFT is
that the work proposed by dishonest speakers will be voted down and that only a minority
of delegates will act dishonestly. In either case, the expectation is that bad blocks will be
discarded. NEO is the creator and user of dBFT.

Other Consensus Mechanisms

Many variations of the above consensus mechanisms are currently being used or devel-
oped. Some of these are identified below.

Proof of activity

Proof of activity is a hybrid of PoW and PoS. The process starts as a standard PoW process
with miners trying to create the new block by solving. When the new block is mined, in
PoS fashion, a random group of validators is selected to validate the new block. The more
cryptocoins owned by a validator, the higher the chance of being selected for the validator
role. Once signed, the block is added to the blockchain and the transactions are recorded
to it. Decred uses proof of activity.

Proof of authority

Proof of authority is based on the value of identities. Validators are staking their reputa-
tion, so blockchains are secured by nodes that are selected because they are deemed
trustworthy. Proof of authority uses a limited number of validators, making it highly scala-
ble. Microsoft Azure has implemented proof of authority.

Proof of believability

Proof of believability, used by IOST, uses a reputation-based system called Servi, which are
non-tradeable tokens given to good actors in IOST. The IOST network algorithmically
selects a set number of random validators per block. The nodes with a higher believability
score are more likely to be selected. Believability scores are based on the number of IOST
tokens, number of Servi tokens earned, number of positive reviews the node has, and the
node transaction and action history.

Proof of capacity

In proof of capacity (variations are proof of storage and proof of space), the more hard
drive space you have, the better your chance of mining the next block and earning the
reward.

31
 Proof of importance

Proof of importance is used by NEM to select a node that will add a block to the block-
chain based on a probability score computed on the node’s overall support of the net-
work. This includes vesting (the number of coins vested by the node), transaction partners
(rewards are made to users who make transactions with other NEM accounts), and num-
ber and size of transactions in the previous 30 days.

1.5 Limitations of Blockchain

Technologies
As with any technology, blockchain has its limitations. There are common limitations that
blockchain shares with most other technologies — resistance to change, lack of skilled
personnel, lack of a consistent vocabulary, legal concerns, social concerns, and more.
There are other limitations specific to blockchain, discussed below, that can be general-
ized as scalability, resource demands, and security.

Scalability

Blockchain confirms an average of 275,000 transactions per day (approximately 190 per
minute) while major credit card systems process 400,000 transactions per minute (Waldo,
2019). The limiting factor is block verification which is slowed down by the processor
intensive consensus mechanisms. It is the consensus mechanisms that ensure the highest
level of immutability. However, the sacrifice is scalability. Consensus mechanisms that
reduce the processing requirements are being developed to improve upon this limitation.

Resource Demands

An extension of scalability is the limitation of resource usage. This is particular to the use
of the proof of work (PoW) consensus mechanism in permissionless blockchains. PoW is
heavily computing intensive, and incurs a significant use of electricity. The tradeoff is that
PoW is an effective solution for “hard to solve, easy to verify” proofs for the environment
where there is little to no trust among system users. In permissioned blockchains, differ-
ent consensus mechanisms can be used because the requirements are different.

Security

There is an unavoidable security flaw in P2P networks. In bitcoin and other blockchains,
there is potential for the 51% attack, highlighted by Satoshi Nakamoto. If more than half of
the nodes of the network lie, then the lie becomes the truth. For this reason, bitcoin min-
ing pools are closely monitored so that no one gains network influence. Malicious actions
can include:

• Ignoring transactions from specific users, nodes, groups, or countries.

32
• Creating an alternate chain then submitting it once the alternate chain is longer than
the real chain. The honest nodes will switch to the chain that has the most work done,
which is now the alternate chain.
• Refusing to transmit blocks to other nodes, disrupting the distribution of information
(Yaga et al., 2018).

Blockchain uses asymmetric cryptography for identification, authentication, and authori-

zation. Although it is a strong cryptographic method, there is no protection if the user
loses or unwillingly shares their private key with others.

SUMMARY
In today’s connected world, the transfer of money, services, and goods
span geographic and jurisdictional boundaries. From an accounting per-
spective, these activities have been recorded using ledgers. The ledgers
are held by each participant involved in the transaction and are subject
to being out-of-sync. This results in extra efforts to reconcile, increased
settlement times, intermediaries, and additional overhead costs.

Blockchain is a distributed ledger that allows transactions to be

recorded in a peer-to-peer network. The ledger is structured in hash-
linked blocks and is distributed to all nodes in the network to ensure
consistency. All confirmed and validated blocks are linked from the
beginning. The blockchain is the source of truth.

The consensus mechanism sets the protocol to ensure the validity and
integrity of the transaction. Cryptographic hashes built into the struc-
ture of the chain prohibit any change to data on the chain and digital
signatures ensure that transactions are from who they say they are. The
peer-to-peer network eliminates and prevents a single controlling entity
so participants in the network are all equal.

The blockchain technology has matured in the past decade, however,

there remain limitations that are being addressed so that the technol-
ogy can scale to meet the needs of individuals and enterprises as the
technology gains acceptance.

33
 UNIT 2
BITCOIN

STUDY GOALS

On completion of this unit, you will have learned …

– how the Bitcoin platform functions in the market from the user's perspective.
– how Bitcoin is technically designed and implemented.
– about the potential attack vectors that could affect Bitcoin and security breaches that
have affected bitcoin holdings.
– about limitations of Bitcoin that affect its growth in the cryptocurrency market.
– what cryptocurrency platforms have been derived from the Bitcoin platform.
– what leading cryptocurrency platforms are alternatives to the Bitcoin platform.
 2. BITCOIN

Introduction
Bitcoin is considered to be the first implementation of blockchain and the first decentral-
ized cryptocurrency. Bitcoin also involves the internet-based use of cryptography to
secure currency used for financial transactions.

Decentralization of the cryptocurrency is made possible through the technologies associ-

ated with distributed ledger technology (DLT). Key characteristics of DLT are shared record
keeping, consensus, independent validation, and an immutable ledger. While not all dis-
tributed ledgers are implemented with blockchain, blockchain is the primary technical
architecture for DLT, providing all of the required characteristics of DLT.

Bitcoin is an implementation of blockchain technology created by Satoshi Nakamoto in

2009. In this unit, we will cover:

• how bitcoin was designed, the user interface and the underlying technologies,
• general concerns, including security, scalability, and other limitations, and
• other cryptocurrencies that have spawned from bitcoin and the future of bitcoin.

Note that ‘bitcoin’ is the name of both the currency and the software technology. Lower
case ‘b’ will be used to designate the currency (bitcoin) and upper case ‘B’ will be used to
designate the software technology (Bitcoin).

The website associated with Bitcoin specifies the Principles of Bitcoin to be as follows:

• 21 million coins: Only 21 million coins will ever exist.

• No censorship: Nobody should be able to prevent valid transactions from being con-
firmed.
• Open source: Bitcoin source code should always be open for anyone to read, modify,
copy, and share.
• Permissionless: No arbitrary gatekeepers should ever prevent anybody from being part
of the network (user, node, miner, etc.).
• Pseudonymous: No ID should be required to own and/or use Bitcoin.
• Fungible: All coins are equal and should be equally spendable.
• Irreversible transactions: Confirmed blocks should be set in stone. Blockchain history
should be immutable (Principles of Bitcoin, n.d.).

In this unit, user components of the bitcoin payment system and the technical compo-
nents that, together, achieve the principles as specified, will be described.

36
2.1 The Bitcoin Payment System
High-Level User Process

Bitcoin can be used to receive bitcoin in payment and to use bitcoin for payment. To do so,
the process and the components needed by the end user are defined below.

• Obtain and set up a mobile wallet.

• To accept a single payment:
◦ the user generates a public address for their wallet or a QR code to give to the person
sending the bitcoin,
◦ give the public address or QR code to the person — or create a payment request in
the wallet,
◦ monitor wallet for incoming transactions, and
◦ wait for confirmation of transaction.
• To accept regular bitcoin payments (e.g. as a web retailer of goods):
◦ select a bitcoin payment processing provider, who manages and processes bitcoin
payments for internet retailers,
◦ create an account with the payment processing provider and the merchant’s business
bank account so that bitcoin received in payment can be converted to fiat currency, Fiat currency
and This is currency that is
issued by a government
◦ integrate the payment processing provider to the merchant’s website so that it can be agency. For example,
used by customers. United States Dollar or
• To use bitcoin: Euro.

◦ obtain bitcoin through purchase or earning, and

◦ pay bitcoin from the user’s wallet to individuals or organizations that accept bitcoin.

Wallet

In the same manner that a physical wallet holds physical currency, a cryptocurrency wal-
let, also referred to as a digital wallet, is used to do the following:

• Interact with the Bitcoin platform — Payments can be sent from the wallet and pay-
ments can be received into the wallet.
• Track the bitcoin addresses of the wallet owner.
• View all transactions to and from the wallet and each bitcoin address.

Wallet addresses

A bitcoin address is an identification (set of public/private keys) of a designation for a bit-

coin payment or a source from which a payment is being made. The following two address
formats are in use:

• Pay-to-Pub-key-hash (P2PKH), common P2PKH type, has a number that begins with 1.
• Pay-to-Script-hash (P2SH), newer P2SH type, has a number that begins with 3.

37
 The recommended way to use bitcoin is for the person being paid to send a new address
to each person that they are expecting payment from. The person making the payment
will pay to that public address. The person being paid will receive the payment into that
address. That address can then be used by the owner to spend bitcoins that have been
received into that address. When the bitcoins have been fully spent from that address, the
address should not be used again.

When person A sends person B bitcoins or any other type of digital currency, person A is
essentially signing off ownership of the coins from their wallet address to person B’s wallet
address. To be able to spend those coins and unlock the funds, the private key stored in
person B’s wallet must match the public address that the currency is assigned to. If public
and private keys match, the balance in person B’s digital wallet will increase, and the wal-
let of person A will decrease accordingly (Rosic, n.d.-b).

To simplify the wallet holdings and facilitate the use of bitcoins, a wallet owner can create
a new address, transfer, and consolidate coins from multiple addresses into one address.

Wallets fall into two categories — custodial and non-custodial. The difference is the level
of control the owner has over the funds.

Custodial wallet

A custodial wallet is a wallet in which an owner contracts with a third party service to store
the owner’s private keys.

The main advantage of a custodial wallet is that it eliminates the risk of losing the private
keys and, therefore, losing access to the funds.

The disadvantages of a custodial wallet are that the custodian/vendor has control over the
owner’s funds, and, as a result, the centralization of wallets on a server or database cre-
ates an opportunity for hackers. A custodial wallet is considered a “hot wallet,” as it is con-
nected to the internet. The internet connection makes the wallet more susceptible to
hackers and other technical vulnerabilities. Should the wallet be hacked, cryptocurrencies
may be lost.

Non-custodial wallet

Non-custodial wallets are fully controlled by the owner. The advantage is that the owner
has full control, however, the disadvantage is that a loss of private keys results in a loss of
access to the funds.

Non-custodial wallets fall into two categories of storage — hot and cold. As stated earlier,
hot wallets are more susceptible to internet-based hackers while cold storage is consid-
ered to be more secure.

38
Hot storage

Hot wallets are more susceptible to internet-based hackers because of the direct connec-
tion to the internet. The advantage of hot wallets is their easy access to the internet which
makes it simpler to conduct transactions.

• Desktop wallets are software programs that are installed on a computer and accessed
from that device. The user can create addresses for sending and receiving cryptocur-
rency. The private keys are stored on the hard drive. As it is connected to the internet,
the desktop wallet is susceptible to hackers and malware. Hardware failure could cause
the wallet to be inaccessible.
• Mobile wallets are apps that are installed on iOS and Android devices. Mobile wallets
offer portability, allowing the user to make direct payments in cryptocurrencies any-
where, including brick-and-mortar stores. Mobile wallets have risks similar to those of
desktop wallets.

Cold storage

Cold storage puts a buffer between the user’s cryptocurrencies and the internet, making
them more secure. Cold storage is better for long-term, secure storage of cryptocurrencies.

• Hardware wallets are hardware devices, typically with a USB connection, that can be
connected to an internet-enabled device to conduct cryptocurrency transactions. Hard-
ware wallets are secure, however, they can be stolen or lost, resulting in a loss of the
bitcoins associated with the private keys that are stored on the hardware.
• Paper wallet is software that generates keys which are then printed onto physical paper.
The printed paper is also referred to as a paper wallet. To add cryptocurrency funds to a
paper wallet, cryptocurrency funds are transferred from the software wallet to the pub-
lic address provided by the paper wallet. To spend cryptocurrency funds, the funds are
transferred from the paper wallet to the software wallet. Like the hardware wallet, the
printed paper can be lost, resulting in a loss of bitcoins.

Buying Bitcoins

Bitcoin users need bitcoins in order to conduct financial transactions. There are a number
of ways in which a user can obtain bitcoins.

• Cryptocurrency exchanges are commercial vendors who buy and sell bitcoins. The fee
for commercial exchanges is 1—5 percent or more.
• Cryptocurrency ATMs are available throughout the world, and almost all of them offer
Bitcoins in addition to other cryptocurrencies. The fee for use of the ATM is 3—6 percent
or more.
• Use a classified service where buyers and sellers can trade bitcoins for cash.
• Sell a product or service for bitcoins.
• Gift cards are a unique way to purchase bitcoins. Services exist where a gift card, such as
Amazon, Walmart, and many more, can be exchanged for bitcoins. Fees average 5 per-
cent.

39
 Fluctuating bitcoin value

Over its lifespan, the value of bitcoins has fluctuated greatly. From 2011 to early 2017, the
price of bitcoin was less than $1,000. In December 2017, it peaked at over $17,000.
Between then and late 2018, the price dropped to just over $3,000. In summer 2019, the
price has risen and hovers around $10,000.

Figure 6: Bitcoin Price in USD

Source: Beigel, 2019.

Purchasing bitcoin is not like investing in stocks and bonds because corporate financial
statements do not exist. It is also unlike investing in traditional currencies because it is not
issued by a bank or backed by a government. Monetary policies, inflation rates, and eco-
nomic growth measurements do not influence bitcoin prices in the same manner that they
affect traditional currencies (Bloomenthal, 2020). However, as economies built with fiat
currencies show strength or weakness, investors may allocate more or fewer assets to bit-
coins (Reiff, 2020c). There are many other factors that affect bitcoin, which will be
explained in the following sections.

Supply and demand

The supply of bitcoins is controlled by two factors — the mining reward and the maximum
number of bitcoins. The bitcoin protocol calls for bitcoins to be created and distributed
when miners process blocks of transactions.

40
Competing currencies

Although bitcoin is the most well-known cryptocurrency, there are many others, including
Ethereum and Litecoin, as well as other initial coin offerings (ICO) that are regularly being
introduced. An ICO is the initial offering of the cryptocurrency to investors or speculators.
Fiat currencies, or other more common cryptocurrencies, such as bitcoins, are used as the
exchange medium in an ICO.

Internal governance

Changes to the Bitcoin software is consensus driven, resulting in long resolution periods.
For example, scalability has been a concern for Bitcoin because of the consensus algo-
rithm. Originally, when the demand was low, there was little concern. However, increased
bitcoins in the market, together with greater acceptance of bitcoin, results in increased
use and lower processing speeds. The Bitcoin community has been divided on how to
address scalability.

Forks

Changes to the rules that are built into the underlying software are called “forks.” A soft
fork is a permanent change to the Bitcoin protocol that does not require all nodes to
upgrade in order to maintain consensus or result in new cryptocurrencies. All new blocks
being produced by nodes that have upgraded to the new protocol will also be compatible
with the previous protocol. Non-upgraded (legacy) nodes will see these new transactions/
blocks as valid. However, if legacy nodes try to mine blocks, the blocks will be rejected by
the upgraded nodes. All blocks being produced by legacy nodes will violate the new proto-
col and be made stale by the upgraded mining majority. Therefore, a soft fork needs the
majority of nodes to agree and accept the new protocol in order for the new protocol to
become permanent for Bitcoin.

In comparison, a hard fork implements a protocol change that is not compatible with the
older protocol. Legacy nodes will see new transactions/blocks as invalid and, as a result,
the legacy nodes will not be able to successfully mine blocks. For example, a hard fork of
Bitcoin occurred in 2017 when a group of Bitcoin investors, developers, miners, and acti-
vists went forward with an alternative to increase the block size limit, creating Bitcoin
Cash. Bitcoin Cash subsequently split in 2018, again over a block size limit, to create Bit-
coin SV. In some hard forks, the fork created two different cryptocurrencies from the acti-
vation block forward. When Bitcoin Cash was forked, each owner received 1 Bitcoin Cash
(BCH) for each bitcoin (BTC). When Bitcoin SV was forked, each owner received 1 Bitcoin
SV (BSV) for each Bitcoin Cash (BCH).

Negative events

The bankruptcy of cryptocurrency exchanges that actively transact bitcoins, such as the
bankruptcies of Mt. Gox and Yapian Youbit, caused by security breaches, has caused fear in
investors. Additionally, the use of Bitcoin in some illegal transactions on Silk Road, an
online black market and darknet market, generated further panic among investors.

41
 Black market Government uncertainty
This is an underground
economy that is charac-
terized by illegal activi- Governments around the world demonstrate their level of tolerance from full rejection to
ties. full acceptance. As governments continue to evolve a documented position on the use of
Darknet market cryptocurrencies and cryptocurrency technologies, fear will continue to simmer.
This is a black market
that conducts changes in
cryptocurrencies. • United States: As of mid-2019, the federal government has not established regulations
and have left the decisions to the individual states.
• Europe: As of mid-2019, inside the 19-country monetary union, blockchain is almost
purpose-built for new regulations demanding transparency of information and shared
data between markets and institutions and is quickly becoming the biggest new startup
sector in the region. Even outside the monetary union, central banks have followed suit,
and recognize the immense potential of early adoption for their individual territories
(Liebkind, 2019a).
• Asia: As of mid-2019, while Japan recognizes bitcoin as a legal means of payment, other
countries like Bangladesh, Nepal, and Kyrgystan consider the trading of virtual curren-
cies to be highly illegal. China has imposed strict regulations on bitcoin trading (Lieb-
kind, 2019a).

Large holder risks

As of mid-2019, there are 2,119 addresses that each hold bitcoins valued greater than
$10M with 4 addresses holding a total of $5B. Divestiture of their bitcoin would likely cause
a significant impact on the market. As an example, in May 2019, the sale of 5,000 bitcoins
on the Bitstamp exchange, worth approximately $40M, resulted in a crash that wiped out
more than $10B of bitcoin’s market capitalization in 20 minutes. The borderless and semi-
anonymous nature of bitcoin means that it is difficult to police instances of market manip-
ulation, while the lack of regulation compared to other commodity markets means that a
handful of bad actors are able to exploit it for financial gain (Cuthbertson, 2019).

Spending Bitcoin

Once a user has established a wallet and obtained bitcoins in the wallet, bitcoins can be
spent on goods or services for which they are accepted. There are a number of web retail-
ers, services, and charities that accept payment in bitcoins.

Cryptocurrencies, such as bitcoin, can also be connected to debit cards that can be used in
the same manner as debit cards that are funded by fiat currency.

Fees for Using Bitcoin

The miners are primarily rewarded for processing transactions in bitcoins as established
by the Bitcoin protocol. In addition, the bitcoin sender can pay an optional transaction fee
that is included with the transaction.

The purpose of the additional transaction fee is to provide an incentive to the miner so
that the sender's transaction(s) will be processed faster. Transactions that are accompa-
nied by higher transaction fees are processed more immediately, while lower or no trans-

42
actions fees may result in slower processing. Since transactions are gathered every ten
minutes, and a block has a maximum size limit, the level of transaction activity dictates
the size of the queue, while the transaction fees dictate placement in the queue. A transac-
tion without an additional transaction fee, in a period of low transaction activity, might be
processed in the next block, while in a period of high transaction activity, might be signifi-
cantly delayed.

As a result, fees paid to bitcoin miners rise or fall as a result of the network demand and
the network space. As transactions increase, the cost for having a bitcoin transaction
included in the next block rises higher and higher. Many bitcoin wallets include a dynami-
cally-calculated bitcoin miner fee in outgoing transactions. This will generate a miner fee
that will make sure the transaction is processed in a timely manner.

The advantage of recording a transaction sooner, rather than later, is that you can then
spend or sell the coins received and a merchant will consider a deal completed. Speed can
be a matter of necessity when using bitcoin to buy high-demand goods, for example in the
purchase of event tickets. Also, for bitcoin traders that would be heavily impacted by the
fluctuating price of bitcoin, minutes matter when buying and selling bitcoins.

If a transaction is not confirmed for a long period of time, it will be erased from a node’s
mempool. The current default timeout is 72 hours. The transactions with the lowest value
will be dropped from the mempool and the funds are returned to the owner’s wallet.

As can be seen in the chart below, transaction fees, which had been less than $1, peaked
to over $40 in December 2017. The surge was a situation of supply and demand. At the
same time, bitcoin’s price had surged from $10K to $20K, leading to an increase in invest-
ors. More users and more transactions increased the demand for timely miners’ services,
resulting in the surge in price.

Figure 7: Historic Daily Bitcoin Transaction Fees (In Dollars Per Transaction)

Source: Billfodl, n.d.

43
 2.2 The Technology Behind Bitcoin
Bitcoin is an implementation of distributed ledger technology (DLT) built on a blockchain
architecture. The following section covers the implementation of blockchain attributes
that have built out Bitcoin as the innovator and leader in the field of payment networks.

The Bitcoin network is built on a decentralized peer-to-peer (P2P) network. Bitcoin users
send and receive bitcoins, creating transactions that are gathered and validated by miners
using the consensus rules.

Blockchain

A blockchain is the transaction database that is used by all Bitcoin nodes. A full blockchain
contains every block and every transaction since the genesis block, which was the first Bit-
coin block created on January 3, 2009.

Block Structure

A block is a data structure comprised of a header, containing metadata, and a number of

transactions.

44
Figure 8: Block Header

Source: Blockchain, 2019.

Some of the metadata include the following:

• mining data — timestamp, nonce, difficulty

• block size — indicates the size of the block
• block height — the position of the block in the blockchain

45
 There are three hashes.

• Hash — This hash is created by hashing the block header twice with the SHA256 algo-
rithm. The previous block’s hash is used to create the hash of the new block. In the
example above, the hash of the previous block
(000000000000000000135099aff910dc138ae7131c56409c96d433cd32495f0f) is used to
create the hash of block #591990
(00000000000000000002e19f31933bdb6dcb8722abcb4bae282ed08f6c8fd14f).
• Previous block — This is the hash of the previous block, also known as the parent block,
in the chain. This hash is what ensures the linkages of the blockchain as blocks are
linked backwards by referencing the hash of the previous block in the chain.
• Merkle root — This hash is from the data structure to summarize the transactions in the
block, producing an overall digital fingerprint of the entire set of transactions and an
efficient means by which to verify that a transaction is included in the block (Antono-
poulos, 2014). The node at the top of the Merkle tree is called the root. It is the root hash
that is stored in the block header of each block on the blockchain.

Remainder of block

The main part of the block are the transactions. A segment of the list of transactions in the
block can be seen below.

Figure 9: Remainder of Block

Source: Blockchain, 2019.

An example of a transaction is shown below. Some of the fields contained in the transac-
tion are described in more detail.

46
Figure 10: Transaction: View Information About a Bitcoin Transaction

Source: Blockchain, 2017.

Block size

Miners gather outstanding transactions into blocks with the size of a Bitcoin block having
been limited to 1MB by Satoshi Nakamoto in 2010. Although there is no documented rea-
son as to why Nakamoto chose a 1MB limit, it is theorized that a large block size allows for
denial of service (DoS) attacks that could have been achieved by flooding the network and
splitting up a small number of transactions into a larger number in order to occupy addi-
tional space in a block and/or by sending lots of transactions containing large amounts of
data.

The ten minute block creation time and the 1MB limit created a limitation on the scalabil-
ity of Bitcoin as the volume of Bitcoin transactions were increasing. A number of potential
solutions were presented including the increase of block sizes, incremental annual per-
centage increase of block size, and a separation of transaction data from header data. BIP
(Bitcoin improvement proposal) 102 proposed an increase of the block size limit to 2MB,
but it was rejected. BIP 103 proposed an annual percentage increase of the block size limit
and is still in the draft stage.

BIP 141, known as Segregated Witness (SegWit), was accepted into deployment in 2017 as
a soft fork. SegWit essentially increases the capacity of the block to 2—4MB by separating
the data for the digital signature from the transaction data. The majority of space in a
transaction is taken up by a signature (which verifies that the sender has the funds to
make a payment). This signature can be up to 60 percent of each transaction. SegWit

47
 removes the signature from the transactions and moves it to a structure at the end of the
transaction. With SegWit, the removal of the signature from transactions resulted in
blocks containing transaction data of 1MB and signature data that increases the total
block size up to 4MB.

SegWit restricts size by using a maximum “block weight” of 4MB. The formula to calculate
block weight is:

transaction size with witness data stripped · 3 + transaction size

SegWit transactions have witness data so the weight is less than four times the size of the
transaction (e.g. Using 600 bytes of witness data).

Transactions = 1MB
Block Weight = 400KB · 3 + 1MB = 2 . 2MB

Using this example, a previous block of 1MB of transactions would have 2.2MB of block
weight, allowing space for additional transactions to be included in the block without
exceeding the maximum block weight of 4MB.

Software

Client software

The client software for Bitcoin is the wallet that facilitates private key generation and
security, payment sending, and payment receipt. There are a number of wallets, each
offering a mix of capabilities including the type of wallet and security, automated back-
ups, disk space, multi-user capability, and OS compatibility.

Mining software

ASIC The mining process requires dedicated hardware (ASICs, FPGAs) as well as software appli-
Application-specific inte- cations that implement the Bitcoin protocol. There are a number of mining software appli-
grated circuit is hardware
customized for a particu- cations. The mining software applications each offer a mix of capabilities including OS
lar use. compatibility, hardware support, cryptocurrency support, command line versus menu
FPGA driven, inclusion in a mining pool of other miners, cloud inclusion in a mining pool of
Field programmable gate
other miners, support for multiple mining hardware environments, and more.
array is an integrated cir-
cuit designed to be con-
figured by a customer. Other Aspects of Bitcoin Technology

Mining rewards

When Satoshi Nakamoto created Bitcoin, the reward was 50 bitcoins. That mining reward
amount is halved with every 210,000 blocks added. At the average rate of block mining,
210,000 blocks take approximately four years to mine. In mid-2019, the block reward was
at 12.5 bitcoins (approximately $12.5K). Mining rewards will continue until the maximum
number of bitcoins (as per the protocol) of 21 million has been distributed, which is
expected to be in 2140.

48
Cryptography

Cryptographic technologies are at the core of the Bitcoin process.

Public key cryptography

Every coin is connected to its current owner’s public key. The owner’s digital signature
with their private key verifies the ownership of the bitcoins and whether or not the trans-
action details were sent as intended. If the digital signature is missing or doesn’t match
the public key, the transaction will be invalidated and will not be added to the blockchain.

Blockchain

Each block’s previous block hash preserves the integrity of the chain by linking back to the
previous one, all the way back to the genesis block. Any change to a transaction in the
transaction history would change the block hash of all the following blocks in the chain,
otherwise there would be a mismatch in the expected block hash and the next block’s
“previous block hash.”

Proof of work

Bitcoin uses the Hashcash proof of work algorithm, which was invented in 1997 by Adam
Back. To determine the node that will publish the block to the network, Bitcoin miners
compute hashes until they find a hash that is less than the difficulty target. To find the
correct hash, miners must find the right nonce that, together with the data in the block,
produces a hash that is less than the difficulty target. The node will hash the block header
repeatedly, changing the nonce, until the hash output is less than the target hash.

2.3 Security of Bitcoin

Bitcoin security resides in a combination of the inherent characteristics of the blockchain
technology and Bitcoin’s implementation of blockchain. It is stated that there have been
“thefts and security breaches that happened on diverse exchanges and businesses.
Although these events are unfortunate, none of them involve Bitcoin itself being hacked,
nor imply inherent flaws in Bitcoin” (Bitcoin, n.d., Security, para. 3).

Possible Attack Vectors

Possible attack vectors in the Bitcoin environment are described in the following sections.

Double-spending attacks

Double-spending is when someone makes more than one payment using the same bit-
coins. The design of the Bitcoin platform virtually eliminates this situation through the
complex process of mining. Users are advised to wait until a transaction has been con-
firmed six times (approximately 60 minutes) before accepting it as payment and transfer-

49
 ring the goods. However, some specific scenarios have been described that might allow a
double-spending attack to be successful. All of them rely on the merchant delivering the
goods or services without waiting for a successfully confirmed transaction.

Race attack

A race attack is a double-spending attack when a malicious actor (MA) creates two transac-
tions. One transaction is sent to the merchant’s address in payment for the digital asset,
while a second transaction spending the coin on the MA is sent to the rest of the network.
If successful, the MA retains the bitcoin and receives the merchant’s goods or services.

Finney attack

A Finney attack is named after Hal Finney who described it in 2011. In a Finney attack, the
MA mines a block that includes a transaction in which they send some of the coins back to
themselves, however, they do not broadcast this transaction. The MA then sends the same
coins to a merchant for goods or services. After the merchant accepts payment and pro-
vides the goods or services, the MA broadcasts the block with the transaction that sends
the coins back to themselves. This earlier transaction will override the unconfirmed pay-
ment to the merchant.

Withhold attack

A withhold attack expands upon the Finney and race attacks. Like the race attack, the MA
sends a transaction to the merchant, but also sends a duplicate transaction to themselves.
The duplicate transaction, however, is sent on a private alternate blockchain fork that they
are mining. The merchant releases the goods or services after the recommended number
of confirmations. Then the MA publishes the alternative chain to the wider network. If the
MA had been able to mine more blocks than the wider network, then the alternative chain
would become the legitimate chain and the transaction that sent payment to the mer-
chant would be designated as invalid. The withhold attack is more resource intensive as
the MA needs a significant amount of network hash power to have mined more blocks
than the wider network (Radix, 2018b).

51% attack

The situation outlined in the withhold attack is generalized as a 51% attack, or majority
attack, if the MA has greater than 50 percent of the network hash power. The MA can
impose their will even if all the other miners on the network were to band together and act
as one. A 51% attack is based on the premise that the MA can mine and create blocks
faster than the rest of the network combined. The chain of the MA would become the legit-
imate chain with the MA’s chain history overriding all of their published transactions to
date. From the Bitcoin wiki, a MA with greater than 50 percent of the network’s computing
power could

• reverse transactions that they send while they are in control. This has the potential to
double-spend transactions that had been previously seen in the blockchain, affecting
all coins that share a history with the reversed transaction.

50
• reverse confirmations for any transaction that had previously been seen in the block-
chain while the MA is in control.
• prevent some or all transactions from gaining any confirmations.
• prevent some or all other miners from mining any valid blocks (Weaknesses (2.6), n.d.).

Cryptocurrency miners have joined together into mining pools. A mining pool is when
miners join together to share their processing power and split the reward equally based
on the work they contribute to the finding of a block. It is estimated that “over 80 percent
of Bitcoin mining is performed by six mining pools,” (Kaiser et al., 2018, p.2) with five of
those managed by entities in China. With Chinese mining pools accounting for 74 percent
of Bitcoin’s hashpower, China holds the ability to threaten the security, stability, and via-
bility of Bitcoin (Canellis, 2018).

Network attack — Sybil

A Sybil attack is an attempt by an MA to control the Bitcoin mining network by creating

multiple new nodes (identities). The new nodes would be the MA, a single entity who is
controlling the new nodes, resulting in the ability to have undue influence on the network
as a whole. This influence can be used to provide false information (like in a 51% attack) or
to manufacture support for something. This network attack can be controlled in the fol-
lowing ways:

• the MA can refuse to relay blocks and transactions from everyone,

• the MA can relay only blocks that they create,
• the MA can filter out certain transactions, and
• low-latency encryption or anonymization of Bitcoin transmissions, (with Tor, for exam-
ple, which provides anonymous connections that are resistant to eavesdropping and
traffic analysis) can be defeated relatively easily with a timing attack if the user is con-
nected to several of the MA’s nodes and the MA is watching the user’s transmissions
through their internet service provider (ISP) (Weaknesses (1.3), n.d.).

Because of the number of Bitcoin miners, together with the compute power required by a
Bitcoin miner, adding tens of thousands of highly-powered nodes is a very expensive ven-
ture.

Deanonymizing users

Tor is a free and open-source software for enabling anonymous communications by direct-
ing internet traffic through a worldwide, volunteer overlay network consisting of more
than seven thousand relays to conceal a user’s location and usage from anyone conduct-
ing network surveillance or traffic analysis. Tor is used by some Bitcoin users for this pur-
pose.

Bitcoin, when used as a payment method for Tor hidden services, leaks information that
can be used to deanonymize their users. The deanonymization is caused by a lack of retro-
active operational security present in Bitcoin’s pseudonymity model. By inspecting histori-
cal transactions in the Blockchain, a malicious actor can link users who publicly share
their Bitcoin addresses on online social networks, with hidden services that publicly share

51
 their Bitcoin addresses on their Tor landing pages. In over 100 cases, the authors of “Dean-
onymizing Tor Hidden Service Users through Bitcoin Transactions Analysis” connected bit-
coin payments on a dark web site to a public account. In more than 20 cases, the public
accounts were transactions on Silk Road, an online black market.

Lack of privacy

Similar, but simpler, is the vulnerability of Bitcoin where a user’s public address could pro-
vide a tracking mechanism. For instance, if a user purchased bitcoin through an exchange,
the exchange would have the user’s public address, and that public address could be used
to track the user’s Bitcoin’s transactions on the Bitcoin platform where the public address
is readily available.

Bitcoin Security Breaches

Over the years, there have been a number of security breaches related to the bitcoin hold-
ings of customers. The following chart shows the breaches in reverse chronological order.
A few will be discussed following the chart.

Table 2: Bitcoin Security Breaches

Number of Bitcoins
Year Month Exchange Missing

2011 October Bitcoin7 5,000

2012 March Bitcoinica 43,554

2012 May Bitcoinica 18,547

2012 July Mt. Gox 1,852

2012 July Bitcoinica 40,000

2012 July BTC-e 4,500

2012 September Bitfloor 24,000

2012 December BitMarket.eu 18,788

2013 May Vircurex 1,454

2013 November BIPS 1,295

2014 February Mt. Gox 650,000

2014 March Poloniex 97

2014 July Moolah/Mintpal >3,700

2014 July Cryptsy 11,325

2014 August BitNZ 39

52
 Number of Bitcoins
Year Month Exchange Missing

2015 January Bitstamp <19,000

2015 January 796 Exchange 1,000

2015 February Bter 7,170

2015 February KipCoin >3,000

2015 March Allcrypt 42

2016 March-April ShapeShift 469

2016 March CoinTrader 81

2016 May Gatecoin 250

2016 August Bitfinex 119,756

2016 October Bitcurex 2,300

2017 April Yapizon 3,816

2017 December NiceHash 4,700

2018 April CoinSecure 438

2018 September Zaif 5,966

2018 October MapleChange 913

2018 December QuadrigaCX 26,350

2019 May Binance 7,000

Source: Created on behalf of IU (2023).

Mt. Gox was hacked twice, in 2012 and 2014. In 2012, a hacker gained access to Mt. Gox’s
auditor’s credentials and transferred bitcoins to an address for which Mt. Gox did not have
a key. In 2014, when Mt. Gox was handling almost 70 percent of the worldwide bitcoin
transactions, the 650,000 loss of bitcoins caused Mt. Gox to file for bankruptcy (Agrawal,
2019a).

Bitfloor was hacked when hackers accessed unencrypted private keys kept online for
backups (Agrawal, 2019a).

Bitfinex hackers, in the second largest bitcoin hack, exploited a vulnerability in the wallet
architecture of Bitfinex and BitGo. Bitfinex customers were refunded their money over 244
days following the breach. Bitfinex continues to operate (Agrawal, 2019a).

QuadrigaCX founder and CEO used customer funds to trade on his own account, stealing
more than $200M USD from customers.

53
 The most recent incident, as of this writing, was in May 2019 when Binance was hacked.
API keys Hackers obtained a large number of “API keys, 2FA codes, and potentially other info […]
An application program- using a variety of techniques, including phishing, viruses, and other attacks” (Binance, as
ming interface key is
transmitted with an API cited in Agrawal, 2019a).
request to authenticate
the source of the request. In all cases, the security breaches were at centralized exchanges. The majority of the
2FA codes
breaches were a result of careless handling of private data or exploitation of wallet vulner-
Two factor authentication
requiring two means of abilities. This supports the concern that using a custodial wallet may not be secure for
identification before cryptocurrencies.
accessing an account.

2.4 Scalability and Other Limitations of

Bitcoin
Blockchain is the technical platform on which Bitcoin is built. Blockchain has limitations
that may affect any implementation of its technology while Bitcoin has additional limita-
tions that are specific to the Bitcoin implementation of blockchain.

Blockchain Limitations

Security flaws

The security concerns that have been previously discussed generally apply to blockchain
implementations. Double-spending, 51%, and Sybil attacks, as well as deanonymizing
users and lack of privacy are all security flaws of blockchain as a whole.

Loss of private key

A user’s loss of private keys results in a loss of access to the cryptocurrency funds. As
stated by Allison Berke, executive director of the Stanford Cyber Initiative: “The loss of a
private key is probably the biggest threat to blockchain systems. People have lost millions
in bitcoin after losing their private keys” (as cited in Hintze, 2018, para. 3). This limitation
can be mitigated by selecting a wallet solution for the storage of cryptocurrency that mini-
mizes the likelihood of key loss.

Complexity, maintenance, and supportability

There is a lack of deep understanding, educational resources, and experience when it

comes to this nascent technology. This applies to the following:

• Development of the Blockchain platforms: There have been significant disagreements

over the direction of the Bitcoin platform. This has also been true for other cryptocur-
rency platforms, such as Ethereum. The block size disagreement and eventual fork of
the Bitcoin platform is an example of the potential for fragmentation when disagree-
ments cannot be resolved.

54
• Administration of the Blockchain environment: Lack of available talent to provide stew-
ardship to the environment is a concern for organizations considering a blockchain sol-
ution. Best practices are evolving, and the full cost of sustaining a permissioned block-
chain remains unknown (Haley & Whitaker, 2017).

Legal and regulatory issues

Legal and regulatory issues include:

• Jurisdictional boundaries: Nodes and users reside in many different countries, which
may have different restrictions and regulations.
• Financial services regulations: Regulations specific to an industry differ from country to
country.
• Service levels and performance: Contracted or expected assurances of performance are
lacking or difficult to develop.
• Liability: Risk of a systemic issue that causes a transaction to settle incorrectly.
• Intellectual property (IP): Blockchain vendors need to determine their IP strategy to
address ownership of blockchain software developments (McKinlay et al., 2018).

Bitcoin Specific Limitations

Scalability

Scalability has been a concern for Bitcoin because of the consensus algorithm. Originally,
when the transactional demand was low, there was little concern. However, increased bit-
coins in the market, together with greater acceptance of Bitcoin, has increased use, result-
ing in lower processing speeds. The Bitcoin community remains divided on how to
address scalability, whether to increase the block size and/or change the consensus mech-
anism.

Since transactions are gathered every 10 minutes, and a block has a maximum size limit,
the level of transaction activity dictates the size of the queue, while the transaction fee
dictates placement in the queue. A transaction without an additional transaction fee, in a
period of low transaction activity, might be processed in the next block, while in a period
of high transaction activity, the transaction might be significantly delayed. However, there
is no guarantee as to when a transaction might be processed, with or without a transac-
tion fee.

On average, Bitcoin processes 4.6 transactions per second, while Visa processes 1,700
transactions per second, based on a calculation derived from the claim of 150M transac-
tions per day. Adoption of Bitcoin is bottlenecked unless the scalability factors are miti-
gated.

55
 Energy consumption

The electricity needed to power the computing resources of Bitcoin nodes is a significant
concern. Because of the increasing level of difficulty over time, which is an inherent factor
in the proof of work (PoW) consensus mechanism, miners need an increasing amount of
processing power. In turn, this consumes a higher amount of electricity.

Although the Cambridge Centre for Alternative Finance states that “reliable estimates of
Bitcoin’s electricity usage are rare,” it is estimated that the lower bound is currently
around 22TWh while the upper bound is just under 150TWh. A popular estimate of the net-
work’s yearly consumption is 70 TWh. Compare these numbers to the entire nation of
Switzerland, which uses 58.46TWh and Columbia, which uses 68.25TWh (Vincent, 2019).

Chargebacks or refunds

Unlike a credit card purchase, buyer protection is not a benefit of a purchase made with
bitcoins. If the seller does not deliver the goods as promised, there is no central dispute
procedure or manner in which a consumer can file complaints. Unlike disputed credit card
charges, there is no possibility to charge back the payment and hold it until resolution.
Although this may be attractive to the merchant, it is seen as a limitation for the con-
sumer.

Limited acceptance

An article in mid-2018 stated that 52 major companies accepted bitcoin as a method of

payment, and over 5,000 businesses and retailers of all sizes accept bitcoin (Chandler,
2018). Most merchants who do accept bitcoin use intermediaries like BitPay to convert the
bitcoin to fiat currencies. Lack of stability and scalability are believed to be the reasons
that the value of bitcoins handled by major payment processors declined nearly 80 per-
cent in 2018 (Wilson, 2018).

2.5 Bitcoin Derivatives and Alternatives

Cryptocurrency is the internet-based use of cryptography to secure currency used for
financial transactions. Bitcoin is considered a cryptocurrency “coin,” with the term “coin”
denoting that bitcoins have the same features as money — fungible, divisible, portable,
and limited in supply. Cryptocurrency coins are intended to be used in the same manner
as fiat currencies. “Alternative coins,” or “altcoins,” refer to other cryptocurrencies that are
alternatives to bitcoins. Many altcoins are a fork of the Bitcoin blockchain while others are
built on new blockchains (O’Neal, 2019). Each altcoin functions within their own inde-
pendent blockchain where transactions occur.

From the Total Crypto Market Capitalization and Volume, $ chart, published by Trading-
View (TradingView, n.d.), the following are a sample of the leading coins. The value of mar-
ket capitalization as of September 2019, is shown for comparison purposes. As a point of

56
reference, with a total cryptocurrency market cap of $272.61B, Bitcoin Core (BTC) has the
largest market capitalization and volume, at $190.46B of September 2019 (Bitcoin.com,
n.d.).

Altcoins — Forks of Bitcoin

Although there are over 100 Bitcoin fork projects, three cryptocurrencies are notable and
described below.

Rank 4. BCH — Bitcoin Cash ($5.34B)

Bitcoin Cash is a hard fork from Bitcoin as of August, 2017, that increased the block size to
8MB, which then subsequently increased to 32MB. In addition to the blocksize, Bitcoin
Cash has an adjustable level of difficulty to ensure the chain’s survival and transaction ver-
ification speed (Reiff, 2020a).

Rank 9. BSV — Bitcoin SV ($2.39B)

Bitcoin SV is a hard fork from Bitcoin Cash, created in August, 2018. The chain leader of
Bitcoin SV is Craig Wright, who claims to be Satoshi Nakamoto. With an acronym of SV, for
Satoshi Vision, Bitcoin SV intends to return to the intent of the original Bitcoin. The block
size of Bitcoin SV is 128MB with a goal of minimizing transaction costs.

Rank 38. BTG — Bitcoin Gold ($189.7M)

Bitcoin Gold is a hard fork of Bitcoin as of October, 2017. The goal of Bitcoin Gold is to
implement a new algorithm for the mining process, a proof of work (PoW) algorithm called
Equihash that would not disproportionally favor major mining operations. The algorithm
restricted the mining to GPUs, instead of specialty ASICs, which tend to monopolize min-
ing by a few big players (Reiff, 2019a).

BTG is a cryptocurrency with Bitcoin fundamentals, mined on common GPUs instead of

specialty ASICs. ASICs tend to monopolize mining to a few big players, but GPU mining
means anyone can mine again — restoring decentralization and independence. GPU min-
ing rewards go to individuals worldwide. In addition, “bitcoin gold's developers were also
focused on issues relating to distribution, protection, and transparency” (Reiff, 2019a, Dis-
tribution section, para. 1).

Altcoins — Built on New Blockchains

There are altcoins that did not derive from Bitcoin’s open-source protocol. Rather, they
have created their own blockchain and protocol that support their native currencies. The
following altcoins are the three leading altcoins by market capitalization.

57
 ETH — Ethereum — ($19.05B)

Ethereum launched in 2015 as a blockchain based platform with smart contract function-
ality. Ethereum’s key improvement on Bitcoin was to utilize “smart contracts” that enforce
the performance of a given transaction, compel parties not to renege on their agreements,
and contain mechanisms for refunds should one party violate the agreement (Martucci,
n.d.). Smart contracts and distributed applications can be built and run on the Ethereum
platform.

Ether is the cryptocurrency token used in Ethereum to pay transaction fees for the activi-
ties conducted in the applications. The price of the transaction fee is based on the transac-
tion’s complexity, bandwidth, and storage requirements. The average transaction fee is
$0.14 as of September 2019.

Ethereum uses the PoW Ethash consensus algorithm which reduces the advantages of
ASICs in the mining process.

Ethereum Classic (ETC) is the original Ethereum blockchain, while Ethereum (ETH) is a
fork. In 2016, the Ethereum community launched the Decentralized Autonomous Organi-
zation (DAO) to build an application on Ethereum, a decentralized venture capital fund for
decentralized crypto projects, using independent investors as key actors. The DAO
obtained a crowd token sale to fund its development, raising $150M. Shortly after, a flaw
in DAO’s application code was exploited by attackers and more than $50M was stolen.
Many assumed that the Ethereum blockchain itself was hacked and Ethereum’s prices
dropped. It is key to understand here that the application was the source of the problem,
not the Ethereum platform. Ethereum’s community decided to execute a hard fork to
restore investors’ financial losses and ruined reputation. Some in the Ethereum commun-
ity continued on the old blockchain, which become known as Ethereum Classic, ETC. The
majority of the Ethereum community of miners and users followed the Ethereum fork,
which is known as Ethereum, ETH.

XRP — XRP ($11.24B)

Ripple released the XRP ledger in 2012. Ripple is known for its digital payment protocol,
allowing for the transfer of money in any form, including USD, Yen, litecoin, and bitcoin.
Ripple offers a payment settlement asset exchange and payment system similar to the
SWIFT system that is used for international money and security transfers by banks and
financial middlemen (Frankenfield, 2019). A consortium of 61 Japanese banks, in addition
to a few other global banks such as American Express, Santander, and Fidor Bank, are
reported to be testing the implementation of Ripple’s payment system (Reiff, 2020b). The
improvement on SWIFT is faster transaction confirmation times and lower transaction
fees. Ripple improves on some of the drawbacks attributed to traditional banks. Transac-
tions are settled within seconds on the Ripple network, even though the platform handles
millions of transactions frequently (Frankenfield, 2019).

58
XRP is the currency of Ripple. The fee to conduct transactions on Ripple is also minimal,
with the minimum transaction cost required for a standard transaction set at 0.00001 XRP
(equivalent to approximately $0.25 as of September 2019), compared to the large fees
charged by banks for conducting cross-border payments (Frankenfield, 2019). The average
transaction fee is $0.0002 as of September 2019.

Ripple uses a unique distributed consensus mechanism, Ripple Protocol Consensus Algo-
rithm (RPCA), through a network of servers to validate transactions. By conducting a poll,
the servers or nodes on the network decide the validity and authenticity of the transaction
via consensus. This enables almost instant confirmations without any central authority,
which helps to keep Ripple decentralized, yet faster and reliable (Reiff, 2020b).

LTC — Litecoin ($4.27B)

Started in 2011, Litecoin’s project code was copied from Bitcoin and then modified.
Although the code was used as a starting point, the Litecoin and Bitcoin blockchains do
not share a common ancestor, so Litecoin is not considered a fork of Bitcoin. Litecoin’s
advantages over Bitcoin include a higher crypto supply limit of 84M (versus 21M in the Bit-
coin network) and a shorter target block creation time of two and a half minutes versus
ten minutes in the Bitcoin network. The block reward for miners is halved with the proc-
essing of every 840K blocks in comparison to every 210K blocks for Bitcoin miners.

Litecoin is also the name of the currency used by Litecoin. The minimum transaction fee
for a Litecoin transaction is 0.0001 LTC/kb (equivalent to approximately $0.01 as of Sep-
tember 2019). The average transaction fee is $0.03.

Litecoin’s consensus algorithm is Scrypt. Scrypt is a PoW algorithm, which originally pre-
vented ASICs from being used by miners on the Litecoin network, allowing miners who use
CPUs and GPUs to remain competitive. Scrypt-capable ASICs have been developed for effi-
cient mining, and are being used by Litecoin miners (Asolo, 2018).

SUMMARY
Bitcoin is the leading blockchain cryptocurrency platform. Invented in
2008 by Satoshi Nakamoto and released in 2009, Bitcoin has a limit of
21M coins, and implements the principles of being open source, permis-
sionless, fungible, pseudonymous, and having no censorship or irrever-
sible transactions. Wallets are the means by which users interact with
the platform. A variety of forms of wallets offer alternative features to
best meet the needs of the user. A number of options exist for the pur-
chase of bitcoins, and a broad number of merchants will accept bitcoins
as payment.

As a Blockchain platform, bitcoin transactions are gathered into blocks

by miners, validated using the proof of work consensus algorithm, and
propagated to the network of nodes.

59
 A number of possible attack vectors exist including double-spending
attacks, 51% attacks, and Sybil network attacks.

Other concerns include the potential for information to be leaked which

would mean that users are not fully anonymous. The potential exists for
loss of privacy and the user’s activity being tracked.

Although there have been a number of security breaches that resulted in

the loss of users’ bitcoin holdings, the breaches did not happen on the
Bitcoin Platform itself, but rather in the users’ wallets during centralized
exchanges.

60
 UNIT 3
SMART CONTRACTS AND DECENTRALIZED
APPS

STUDY GOALS

On completion of this unit, you will have learned …

– how smart contracts automate the terms of a virtual contract.

– how decentralized applications (DApps) bring a front end interface together with smart
contracts and blockchain technology to provide a full-functioned application.
– examples of smart contract and DApps implementations.
– about Hyperledger and Ethereum, two of the leading platforms, as well as alternative
platforms for smart contracts and DApps implementations.
 3. SMART CONTRACTS AND
DECENTRALIZED APPS

Introduction
A blockchain is a type of distributed ledger that organizes transactions into blocks and
links them together by cryptographic validation. Smart contracts automate a contractual
agreement between two or more parties by writing the terms of the contract into lines of
programmed logic (code). These lines of code execute and record information onto the
blockchain ledger. Decentralized applications (DApps) are software applications created
for a specific purpose, providing a front end interface that uses smart contracts to handle
the execution of blockchain activities, and, therefore, using blockchain as the underlying
technology.

Hyperledger and Ethereum are leading providers of DApp platforms. Their features will be
compared and DApp examples, which span multiple industries, will be presented.

3.1 Smart Contracts

A smart contract is an automated process that is executed when certain criteria have been
met; it is self-executing and self-enforcing. In 1997, Nick Szabo defined the term “smart
contracts” in “Formalizing and Securing Relationships on Public Networks” as a combina-
tion of protocols which use interfaces to formalize and secure relationships over computer
networks with the benefit of reduced costs for the development and execution of con-
tracts (Szabo, 1997).

In the physical world, a contract between two parties is an agreement that typically results
in the exchange of currency, goods, and/or services. A contract can be verbal or written.
For example, a contract is established to buy a house, or to rent a car, or to provide con-
sulting services.

In the virtual world, a smart contract can also support the exchange of currency, goods,
and/or services. Unlike physical contracts, smart contracts, or self-executing contracts, are
written in a high-level programming language to describe the “if-then-else” condition of
the terms of the contract. The code is then written onto a blockchain, and the network
executes the actions defined in the smart contract when each of the conditions have been
met and verified. “To establish the terms, participants to a blockchain platform must
determine how transactions and their data are represented, agree on the rules that govern
those transactions, explore all possible exceptions, and define a framework for resolving
disputes. It’s usually an iterative process that involves both developers and business
stakeholders” (Gopie, 2018, How do, para. 3).

62
In the example of renting a car, once a renter has paid the funds for the rental car, a digital
key can be sent to the renter to unlock and operate the vehicle.

Multi-signature

Multi-signature, or multisig, capability can be built into smart contracts, requiring multiple
parties to sign a transaction to invoke a step of the smart contract. For example, a publica-
tion registry like arXiv might require the permission of all authors of an article to add,
update, or delete the publication’s entry on arXiv (Xu et al., 2019). Multi-sig can also be
used to approve transactions before funds are released from a wallet.

Oracle

Smart contracts can be written so that they are dependent upon price, performance, or
some other contractual parameter, that exists outside of the specific transaction. “Ora-
cles” can monitor these data points and be the interface that brings data from outside of
the blockchain into the execution of a step of the smart contract. For example, a smart
loan agreement may automatically deposit funds in a borrower’s bank account once an
oracle obtains confirmation that the borrower’s loan request has been approved. A second
example is that the stars of a television show might want to renegotiate a contract with a
studio if a pilot episode proves popular and the studio wants to make it into a series
(Gopal et al., 2018). The oracle can monitor television ratings’ sites in order to determine
whether a specified threshold has been reached. There are software and hardware ora-
cles.

Software oracles access data provided by a third-party API, such as the price of a product API
or the availability of a hotel room. Inbound oracles obtain data through an API and pro- Also known as application
programming interface,
vide that data, such as a gambling payout based on a win of sporting event, to the smart API is a programmed
contract. An outbound oracle is when internal blockchain data is used to trigger an exter- function that allows an
nal event, such as a lottery payout, based on the last block published (Najera, 2018). application to access the
capabilities or data of an
application.
Hardware oracles interact with the physical world, for example reading a barcode or sens-
ing an RFID. Najera (2018) states that “an interesting use case comes in the form of envi- RFID
ronmental data transcribed at the point of measuring. This way, scientific research can Also known as radio-fre-
quency identification,
progress globally without giving power to any one single government institution to alter RFID uses electromag-
or delete said data” (Oracle section, para. 3). netic fields to read tags
that are attached to phys-
ical objects.
Benefits

In addition to the inherent benefits of the blockchain platform, the automation of the
terms of a contract in the form of a smart contract results in a number of benefits.

• The ability to create and execute contracts without third parties, such as lawyers, real
estate agents, etc.
• Reduced errors because computer code is more exact than the legal jargon that is found
in a traditional contract. The code needs to record all terms and conditions in explicit
detail.

63
 • Transparency resulting from the terms and conditions, in the form of the computer
code, which is fully visible and accessible to all parties.
• Allows for the reuse of code, as appropriate, across multiple smart contracts.
• Speed is increased by removing the need for intermediaries, providing assurance that
blockchain will execute the code in a timely manner.
• Lower operating costs are incurred by removing the need for intermediaries.
• Paper free respects “go-green” initiatives.
• There is the potential to reduce need for litigation and courts. Parties commit them-
selves to be bound by the rules and results of the agreed-upon code. Szabo described
what may happen to someone who breaches a smart contract car lease bond: “If the
owner fails to make payments, the smart contract invokes the lien protocol, which
[automatically] returns control of the car keys to the bank” (as cited in Gopal et al.,
2018, p.28).
• More effective dealings and a higher level of trust are achieved because smart contracts
execute transactions in accordance with predetermined rules and the encrypted
records of those transactions are shared across participants. The transparent, autono-
mous, and secure characteristics of smart contracts ensure that information cannot be
altered for personal benefit.
• Contracts can be monitored for performance, and enforcement of contractual terms can
be done without human involvement.
• Smart contract transactions are stored on the blockchain in perpetuity.

Challenges

Smart contracts are an implementation upon the blockchain technology. In addition to

any limitations of the blockchain platform, the automation of the terms of a contract in
the form of a smart contract raises challenges specific to the construction of smart con-
tracts.

Contract language

Smart contract programmers/developers are the resources that are required in order to
create smart contracts. Developers will need to interact with third parties, such as lawyers
and real estate agents, to understand how to program the terms of the contract.

Computer code requires a definitive if-then-else structure. The complexity of understand-

ing what needs to be coded and writing the code is significant. Errors in the requirements
definition, definition of logic, and/or errors in the computer code could be far worse than
the ambiguous contract language of physical contracts. Although elimination of third par-
ties is an identified advantage of smart contracts, it is likely that the role of third parties is
changed rather than eliminated since developers will need guidance from experts.

Should there be a problem with the smart contract, changes cannot be made and
deployed midstream to the blockchain. Physical contracts can be renegotiated and
changed based on agreement of the parties. Centralized software code can be quickly
modified and deployed. However, smart contracts do not afford the user these benefits to
correct contractual terms.

64
Should there be a dispute, arbitration and settlement must include the parties to the con-
tract, the developer (and/or technologist who can interpret the computer code), and third
parties who assisted the developer in understanding and programming the terms of the
contract.

Coding errors

As with all new technologies, acceptance is a concern. Inflated expectations and unrealis-
tic use cases need to be managed in order to build smart contract solutions that are suc-
cessful for the users.

Once built, as stated by Lee (2018), “blockchain itself may be trustless, immutable, and
incorruptible, but if we ignore the bugs present in them, they are as good as multi-billion
dollar safes with faulty locks” (Solutions section, para. 7.).

Smart contract code, as with centralized code, is likely to contain errors in the code, such
as bugs, whether this is intentional or not. Sedgwick (2018) states that 25 percent of the
smart contracts, audited by the security firm Hosho, contained bugs that will critically
affect the execution of the smart contract, and 60 percent of the smart contracts had at
least one security issue.

In the development of the smart contract, use of experienced patterns and observance of
anti-patterns is highly recommended. For example, best practices recommended in the
Ethereum Smart Contract Best Practices include pausing the contract when things are
going wrong, managing the amount of money at risk, and having an effective upgrade
path for bugfixes and improvements in order to be able to respond to bugs and vulnerabil-
ities gracefully.

After development, Sedgwick (2018) states that Hosho recommends the use of a third
party to conduct an audit of the smart contract before deployment. Furthermore, auto-
mated solutions that will mathematically prove smart contracts and DApps free of bugs
and hacker-resistant are in development (Lee, 2018).

Bad data

Smart contracts that use oracles risk that the sources of data used by oracles are central-
ized and contrary to the purpose of the blockchain. Centralized data sources can be tam-
pered with and data can be manipulated. This “oracle problem” can be mitigated by
sourcing data from multiple nodes, and verifying the nodes for reliability and trust before
including them in the blockchain network. As an example, statistics from sporting events
or financial market information can be sourced from multiple nodes.

Regulations

From a legal perspective, there is a lack of regulation and policies for smart contracts. Gov-
ernment approval and regulations are lacking in many countries, leading to issues regard-
ing enforceability and jurisdiction. Regulating smart contracts in one jurisdiction but not

65
 the other creates more questions when parties to the smart contract straddle multiple
states, countries, or continents. Additionally, in the event of a dispute, judicial enforce-
ment is also uncertain.

Other challenges

Smart contracts are not able to determine the quality of a product or service, and human
intervention is still required to provide the qualitative knowledge.

Opportunities for Smart Contracts

A number of industries present opportunities for smart contracts. As previously noted,

realistic use cases with realistic expectations need to be established for the successful
implementation of a smart contract solution.

Healthcare

Healthcare professionals can use smart contracts to access and share patients’ medical
records. The multi-signature feature of smart contracts enables control to be managed by
both patients and providers.

Medical research procedures can be enhanced with smart contracts that enable access by
researchers to the health data of participants in exchange for micropayments made to
patients for their participation.

Patient health can be tracked using Internet of Things (IoT) devices for the capture of
health-related events. Patients can be rewarded based on this data.

Financial services

Banks could potentially use smart contracts to streamline clearing and settlement proc-
esses. Forty global banks participated in a consortium to test smart contracts for this use
case (Ream et al., 2016).

Smart contracts can simplify the letter of credit process used for the international transfer
of products and services.

Trade clearing approval workflow can be managed between counterparties and funds can
be transferred once the settlement amounts are computed (Bhardwaj, 2018).

Supply chain

Smart contracts can aid in the understanding of the movement and location of products
through every stage of the supply chain. They can provide transparency and visibility from
the supplier of inventory components to the delivery of the finished goods. IoT devices on
materials can provide input to the smart contract.

66
Voting

Voting is also an opportunity to use smart contracts. Assured by the PKI-based security,
voting can be conducted in a suitable blockchain. Statistics have shown that public block-
chains are more feasible for small polls whereas permissioned blockchains will be
required to run national scale elections (Hu et al., 2018). An example of a smart contract is
for voting in the United States. The ballot would go through several states, from the point
it is created, open for voting, to the ballot being closed and the votes counted. In each
state, the contract dictates what the chairman and voters are allowed, or not allowed, to
do. For example, the contract does not allow voting to start until the chairman starts the
voting process. It does not allow the chairman to add new voters once voting begins (Ng,
2019).

Music/media

Blockchain networks with smart contracts have the potential to restructure the rights and
royalties systems in the music industry. There are a number of startups, including Ujo
Music and Voise, which use blockchain technology to allow musicians to monetize their
work, manage their rights, and accept peer-to-peer payments. A song streamed by a user
triggers a smart contract that will make an instant payment to the artist, songwriters, or
rights holders. In addition, it also allows the participants to gather, store, and analyze use-
ful consumption data. The smart contracts have the potential to treat the artists as entre-
preneurs and also as partners. The transparent distributed ledger of the blockchain will
expose the distribution of revenue generated on a song. It can be automated as a micro-
payment in which the streaming of any song will immediately distribute the revenues
according to the percentages predefined in the smart contract (Gopal et al., 2018).

Insurance

Smart contracts could calculate payouts based on the policy and claim. In the example of
travel insurance that pays an amount for flight delays or cancellations, a smart contract,
using an oracle to gather flight status, can issue a benefit if the flight is delayed or cancel-
led in excess of the tolerance specified in the insurance policy.

E-commerce

In a common e-commerce scenario, the customer purchases a product from a supplier,

and the customer pays for the product via credit card, PayPal, or EFT. With smart con- EFT
tracts, the purchase will be made, and the cost of the product will be deducted from the This stands for electronic
funds transfer, which is
customer’s wallet and placed in escrow. The supplier ships the product, and when an ora- the transfer of funds from
cle obtains the delivery data from the carrier, the smart contract logic then releases the one bank account to
escrowed funds to the supplier. another without the
direct intervention of
bank personnel.

67
 3.2 Decentralized Apps (DApps)
A decentralized application, or DApp, is an application that uses smart contracts, for
example, blockchain, as the backend mechanism for the processing, security, and storage
of the transaction data. The DApp is similar to a web application with the front end using
the same technologies to render the web page. Instead of connecting to a database, the
DApp connects to a smart contract which then connects to the blockchain.

DApp Criteria

The criteria for a DApp is as follows:

• Open source: The DApp is not controlled by an organization. Any change to a DApp is
approved via the consensus protocols on the blockchain.
• Decentralized: The DApp’s transactions (data) should be stored cryptographically and
be publicly accessible on a decentralized public blockchain.
• Incentive: The DApp has crypto-tokens/digital assets for fueling itself.
• Algorithm/protocol: Tokens must be generated by the DApp according to a standard
algorithm. The tokens must be distributed during operation, and the token is necessary
for using the application in order to reward the miners.

Bitcoin is considered to be a DApp as it satisfies all of the above criteria.

Technical Aspects

DApps are applications that run without servers. They run jointly on the client side and on
a distributed blockchain network. The backend, the blockchain, runs on a distributed net-
work that is responsible for the processing and storage of the transactions. The DApp data
and its logic, in the form of a smart contract, is replicated across the network’s nodes. The
client’s device manages the user credentials and the front end. In the same manner that
separation is done with traditional software, this architecture allows the user interface to
be decoupled from the business logic and data layers (Samuel, 2018). The benefits of
decoupling include easier maintenance of code, independent releases of code, and the
ability to scale specifically to the layer.

Benefits

The advantages of DApps above and beyond the benefits achieved by blockchain and
smart contracts are that DApps economize digital resources, monetizing capabilities that
had not previously been monetized in the digital world. Processes and new ways to work
and conduct transactions enable a greater range of value to serve a wider market of users.
For example, Brown (2016), identifies that DApps can be used to

• enable embeddable records like smart contracts.

68
• prevent fraud through the use of tokens: Tokens replace account and credit card infor-
mation on the blockchain with non-sensitive tokens which are used as the identifier
during the payment process. The tokens can only be traced back to the original account
or card data with a master key as part of the tokenization service (Chargebacks.com,
n.d.).
• build Distributed Autonomous Organization (DAOs). DAOs are organized groups of peo-
ple who interact with each other by using smart contracts for its processes. The smart
contracts are the electronic representation of the rules upon which the company func-
tions. Other decisions can be made by participants who control a certain amount of the
tokens and can therefore vote for decisions. Other things like determining which project
will receive money is decided by letting token holders cast their vote (Universa, 2017).
Dash is an example of a DAO. It is an open-source, peer-to-peer cryptocurrency, which
offers instant payments and private transactions.

Challenges

The implementation of DApps presents a number of challenges that need to be taken in to

account when considering a DApp as a solution platform.

Bug fixes or updating DApps require that all nodes in the network accept and agree to the
update. Unlike a centralized application where approval given to an update can result in
an immediate or scheduled update, the update of a DApp is based on the coordination of
the nodes.

With the complexity of implementing DApp updates, scalability and functionality need to
be considered in the initial release in order to gain acceptance. Unlike a DApp, a central-
ized application often starts its life as a minimum viable product. As the application is pro-
ven and acceptance is gained, additional functionality and additional components that
allow it to scale in order to meet needs can be added. The incremental approach of a cen-
tralized application allows for investment based on proven return. Because implementing
a DApp requires larger coordination and acceptance by the network, reducing the number
of releases is key.

Knowing your customer is not easy in blockchain. The inherent properties of blockchain
are that users are not directly identifiable. As a result, there is a limited understanding of
the customer demographics and attributes that might help to provide the best DApp fea-
tures.

Opportunities for DApps

The following is a list of some of the leading DApp projects:

• The SAFE Network is a decentralized data storage and communications network

focused on providing the greatest level of security for all internet users. It uses SafeCoin
on the Bitcoin blockchain.

69
 • Factom simplifies the process of enhanced big data management recordkeeping. Fac-
tom creates digital fingerprint data and publishes that digital fingerprint in a block-
chain, resulting in a permanent ledger distributed across the globe. Factom uses Fac-
toids, Factom coins, and is operated on the the Bitcoin network.
• BURST delivers the CloudBurst DApp which provides cloud-based data storage. Cloud-
Burst uses Burstcoin on the Burstcoin blockchain.
• Golem is a decentralized application that offers a global market for idle computer
power. Golem uses Golem tokens on Ethereum’s blockchain.
• Augur is a decentralized prediction market that rewards its users for forecasting events.
Augur uses an Augur token on Ethereum’s blockchain.
• Counterparty is a decentralized financial platform for creating peer-to-peer financial
applications. Counterparty uses Counterparty tokens on the Bitcoin blockchain (Brown,
2016, and Agrawal, 2019b).

3.3 Ethereum
Ethereum is a public, open source blockchain-based distributed computing platform that
enables developers to build and deploy DApps. It was launched in 2015 by Vitalik Buterin
after he analyzed the Bitcoin blockchain and posed the idea that improvement could be
made by creating a blockchain that includes a Turing-complete programming language
that is able to run applications in a trustless manner.

Turing-complete, named after computer scientist Alan Turing, is a term given to a system
of rules that manipulates data. A Turing-complete system can be proven mathematically
to be able to perform any possible calculation or computer program given the correct
algorithm together with the necessary time and memory. CPU instruction sets and pro-
gramming languages such as C, Pascal, Java, and C++ are all examples of formal rule sys-
tems that are Turing-complete.

Tokens

The Ethereum blockchain uses ether and gas.

Ether (ETH) is the cryptocurrency which runs on Ethereum. Ether is issued at a constant
annual linear rate via the block mining process. A new Ethereum block is mined every 12—
14 seconds and a reward of five ether given to its miner falls within the limit of 18M ether
allowed to be released each year (Ethereum, 2019).

Gas is the value required to successfully conduct a transaction or execute a smart contract
on the Ethereum blockchain. Gas is a unit that measures the amount of computational
effort that it will take to execute operations on the Ethereum blockchain. Every operation
requires some amount of gas. Miners get paid an incentive amount in Ether which is equal
to the amount of gas that was required to execute the necessary operations on the Ether-
eum blockchain (Rosic, n.d.-c).

70
There is not a fixed conversion rate between gas and ether. The average gas price is typi-
cally about 0.00000002 ETH but this can increase during times of high traffic on the net-
work (Rosic, n.d.-c).

Ethereum Platform

Ethereum consists of a number of key components.

The Ethereum virtual machine (EVM) is the Ethereum platform that runs on the Ethereum
network. EVM allows smart contracts to be compiled into EMB compatible bytecode and
deployed to the blockchain for execution. The EVM executes the computations and tracks
the state of the ether balances in customers’ accounts.

Ethereum uses a proof of work algorithm for miners to come to consensus.

The Solidity programming language is used by Ethereum developers. Solidity is an object-

oriented, high-level language (influenced by C++, Python, and JavaScript) used for imple-
menting smart contracts. Solidity is statically typed, supports inheritance, libraries, and
complex user-defined types among other features. With Solidity, you can create contracts
for uses such as voting, crowdfunding, blind auctions, and multi-signature wallets (Solid-
ity, n.d.).

Whisper is used for messaging so that DApps can communicate with each other.

Swarm is a distributed storage platform and provides content distribution services.

Using Ethereum

In Ethereum, the state is comprised of objects called “accounts.” There are two types of
accounts.

Externally owned accounts: Externally owned accounts are owned by a person or an exter-
nal server, and have no code associated with them. Externally owned accounts contain a
balance and can send transactions.

Contract accounts: Contract accounts are not controlled by a person. They are controlled
by code associated with them. A contract account has a balance and its own persistent
state.

Externally owned accounts can send messages to other externally owned accounts (a
value transfer) or to other contract accounts by creating and signing a transaction using its
private key. A message sent from an externally owned account to a contract account acti-
vates the contract account’s code, triggering it to perform various actions (e.g. Transfer
tokens, write to internal storage, perform a calculation).

Contract accounts cannot initiate new transactions, they can only respond to transactions
they have received.

71
 DApps on Ethereum

The following list contains five of the leading DApps that operate on Ethereum:

• IDEX is a decentralized exchange that leverages smart contracts to manage trading of

Ethereum and ERC-20 token trading pairs. ERC-20 is a protocol that defines rules and
standards for issuing tokens which are traded on Ethereum, rather than on their own
blockchain. IDEX charges fees to the sellers and the buyers.
• Forkdelta is a decentralized exchange to trace ERC-20 compatible tokens. Forkdelta sep-
arated from Etherdelta in 2017 when Forkdelta combined the smart contract of Ether-
delta with a new frontend user interface (UI) that is easier to use. Forkdelta charges fees
to the sellers and buyers.
• CryptoKitties is a gaming DApp in which players collect and breed virtual kitties. Crypto-
Kitties charges Ether for the breeding and sales of kitties.
• Gnosis is a prediction market platform where users speculate about future real-world
events such as presidential elections, commodity prices, etc. Users trade tokens that
represent the outcome of a certain event. As time passes and the outcome is refined,
the value of tokens change. Tokens representing a more likely outcome will increase in
value while other tokens will decrease to no value. Accurate predictions are rewarded.
Some users will also trade tokens for a profit as the market conditions change and the
perceived outcome shifts.
• UPort is an identity management platform which allows users to register their own
identity on Ethereum, send and request credentials, sign transactions, and securely
manage keys and data.

3.4 Hyperledger
Hyperledger was established by the Linux Foundation, which has brought many open
source projects to fruition. Hyperledger is governed by a diverse technical steering com-
mittee with the key project, Hyperledger Fabric, being supported by a broad set of over
200 maintainers from over 35 organizations. Unlike Ethereum, which is a platform, Hyper-
ledger is an umbrella of multiple platforms for the building of cross-industry enterprise
solutions (DApps) based on blockchain technologies.

Table 3: Hyperledger Umbrella

Category Hyperledger offerings

Distributed ledgers • Besu: Java-based Ethereum client

• Burrow: permissionable smart contract machine
• Fabric: enterprise grade DLT with privacy support
• Indy: decentralized identity
• Iroha: mobile application focus
• Sawtooth: permissioned and permissionless support

72
 Category Hyperledger offerings

Libraries • Aries: focused on creating, transmitting, and storing verifiable digital

credentials
• Quilt: Java implementation of the Interledger protocol, enabling pay-
ments across any payment network, fiat or crypto
• Transact: focused on software for the scheduling, transaction dis-
patch, and state management of smart contracts
• Ursa: cryptographic library

Tools • Caliper: used to measure the performance of a blockchain implemen-

tation with predefined use cases
• Cello: used for “as-a-service” deployment model
• Explorer: used to create user-friendly, web-based applications

Domain-specific • Grid: to build supply chain solutions. Includes libraries, data models,
and a software development kit (SDK)

Source: Created on behalf of IU (2023)., based on Hyperledger, n.d.

Hyperledger libraries and tools provide capabilities to aid in the development of the
Hyperledger distributed ledger platforms. All libraries and tools are in an incubation phase
of production. Some distributed ledgers are in an active status, while some are still in an
incubation status.

For Hyperledger projects to graduate from incubation to active status, they must

• have a fully functional code base,

• have test coverage commensurate with other active projects,
• have an active and diverse community of developers, and
• have a history of releases that follow the active release process (Kuhrt, 2019).

The active Hyperledger distributed ledger platforms used for smart contract development
are described below.

Fabric

Hyperledger Fabric, backed by IBM, is an enterprise-grade permissioned distributed ledger

framework that provides developers with a platform for building blockchain-based solu-
tions and applications. Fabric is intended for a broad range of industry solutions use cases
including banking, finance, insurance, healthcare, human resources, supply chain, and
digital music delivery.

Designers can plug in chosen components such as consensus, key management, identity
management, or cryptographic libraries. This allows Fabric to be configured in multiple
ways that satisfy the uniqueness of the solution requirements. A Fabric channel provides
privacy to participants in the network, establishing a private communication between two
or more specific network members for purposes of conducting private and confidential
transactions. Participants who are not a member of a channel do not have access to trans-
actions associated with that channel. Participants can be members of more than one
channel.

73
 At a high level, Fabric is comprised of the modular components listed below.

A pluggable membership service provider is responsible for associating entities in the net-
work with cryptographic identities. As a permissioned distributed ledger, only authorized
parties enroll through a membership service provider so that they can work within the
system. The result is that a network can be operated under a governance model built on
the trust that exists between participants, such as a legal agreement for dispute handling.

An optional peer-to-peer gossip service disseminates the block’s output by ordering serv-
ice to other peers.

Smart contracts within Fabric are referred to as chaincode. A DApp invokes the chaincode
to interact with the world state of the ledger. Chaincode can be run within a container
environment (e.g. Docker) for isolation. Smart contracts can be written in general-purpose
programming languages such as Java, Go, and Node.js.

DBMS The ledger can be configured to support a variety of DBMSs. The ledger subsystem of Fab-
A database management ric consists of the world state log and the transaction log. The world state component is
system is system software
that creates and manages the database of the ledger and describes the state of the ledger at a point in time. The
the storage of data. transaction log records all transactions that have resulted in the current state of the data-
base, the world state. Every participant has a copy of the ledger (the world state and the
transaction log) for every Fabric network that they belong to.

A pluggable endorsement can be independently configured for each application. The

endorsement executes a transaction and checks its correctness.

A pluggable ordering service establishes consensus on the order of transactions and then
broadcasts blocks to peers. The ordering service orders transactions via a consensus pro-
tocol. Therefore, any block a peer validates as generated by the ordering service is final
and correct. Because Fabric is a permissioned blockchain and relies on the identities of
participants, it can use more traditional crash fault tolerant (CFT) or byzantine fault toler-
ant (BFT) consensus protocols that do not require costly mining.

A pluggable validation policy enforcement that can be independently configured per

application. The validation policy is used to validate transactions against an application-
specific endorsement policy before committing them to the ledger.

Fabric implementations

• Food source tracking: IBM Food Trust is powered by Hyperledger Fabric to create visibil-
ity and accountability in the food supply chain. It connects growers, processors, distrib-
utors, and retailers through a permissioned, permanent, and shared record of food sys-
tem data to ensure the safety and quality of the food supply. A consortium in
collaboration with IBM includes major retailers and food suppliers Golden State Foods,
McCormick and Co., Nestlé, Tyson Foods, and Wal-Mart Stores Inc. The solution pro-
vides authorized users with immediate access to actionable food supply chain data,
from farm to store and ultimately the consumer. The complete history and current loca-

74
 tion of any individual food item, as well as accompanying information such as certifica-
tions, test data, and temperature data, are readily available in seconds once uploaded
onto the blockchain.
• Airlines: To help airlines improve passenger ticketing processes, NIIT Technologies’
Chain-m blockchain application reports on a wide range of critical information, from
the number of tickets sold to fare amounts, commissions, taxes collected and more.
This added transparency is expected to help improve record-keeping, save money, and
improve security and agility in a complex business.
• Enterprise operations management: China’s largest retailer, JD.com, created JD Block-
chain Open Platform to help enterprise customers streamline a wide range of opera-
tional procedures by creating, hosting and using their own blockchain applications in a
Retail-as-a-Service strategy. The platform allows users to create and update smart con-
tracts on public and private enterprise clouds, while enabling companies to track and
trace the movement of goods, charity donations, authenticity certification, property
assessment, transaction settlements, digital copyrights, and more. The China Pacific
Insurance Company is using the platform to deploy a traceable system for e-invoices,
which are official receipts required in China for business.
• Insurance Compliance: The American Association of Insurance Services, an insurance
advisory organization, created openIDL (open Insurance Data Link), which is designed
to automate insurance regulatory reporting. This platform collects and shares statistical
data between insurance carriers and regulators, satisfying state regulatory require-
ments, while storing historical and current data on an immutable blockchain ledger.
Regulators are then given permissioned access to view only the information they need
to see for compliance purposes (Hyperledger, n.d.).

Iroha

Hyperledger Iroha offers a small set of commands and queries focused on writing smart
contracts for financial applications, digital asset management, and digital identity use
cases for enterprises. Hyperledger Iroha complements other Hyperledger projects by pro-
viding an alternative design solution for mobile-oriented use cases.

Key features of Iroha’s core architecture are inspired by Hyperledger Fabric, for example:

• permission-based structure,
• variety of libraries for developers,
• role-based access control,
• assets and identity management,
• blocks are stored in files while the ledger state is stored in the PostgreSQL database,
• DApps can be written in Python, Java, JavaScript and C++ as well as for the Android and
iOS mobile platforms, and
• consensus algorithm is Yet Another Consensus (YAC), which is a Byzantine-fault tolerant
algorithm for decentralized consensus.

75
 Iroha implementations

• Finance: Project Bakong, a core banking system developed for the National Bank of
Cambodia and deployed in the central bank, provides real-time financial system sup-
port for asset management between Cambodian banks.
• Insurance: Sompo Japan used Hyperledger Iroha to manage weather derivative con-
tracts.
• Identity management: Sora (XOR) developed a decentralized autonomous economy
and identity platform, Sora Passport.

Sawtooth

Contributed by IBM, Sawtooth is also a modular platform for building, deploying, and run-
ning distributed ledgers. At a high level, Sawtooth’s distinctive characteristics are listed
below.

Isolation between the core system and the application level: Sawtooth separates the
application level from the core system level allowing developers to build applications in a
programming language of choice that can be hosted, operated, and run without interfer-
ing with the core blockchain system. Supported languages include C++, Go, Java, Java-
Script, Python, and Rust.

Modular: Each application can select transaction rules, define the consensus mechanisms,
and select the required permissioning to decide the working of the digital ledger in a way
that meets and supports the unique business needs.

Private networks with the permissioning features: Sawtooth supports permissionless and
permissioned infrastructure. Select clusters of nodes can be deployed with different per-
missions on the same blockchain. This flexibility allows the building of private, consor-
tium, or public networks by specifying which nodes are allowed to join the validator net-
work and participate in the consensus, and which clients are allowed to submit batches
and transactions.

Parallel transaction execution: Sawtooth contains an advanced parallel scheduler that

classifies transactions into parallel flows. When possible, transactions are executed paral-
lelly while preventing double spending. The result is a potential increase in performance
over serial execution.

Fast transaction performance: Sawtooth keeps the latest version of assets in the global
state and transactions in the blockchain on each network node. This means that you can
CRUD look up the state quickly to carry out CRUD actions, which provides fast transaction proc-
Create, read, update, and essing (Linux.com Editorial Staff, 2019).
delete is typically used to
refer to activities that can
be conducted upon data. Consensus Mechanisms: Sawtooth supports proof of elapsed time (PoET), a Nakamoto-
style consensus invented by Intel. PoET is a Byzantine Fault-tolerance (BFT) consensus
algorithm that supports large-scale networks with minimal computing and much more
efficient resource consumption compared to proof of work algorithms. PoET can achieve
the scalability of Nakamoto-style consensus mechanism without the drawbacks of power

76
consumption of the PoW algorithm. Each node waits for a random period of time, and the
first node to finish is the leader and commits the next block (Linux.com Editorial Staff,
2019).

Sawtooth implementation

Direct trade organic coffee seller Cambio Coffee provides a clear, traceable supply chain
path for its products — from harvesting to roasting, packaging, and shipping — so custom-
ers can learn the exact details of what they are buying and drinking. To do that, the com-
pany began adding QR scan codes from ScanTrust to its coffee packaging, which, when
scanned, records those details onto a Hyperledger Sawtooth blockchain network. Tying
the QR codes together with the blockchain data lets coffee buyers scan the codes to see
exactly where their coffee originated and how it arrived in their local store and into their
grocery carts. The idea, according to Cambio Coffee, was to give its customers trust in its
products and to provide transparency and traceability throughout their journey to cus-
tomers (Hyperledger, n.d.).

In summary, the following table identifies some of the key differentiators of the active
Hyperledger platforms.

Table 4: Comparison of Hyperledger Platforms

Fabric Iroha Sawtooth

Backed by IBM Soramitsu, Hitachi, IBM, Consensus mech-

NTT Data, Colu anism PoET from Intel

Industry use cases banking, finance, financial applications, financial, supply chain,
insurance, healthcare, digital asset manage- access control man-
HR, supply chain, digi- ment, digital identity agement
tal music delivery use cases

Specialization mobile-oriented use

cases

Mode of operation permissioned or pri- permissioned permissioned, permis-

vate sionless, or private

Component features • plug-in to Fabric

channel
• pluggable member-
ship provider

Database Variety PostgreSQL database Lightning Memory-

mapped database
(LMDB)

Programming lan- Java, JS, Go DApps written in C++, Go, Java, JS,
guage Python, Java, JS, C++ Python, Rust

Consensus mechanism pluggable Yet Another Consensus PoET

(YAC)

77
 Fabric Iroha Sawtooth

Notes • for high-scaling small set of fast com- • fast transaction per-
blockchain applica- mands and queries formance
tions with flexible • parallel transaction
degree of permis- execution
sion • supports Ethereum
• transactions are Solidity-based
executed using smart contracts
chaincode, in any
order, possibly par-
allel

Source: Created on behalf of IU (2023).

3.5 Alternative Platforms for Smart

Contracts and DApps
EOS and Tron are platforms built with what they believe to be improved capabilities com-
pared to Ethereum.

Tron

Tron became independent from Ethereum in June 2018 after the Tron Foundation had
generated $70 million in a token sale in 2017. TRX is the Tron token.

The Tron community of less than 1,300 nodes as of mid 2019, use the delegated proof of
stake (DPoS) consensus mechanism. DPoS is structured with twenty-seven super repre-
sentatives (SR) producing blocks. The designation of the SRSs is done every 6 hours when
Tron account holders vote for SR candidates, resulting in the top twenty-seven being
selected as the SRs for the next period of time. Account holders (voters) may choose SRs
based on criteria such as projects sponsored by SRs to increase Tron adoption, or rewards
distributed to voters.

In the first quarter of 2019, a study from DApp Review stated that 64 percent of the DApps
on Tron facilitate gambling (Cuen, 2019), making it the leading use case for the Tron block-
chain.

According to Agarwal (2019), as of 2019, the top Tron DApps are:

• TRONbet — a gambling game,

• P3T — a cryptocurrency exchange where a user can earn dividends from buying, selling,
and all current and future games,
• Fishing Master — a fishing game where fishermen try to catch as many fish as possible,
• TRONlegend — the world’s first MMORPG (massively multiplayer online role-playing
games) game based on TRON,
• CandyMoreBox — an advertising platform that offers free candy as tokens,

78
• TronTrade — a decentralized exchange where a user can buy and sell TRC10 and TRC20
cryptocurrencies,
• 888Tron — a roulette-style game,
• Tron Village — an economic strategy game where users can earn cryptocurrency by run-
ning a factory (business), and
• Tron Vegas — a variety of Vegas-style games.

EOS

EOS was created by Block.one as a smart contract blockchain platform. EOS began as an
ICO in June 2017, raising over $4 billion, the largest in ICO history at the time. EOS is the
seventh largest blockchain by market cap, with a value topping $3 billion as of February
2019 (Dale, 2019). EOS is the EOS token.

Similar to TRON, EOS uses a consensus mechanism of delegated proof of stake (DPoS).
The EOS community, of less than 100 nodes as of mid 2019, selects 20 witnesses. The 20
witnesses, plus a random final producer, produce blocks to be added to the blockchain.

Scalability is intended to be a key strength of EOS. EOS can currently process 3K transac-
tions per second and aim to process 50K transactions per second. A reminder that Bitcoin
processes 4.6 transactions per second, while Visa processes 1,700 transactions per second.

EOS uses an ownership model for its developers. DApp developers use tokens to access
resources such as bandwidth and computational power, and to buy RAM. EOS transactions
do not require payment of fees. However, transactions consume blockchain resources
which are often constrained and require careful allocation to prevent misuse. The EOS.IO
software allows each account to utilize a percentage of the available RAM proportionate to
the amount of token staked in the network. For example, if an account staked five percent
of all the EOS token distributed, then this account has the right to use five percent of the
RAM capacity. Developers can trade idle RAM to others on the network (InfStones, n.d.).

This ownership model has led to fears that the structure was too centralized, with con-
cerns further elevated because the majority of the nodes are in China, where state inter-
vention is a risk. Furthermore, EOS developers are making little or no money for their work
because they are limited by the excessive power of the largest EOS token holders (Dale,
2019).

According to Maurya (2019), as of 2019, the top EOS DApps are:

• PRA Candybox — EOS token distribution,

• EOS Knights — mobile game, hire a knight to protect the town from goblins,
• ENBank — bank,
• Token Planet — game in which players can establish their own business system,
• EOSBet — gaming platform,
• KARMA — decentralized social network, rewarding positive human interactions,
• BETX — gaming platform,
• Endless Game — profit-sharing game,
• EOSlots — gaming platform, and

79
 • FarmEOS — game platform.

SUMMARY
Blockchain, smart contracts, and DApps are the components of a block-
chain-based application.

Smart contracts build upon the blockchain technology with program-

ming logic that automates virtual transactions between two or more
parties. Smart contracts allow parties to exchange currency, goods,
and/or services with dependencies built into the smart contract logic.
Smart contracts leverage blockchain by writing transactional data to the
blockchain where it can be processed as defined in the consensus mech-
anism.

Decentralized applications, or DApps, provide a front end user interface

to the blockchain-based application. The DApp will execute the logic of
one or more smart contracts.

Hyperledger and Ethereum are the two leading platforms for DApp
development. Both platforms have been used to create DApps for a
number of industries, including gaming and currency exchange. Tron
and EOS are two more recent players with their platforms, believed to
be improvements on Hyperledger and/or Ethereum.

80
 UNIT 4
SECURITY OF BLOCKCHAIN AND DLT

STUDY GOALS

On completion of this unit, you will have learned …

– about the multiple attack vectors that challenge the use of a blockchain platform.
– about examples of actual attacks on blockchain platforms.
– about safety mechanisms to improve security on a blockchain platform.
– about long range security concerns for blockchain.
 4. SECURITY OF BLOCKCHAIN AND DLT

Introduction
The key attributes of blockchain are intended to ensure the security of transactions con-
ducted in a blockchain environment.

Data is stored across a network of computer nodes, rather than in a centralized environ-
ment, creating a distributed environment that complicates the activities that might be
conducted by hackers. All data is cryptographically hashed, hiding its true identity. Pri-
vate/public key encryption is used to conduct transactions. The consensus algorithms exe-
cuted by the nodes of the network validate the transactions to be added to the block, and
the blocks to be added to the blockchain.

Despite the high level of security in blockchain environments, attack vectors have been
identified by experts. In some cases, hackers have been successful in their attacks. In this
section we will discuss these attack vectors as well as how blockchain participants can
reduce exposure. Finally, potential future security concerns will be discussed together
with alternative solutions.

4.1 Components of Security

The blockchain networks are secured by cryptography and hashing which is underlying in
digital signatures, mining, and Merkle trees. Together with the consensus mechanism,
blockchain has been designed to ensure the immutability of transactional data.

Cryptography Basics

Cryptography is the method of using advanced mathematical principles in storing and

transmitting data so that only the intended recipients can read and process the data. The
message is encoded, or encrypted, in such a way that it cannot be read or understood by
an unintended person. Today, coded messages use algorithms such as Advanced Encryp-
tion Standard (AES) or Rivest-Shamir-Adleman (RSA). The encryption and decryption proc-
esses are so highly complex and math intensive that computers are required for them.

Cryptography algorithms are either symmetric or asymmetric. The differentiator between

these two forms of cryptography is that symmetric cryptography uses a single key, while
asymmetric cryptography uses two different but related keys.

Symmetric cryptography

Symmetric cryptography uses the same cryptographic key for both the encryption of
plaintext and the decryption of the ciphertext. The keys may be identical, or there may be
a simple transformation calculation to go between the two keys.

82
Figure 11: Symmetric Cryptography

Source: icao, n.d.

Most symmetric algorithms use either a block cipher or a stream cipher. A block cipher
converts the plain text by taking one block at a time, while a stream cipher converts the
text by taking one byte at a time. Block cipher uses 64 bits or more, while a stream cipher
uses 8 bits.

AES is a symmetric block cipher developed in 1998 and chosen by the United States gov-
ernment to protect classified information. AES can support 128 bit data and has a key
length of 128, 192, and 256 bits, being referred to as AES-128, AES-192, or AES-256, respec-
tively. AES uses progressively more cycles, referred to as rounds, in the encryption process
to deliver the final cipher-text, or in the decryption process to retrieve the original plain
text.

Symmetric cryptography is faster and requires less computer power. However, symmetric
cryptography relies on the distribution of keys, because the same key is used to encrypt
and decrypt the information, opening up a security risk. For example, if user A sends user
B data that is secured by symmetric cryptography, user A must share the same key used
for encryption with user B so that the message can be decrypted. If the data and key are
intercepted by a malicious actor, the malicious actor has the ability to decrypt the data.

Asymmetric cryptography

Asymmetric cryptography, or public key cryptography, uses a pair of keys. The public key
is shared widely while the private key is known only to the owner. Either key can be used
to encrypt the message, while the other key is used to decrypt the message. In asymmetric
cryptography, a mathematical relationship or pattern exists between the public and pri-
vate keys. Because this pattern could potentially be exploited by attackers, asymmetric
keys need to be much longer to result in a sufficient level of security. For example, a 128-
bit symmetric key and a 2,048-bit asymmetric key result in similar levels of security.

83
 Figure 12: Public Key Encryption

Source: tutorialspoint, n.d.

RSA, founded in 1977, is an asymmetric block cipher. RSA uses a variable sized encryption
block and a variable sized key. It uses two prime numbers to generate the public and pri-
vate keys. The sender encrypts the message using the receiver’s public key. The receiver
decrypts it with their private key.

Asymmetric cryptography does not rely on key distribution because public keys are used
for encryption and private keys are used for decryption. However, asymmetric cryptogra-
phy is slow and requires more computing power because of the longer key lengths. With
asymmetric cryptography, if user A sends data to user B encrypted with user B’s public
key, user B will be able to decrypt it with his private key. A malicious actor would not be
able to decrypt the data because they lack user B’s private key.

Asymmetric cryptography can be used for asymmetric encryption and for digital signa-
tures, which may or may not include encryption.

Encryption

Encryption provides confidentiality. The encryption process encrypts the data with the
public key, and the data can only be decrypted with the corresponding private key. The
sender uses the recipient’s public key to encrypt, while the recipient uses their private key
to decrypt it.

Digital signing

Digital signing binds the identity of the sender to the data. The sender’s private key is used
to write the digital signature. The recipient uses the sender’s public key to verify that the
data is truly from the sender.

84
Hashing

A cryptographic hash function is a third type of cryptographic algorithm. Hashing is a

mathematic algorithm that takes data of any length and produces a string of fixed length,
called a hash. Originally, hashing was introduced to create checksums and indices of data.
In the current context, we are interested in cryptographic hashing which is one-way. It is
infeasible to use the output of the hash function to reconstruct the given input.

Any change in data, no matter how slight, will generate a different hash output value. The
integrity of the data can be validated by using the signer’s public key to decrypt the hash.
The decrypted hash can then be matched to a computed hash of the same data. If they
match, then the data is the same. If they do not match, the integrity of the data has been
tampered with.

In summary, cryptographic hash functions have the following characteristics:

• Deterministic — No matter how many times you give a function a specific input, the out-
put will always be the same.
• Irreversible — The input cannot be determined from the output of the function.
• Collision resistance — Every hash function has the potential to have collisions, the same
output being generated by two different inputs. The inputs to a hash function can be of
any length. This means there are infinite possible inputs that can be entered into a hash
function. However, outputs are of a fixed length. This means that there are a finite num-
ber—an extremely large number— of outputs that a hash function can produce. A fixed-
length means a fixed number of possibilities. Since the number of inputs are essentially
infinite, but the outputs are limited to a specific number, it is a mathematical certainty
that more than one input will produce the same output (Daniel, 2018b). The odds of a
collision are very low, especially for functions with very large output sizes. As available
computational power increases, the ability to force hash collisions becomes more and
more feasible (Privacy Canada, 2019).
• Changing any bit of data in the input will significantly alter the output. For example the
hashed outputs of 111111 and 111112 are unrelated (Lai & O'Day, 2018b).

Cryptography and Blockchain

Digital signatures

Digital signatures use asymmetric cryptography to ensure that the message has the fol-
lowing features:

• created by the claimed sender (authentication),

• the sender cannot deny having sent the message (non-repudiation), and
• the message was not altered in transit (integrity).

Digital signatures are created using the following three algorithms:

• key generation algorithm to generate a private and public key,

• signing algorithm that combines data and private key to create a signature, and

85
 • an algorithm that verifies the signature and determines the authenticity of the message
based on the message, the public key, and the signature.

A digital signature can be used with any kind of message, whether encrypted or not. Using
the example of an encrypted digital signature, to create a digital signature, a one way hash
of the electronic data to be signed is created. The private key is then used to encrypt the
hash. The encrypted hash, along with other information such as the hashing algorithm, is
the digital signature.

Figure 13: Encrypted Digital Signature

Source: Idris et al., 2016.

Using the crypto wallet as an example, the wallet address is a string of numbers and let-
ters generated using the public key. The private key associated with the wallet is kept
secret by the owner and is used to prove ownership of — and control the use of — the wal-
let. A combination of an owner’s public key and private key encrypts the information,
while the recipient’s private key and sender’s public key are needed for the decryption.

The Bitcoin blockchain uses Elliptic Curve Digital Signature Algorithm (ECDSA) as its digital
signature scheme for signing transactions. ECDSA requires smaller keys compared to non-
elliptic curve cryptography, such as RSA, to provide an equivalent level of security. As a
result, it is the preferred algorithm when there is a requirement for faster processing.

ECDSA is based on the algebraic structure of elliptic curves over finite fields. An elliptic
curve has the equation of y2 = X3 + ax + b with a chosen a and b. There are a number of
curves that are known, with Bitcoin using the secp256k1 curve along with the ECDSA algo-
rithm to generate a 256 bit digital signature.

Hashing

Cryptographic hashing is the component of blockchain technology responsible for the

immutability, or inability to change previous blocks, of the blockchain.

86
Hashes are used in blockchains to represent the current state. The input to the hash proc-
ess is the entire state of the blockchain, meaning all the transactions that have taken place
so far. The produced output hash represents the new current state which includes the
additional transaction.

Hashing is involved in four main processes:

• verifying and validating account balances of wallets,

• encoding wallet addresses,
• encoding transactions between wallets, and
• making block mining possible (Seth, P. 2018). Hashes are used by the proof of work con-
sensus algorithm that is required to be solved to get a block.

Every block being added to the blockchain contains a hash output of all the data in the
previous block. For example, the 100th block of a blockchain contains a hash of all the data
in block 99, while block 99 contains a hash of the data in block 98, etc. Every block from
the 100th to the 1st is linked by cryptographic hashing.

If someone changed data in any block, it would result in a change to the hash output of
that block’s data as well as every block higher in the chain. Miners would identify that
hashes don’t match their version of the chain and will reject the change.

Bitcoin uses the hash function SHA-256, while Ethereum uses keccak256. SHA (Secure
Hash Algorithm) is part of a group of hash functions called SHA-2. The SHA-256 algorithm
generates a fixed-size 256-bit (32-byte) hash. Keccak256 is the Ethereum-SHA-3 hash, gen-
erating an output 32-byte hash. SHA-2 and SHA-3 hash functions are both considered to
be secure standardized hash functions.

Mining

Mining is the process by which transactions are retrieved and added to the blockchain. In
order for a miner to create the previous block hash parameter in the block header, the
block header of the previous block must be processed through the SHA-256 algorithm
twice, known as double-SHA-256. The SHA-256 algorithm is also used to produce the Mer-
kle root. This creates the block header of the new block, and the miner can then begin the
mining process. The block header (including the nonce) is then hashed until the hash
result is below the target, at which time the miner has succeeded in mining the block.

Merkle trees

A tree, in computer terminology, is a term for storing data in a hierarchical tree-like struc-
ture. The bits of data are called nodes. The topmost node has child nodes linked under it,
which each may also have child nodes. Groups of nodes are called sub-trees, and a node
with no children is called a leaf node. A Merkle tree stores hash outputs instead of data in
each node. The Merkle root is the topmost node of the Merkle tree, meaning it represents
a hash output of the combined hashes of the left and right sub-trees. Using the Merkle root
and applying the properties of cryptographic hash functions, it can be readily determined

87
 whether or not transactions in a given block have been tampered with. Merkle trees allow
blockchain users to verify that a transaction has been included in a block without down-
loading the full blockchain.

In the example below, if you have the root hash (HABCDEFGH), you can confirm transaction
(TH) by accounting for hashes (HG), (HEF) and (HABCD). If those three hashes are on a block-
chain, then transaction (TH) is valid.

Figure 14: Annotated Merkle Diagram

Source: Created on behalf of IU (2023).

Consensus

Consensus rules on the network are used by the network nodes to validate a block and the
transactions within it. Every transaction that is transmitted must be approved by a major-
ity of the network nodes through a consensus-based agreement. Consensus mechanism
allows a blockchain to be updated, keeps all nodes in a network synchronized with each
other, ensures that every block is true, and keeps miners incentivized. It also prevents a
single miner from controlling the blockchain network. Consensus guarantees that the
nodes agree on the same state of a blockchain and that a single chain is used.

4.2 Attacks on Blockchain and DLT

Blockchain technology incorporates many factors that enhance security; however, it is not
immune from cyber-attacks. Users of blockchain technologies must understand the secur-
ity exposure in the mining process, at the end user level, and with the core blockchain
code.

88
Manipulating the Mining Process

51% attack

The 51% attack is a technique that occurs when an attacker is in possession of at least
51% of the hashing power and uses that power to manipulate and modify blockchain
information. This attack starts by creating a chain of blocks privately, which is fully iso-
lated from the real version of the chain. The attacker can defraud other users by sending
them payments and then creating an alternative version of the blockchain in which the
payments never happened. At a later stage, the isolated chain is presented to the network
to be established as a genuine chain (Sayeed & Marco-Gisbert, 2019).

However, the computer power to conduct a 51% attack is quite expensive. Based on num-
bers by TNW (Varshney, 2018), a one hour attack on Bitcoin would cost over $500K. How-
ever, cryptocurrencies with a lower market cap could cost much less. For example, the
cost of a one hour attack on Litecoin would cost $68K, and Bytecoin would cost $981. With
the challenge of the cost of obtaining the necessary level of power, attackers could band
together as mining pools comprised of multiple well-powered miners, and together, they
would have more than half of the computing power of the network.

An attacker exploiting this vulnerability would have the ability to (Li et al., 2018):

• reverse transactions and initiate double spending attacks,

• exclude and modify the ordering of transactions,
• hamper normal mining operations of other miners, and
• impede the confirmation operation of normal transactions.

Toward the middle of 2018, attackers began springing 51% attacks on a series of relatively
small, lightly traded coins including Verge, Monacoin, and Bitcoin Gold, stealing an esti-
mated $20M in total. In the fall, hackers stole approximaely $100K using a series of attacks
on the Vertcoin currency. In January 2019, hackers netted more than $1M from Ethereum
Classic, the first 51% attack against a top-20 currency (Orcutt, 2019).

Selfish mining

Selfish mining is when a miner or mining pool that comprises a large amount of the net-
work withholds blocks from the rest of the network. The selfish miner continues to mine
the next blocks, maintaining its lead. When the rest of the network is close to becoming
current with the selfish miner, the selfish miner releases the solved blocks into the net-
work. The result is that the chain of the selfish miner is longer and more difficult so that
the rest of the networks adopts their blocks and the selfish miner claims the block awards.

Majority hash attacks and mining centralization

As described in the 51% and selfish mining attacks, a group, or pool of miners is stronger
than any one miner. Mining centralization is a significant concern in the proof of work
(PoW) mining pools as a mining pool can compute more hashes and, therefore, have a bet-
ter chance of solving problems than single miners. Pools with immense hashing power

89
 can make the network more vulnerable to attacks. Seven out of ten of the major Bitcoin
mining pools are based in China. The domination of the few mining pools has structured
the blockchain so that it is comparable to a centralized network (Sayeed & Marco-Gisbert,
2019).

Double spending

Double spending is when a user purposely uses the same cryptocurrency multiple times
for blockchain transactions. In order to accomplish double-spending, attackers first spend
the currency in a legitimate chain, then build another chain privately where the attacker’s
coins are not spent. Once the privately mined chain is sufficiently long, the attackers
present the new chain to the network. Since the new chain is longer than the one being
used, the new chain will be used by the network as the legitimate chain, discarding the
blocks where the attackers spent their coins. Blockchain recommends the receipt of a
minimum of six confirmations to assure that the currency is not double spent. Various
exchanges grant a transaction approval after six confirmations to mitigate the double-
spending issue; nevertheless, attackers with 51% hashing power can keep building blocks
secretly at a faster pace and carry out double-spend regardless of the number of confirma-
tions set by the exchanges (Sayeed & Marco-Gisbert, 2019).

Distributed denial of service (DDoS)

A blockchain-based DDoS could occur if rogue wallets push a large number of spam trans-
actions to the network. This would increase the processing times, as nodes would be con-
sumed with checking the validity of the fraudulent spam transactions. In March 2016, the
Bitcoin network was slowed as a result of a Bitcoin wallet pushing a large volume of trans-
actions with a higher than average transaction fee. The high transaction fee incented the
miners to prioritize the fraudulent transactions.

Balance attack

In a balance attack, the attacker identifies subgroups of miners of equivalent mining

power and delays messages between them. After the attacker introduces the delay
between the subgroups, the attacker issues transactions into subgroup A. The attacker
then mines enough blocks in subgroup B to ensure that the subtree of subgroup B out-
weighs that of subgroup A. Even though the transactions of subgroup A are committed,
the attacker can rewrite the block that contains the transactions by outweighing the sub-
tree containing the transaction. In an example, let b2 be a block present only in the block-
chain viewed by subgroup B, but absent from the blockchain viewed by subgroup A. In the
meantime, the attacker issues transactions spending coins in subgroup A and mines a
blockchain starting from the block b2. Before the delay expires, the attacker sends their
blockchain to subgroup B. After the delay expires, the two local views of the blockchain
are exchanged. Once the heaviest branch that the attacker contributed to is adopted, the
attacker can reuse the coins in new transactions.

90
Eclipse attack

An eclipse attack involves the attacker targeting a specific node in order to cut off the tar-
geted node’s communications with other nodes. The targeted node would receive an
incorrect view of the blockchain, which the attacker is using either to segregate the tar-
geted node, or as a springboard for further attacks. It can be seen that an eclipse attack
might start the work towards a 51% attack. By isolating a group of rival miners from the
network, it enables the attacker to gain a larger percentage of the hash power. If user A is
the malicious actor, user B is the isolated node and user C is another network entity, then
user A would be able to send a payment to user C and then send the same transaction to
user B. User B is unaware that those funds have already been spent as all their outbound
connections route through user A who is able to suppress and manipulate the information
that user B receives. User B will accept the coins and only later, when they connect to the
“true” blockchain, will they find out that they have been lied to and in reality have
received nothing (Radix, 2018a).

Sybil attack

A Sybil attack is an attempt to control a peer network by creating multiple fake identities.
Fake identities may appear to be unique users, however, it is possible that a single entity
controls many identities. As a result, a single entity can influence the network because the
entity is working under many pseudonyms. Sybil attacks are subversive and easy to con-
ceal, and it can be difficult to tell when a single entity controls many accounts (Garner,
2018a). Both proof of work (PoW) and proof of stake (PoS) consensus mechanisms provide
some inherent defense against Sybil attacks based on resource demands. A Sybil attack on
a proof of work (PoW) consensus network demands a large amount of computing resour-
ces while a proof of stake (PoS) consensus network requires large amounts of the underly-
ing currency.

The first way to mitigate a Sybil attack is to raise the cost of creating a new identity. The
challenge is that there are many legitimate reasons, such as redundancy, resource shar-
ing, reliability, and anonymity, for an entity to have multiple identities (Garner, 2018a).

A second way is to require a form of trust before allowing a new identity to join the net-
work, for example, the implementation of a reputation system where only established,
long-term users can invite or vouch for new entrants to the network (Garner, 2018a).

The third way is to weight user power based on reputation. Users that have been around
the longest and proven themselves receive more voting power on communal decisions
(Garner, 2018a).

Criminal Activity

One of the fundamental aspects of blockchain is anonymity. As a result of this anonymity,

users can buy and/or sell any product or service, including ones that are illegal, with mini-
mal fear of being identified. Additionally, they are less likely to be subject to legal sanc-
tions.

91
 A Bitcoin user, for example, will have multiple Bitcoin addresses, and there is no connec-
tion to their real identity. Actual criminal activities with Bitcoin have included the follow-
ing.

• Pornography: In a study by Matzutt et al. (2018), files were discovered on Bitcoin that
contained objectionable content such as links to pornography. That data is distributed
to all Bitcoin participants. The security of a blockchain is based on the fact that past
entries cannot be altered, so, blockchain nodes may not be able to delete the objection-
able data. Yet, having the blockchain could potentially put those in possession of it in an
uncertain position that could be addressed differently by the laws of different countries.
• Ransomware: In 2014, ransomware CTB-Locker was spread as a mail attachment. The
victim had to pay the attacker a ransom amount in Bitcoin within 96 hours or lose files
that had been encrypted by the ransomware. In 2017, ransomware WannaCry affected
230,000 victims in 150 countries in two days, exploiting a vulnerability in Windows sys-
tems to encrypt users’ files and asking for a ransom in Bitcoin to restore access to the
files.
• Underground market: Bitcoin is a common currency in the underground market. Silk
Road was an anonymous, international online marketplace that used Bitcoin as its cur-
rency and was classified as the first modern darknet market, known as a platform for
the sale of contriband.
• Money laundering: With anonymity and a worldwide presence, Bitcoin and other cur-
rencies have become a platform for money laundering.
• Criminal smart contracts: Criminals can leverage smart contracts for illegal activities,
such as the leakage of confidential information, theft of cryptographic keys, and real
world crimes, such as murder, arson, terrorism, etc.

End User Security Concerns

Private key security

If a user loses their private key, it cannot be recovered. If the private key is stolen, the
user’s blockchain account could be tampered with by the criminal who stole the key.
Some digital wallet providers are providing key management services to minimize user’s
risks. These services depend on passwords and authentication, adding yet another area of
vulnerability.

Transaction privacy leakage

User behaviors can be inferred from the transactions conducted by the user. In order to
mitigate this, users are advised to assign a private key to each transaction so that attack-
ers cannot determine that transactions originated from the same user.

92
Platform Vulnerabilities

Blockchain code vulnerabilities

Like centralized applications, blockchain applications can unintentionally include coding

errors that introduce risks. For example, hackers exploited a coding defect in the source
code of the decentralized autonomous organization (DAO), a virtual organization using
smart contracts on the Ethereum blockchain. Ethereum tokens valued at over $50M were
stolen when attackers exploited an unforeseen flaw in a smart contract that governed the
DAO. The flaw allowed the attacker to keep requesting money from accounts without the
system registering that the money had already been withdrawn.

Node platform vulnerabilities

Blockchain applications run on general purpose operating systems and servers that are
subject to hardware and software vulnerabilities. Organizations need to treat these plat-
forms with the same level of care as a business critical computing resources and follow
generally accepted cybersecurity practices.

External Resources

Oracles

Centralized data sources can be tampered with and data can be manipulated. This “oracle
problem” can be mitigated by sourcing data from multiple nodes, verifying the nodes for
reliability and trust before including them in the blockchain network.

Internet of Things sensor data

Dubbed the 4th Industrial Revolution, the Internet of Things (IoT) consists of a vast net-
work of sensor nodes that will generate an unprecedented flow of global data. The ques-
tion is, how secure and trustworthy is the data? IoT devices are subject to significant
threats and security attacks.

There are a number of potential problems with IoT data, including:

• device connectivity,
• corruptible/spoofable device identity,
• the possibility to steal information from devices,
• hacking into devices and spoofing data, and
• physical tampering with devices.

Pollock (2018a) states that devices from well-known companies and other vendors have
serious breaches in their security systems with insufficient encryption and weak authenti-
cation requirements.

A number of recommendations have been made to further secure the data provided by IoT
sensors.

93
 • Device firmware hashing: Device firmware can be hashed into a blockchain on a contin-
ual basis, so that any change to the firmware state due to malware can alert device
owners.
• Device identity protocol: Each device has a blockchain public key. The devices encrypt
messages to each other (challenge/response) to ensure that the device is in control of
its own identity.
• Device reputation system: A reputation scoring ecosystem with third-party auditors.

4.3 Resolving Bugs and Security Holes

Inherent Blockchain Transaction Security

Blockchain technology inherently provides stronger security than traditional, centralized

computing.

Distributed ledger technologies increase resilience because there is no single point of fail-
ure. An attack on one or a small number of nodes does not affect the other nodes. They
are able to maintain ledger integrity and availability and continue transacting with each
other.

Enhanced transparency makes it more difficult for attackers who are using malware or
manipulative actions. Each node has an identical copy of the ledger so that participants
can detect the efforts of an attacker trying to corrupt or inappropriately modify the histori-
cal transaction record. The encryption technologies that blockchain applications use to
build and link blocks protects the individual transactions, the blocks, and the ledger as a
whole.

Consensus mechanisms protect new blocks by requiring network participants to validate

new blocks, both individually and with past transactions.

Good Practices

A number of good practices are recommended to mitigate many of the security concerns
of blockchain.

1. Key management
• stores keys securely
• uses multiple signatures when possible
• uses different keys to sign and encrypt
2. Privacy
• encrypts transactions
Sharding • uses sharding to allow specific transactions to be validated by specific entities
This is the act of partition- • uses pruning to remove data from the ledger at certain period of time
ing data to spread the
load. • encrypts the ledger with more than one key
Pruning 3. Code
This is the process of • conducts code reviews
removing non-critical
blockchain information to

94
 • applies software development life cycle principles have a lighter data foot-
print.
• does penetration testing
4. Consensus hijack
• monitors nodes to identify if one or more nodes increases processing power and is
executing a significantly high number of transactions
5. Reduce denial of service attacks
• restricts which nodes can offer new transactions for validation
• make it difficult for a node to issue a large number of transactions
• only accept transactions from authorized IP addresses
• have the possibility to block IP addresses as necessary
6. Governance
• uses smart contracts to allow certain entities to engage in certain activities

Automated Solutions

Companies such as AnChain.ai are creating products that address blockchain hacking
threats. AnChain.ai uses artificial intelligence to detect suspicious activity. Additional
products scan smart contract codes and uncover vulnerabilities that can be resolved
through code changes.

ChainSecurity offers automated Ethereum token auditing services to ensure that Ether-
eum smart contracts behave exactly as specified to keep funds secure and compliant with
exchanges.

Correction with a Hard Fork

A hard fork is a major change to the network’s protocol that makes previously invalid
blocks and transactions valid, or vice versa. A hard fork requires all nodes or users to
upgrade to the latest version of the software. One path follows the new, upgraded block-
chain, while the other path is the old blockchain, hence the term fork. After a short period
of time, those on the old chain will likely realize their version of the blockchain is outdated
and will upgrade to the new blockchain. Although many hard forks are initiated as a result
of implementation of improved features (for example, increasing block size or improving
scalability), hard forks are also necessary when correcting important security risks discov-
ered in the old blockchain.

For example, the Ethereum blockchain created a hard fork to reverse the hack on the
Decentralized Autonomous Organization (DAO). After the hack, the Ethereum community
almost unanimously voted in favor of a hard fork to roll back transactions made by an
anonymous hacker that siphoned off tens of millions of dollars of digital currency (Frank-
enfield, 2019).

95
 4.4 Long-Term Security
Blockchain as a Solution: Internet of Things

Internet of Things (IoT) is a fast-growing, cross-sector technology that may be enhanced

by blockchain technologies. Blockchain may offer security enhancements to IoT devices,
creating an internet of trusted things. Blockchain offers an IoT network, including the fol-
lowing:

• Device authentication: Devices can authenticate each other, ensure that communica-
tions with each other are valid, and detect and report rogue devices.
• Network resilience: Devices can determine what normal device behavior is, identify and
quarantine devices engaging in unusual behavior, and flag outlier devices for review
(Butcher et al., 2019).

One-Way Functions and Quantum Computing

Blockchain relies on one-way mathematical functions to generate digital signatures.

These one-way functions are straightforward to run on a conventional computer and diffi-
cult to calculate in reverse. One way that functions are used is to validate the history of
transactions in the blockchain ledger. The hash is easy to create, however, finding a block
that would yield a specific hash value would be quite difficult, time-consuming, and
resource intensive (Federov et al., 2018).

Quantum computers exploit physical effects, such as superpositions of states and entan-
glement to perform computational tasks. A wrongdoer equipped with a quantum com-
puter could use Shor’s algorithm to forge any digital signature, impersonate a user, and
appropriate their digital assets (Federov et al., 2018).

In 1994, Peter Shor, the Morss Professor of Applied Mathematics at MIT, came up with a
quantum algorithm that calculates the prime factors of a large number far more efficiently
than a classical computer. However, the algorithm’s success depends on a computer with
a large number of quantum bits. While others have attempted to implement Shor’s algo-
rithm in various quantum systems, none have been able to do so in a scalable way with
more than a few quantum bits (Chu, 2016). Some specialists believe that this ability is
more than a decade away, while other researchers believe that it could happen sooner
using quantum computational devices being developed by D-Wave, Google, and other
technology firms (Federov et al., 2018).

Quantum computers will find the hash solutions quickly, enabling the few miners who
have quantum computers to monopolize the addition of blocks to the ledger. These min-
ers could sabotage transactions using the methods previously identified in this unit (Fed-
erov et al., 2018).

96
Key Size and Quantum Computing

Post-quantum cryptography is the development of new cryptographic approaches that

can be implemented using today’s computers and will be resistant to attacks from tomor-
row’s quantum computers.

One approach is to increase the size of digital keys so that the number of permutations
that need to be searched using brute computing power rises significantly. For example,
doubling the size of a key from 12K bits to 256 bits squares the number of possible permu-
tations that a quantum machine would have to search.

Another approach involves coming up with more complex trapdoor functions that even a
very powerful quantum machine would struggle to crack. Trapdoor functions are mathe-
matical constructs that are relatively easy to compute in one direction to create keys,
while very hard for an attacker to reverse-engineer.

Researchers are working on a wide range of approaches, but need to find one or more that
can be widely adopted. The United States National Institute of Standards and Technology
launched a process in 2016 to develop standards for post-quantum encryption for govern-
ment use. It has already narrowed down an initial set of 69 proposals to 26, but says that it
is likely to be around 2022 before draft standards start to emerge (Giles, 2019).

SUMMARY
Blockchain networks are strongly secured by cryptography and hashing,
which provides the underlying security provided by digital signatures,
mining consensus mechanisms and Merkle trees, and the blockchain
components that ensure the immutability of transactional data.

Despite these strong security mechanisms, blockchain is still vulnerable

to security attacks. These attacks are generally categorized into three
groups.

Manipulation of the mining process, the miners, or the mining groups

has the potential to exploit vulnerabilities that make the normal mining
operations of other miners difficult and impede the confirmation proc-
ess of normal transactions. The potential result is transactions being
reversed, excluding, or modified ordering.

End user security concerns include security of the end user’s private key,
and the ability to identify a chain of activity to one source.

Platform concerns include code development and platform operational

vulnerabilities. The platform concerns are similar to those in a central-
ized environment and must be managed in a similar manner.

97
 Long term, blockchain environments need to position and improve
themselves to address improved computing platforms that speed up
processing capabilities. Faster platforms gives miners or mining groups
with nefarious intent the power over their miner peers and, therefore,
the ease by which to conduct security attacks.

98
 UNIT 5
BLOCKCHAIN AND DLT APPLICATION
SCENARIOS

STUDY GOALS

On completion of this unit, you will have learned …

– that blockchain offers many opportunities for implementations in the personal con-
sumer world as well as in industrial and governmental settings.
– about industries that have blockchain opportunities, including a summary of the
industry, opportunities for blockchain implementations, and examples of implementa-
tions.
– that personal identity and Internet of Things (IoT) are two areas that could underpin
blockchain implementations.
 5. BLOCKCHAIN AND DLT APPLICATION
SCENARIOS

Introduction
As a decentralized technology, blockchain offers itself as a platform for many solutions for
the personal consumer, as well as for the commercial environment. Finance, supply chain
management, healthcare, governmental transactions and smart cities, real estate, sports,
entertainment, vehicles, and more have functioned with increasing levels of automation
over the past 50 years; however, the automation has not necessarily kept up with the way
that consumers in the 21st century chose to conduct business.

Blockchain offers a way to conduct business in a manner that is secure, transparent, trace-
able, and immutable. Whether people or “things,” blockchain solutions safeguard identity
and leverage the value of data.

5.1 Benefits and Limits of Applying

Blockchain and DLT
Blockchain offers inherent capabilities that can potentially provide significant improve-
ment to the many functions of business and personal interactions.

Benefits

Blockchain is a distributed ledger. Participants in the network share the same data rather
than individual copies, which could potentially be different. The shared version of the
blockchain is updated through consensus, meaning that participants agree on the data.
Changing one record requires the alteration of subsequent records and the participatory
collusion of a sufficient number of rogue miners. As a result, data on the blockchain is
more accurate, consistent, and transparent than paper processes and some centralized
systems.

• Security: Transactions must be approved, encrypted, and linked to the previous trans-
actions/blocks before they are recorded on the blockchain.
• Transparency: Everyone involved has access to the same information, allowing trust
between participants without intermediaries.
• Protection: It is nearly impossible to alter or overwrite information on the blockchain
without the knowledge and agreement of the other parties, which results in the protec-
tion against fraud and disputes.
• Traceability: Blockchain is a permanent trail from the beginning of its creation that pro-
vides a full audit trail. Transactions written on the ledger cannot be undone.

100
• Reduced costs and increased efficiencies: Blockchain transactions can be direct transac-
tions between participants and can eliminate involvement and expense of third parties.
• Privacy: Blockchain transactions separate your identity from your transaction.

Limits

Security and privacy

The security of blockchain makes it a problem for privacy. The European Union’s General
Data Protection Regulation (GDPR), which became effective in 2018, and the California
Consumer Privacy Act (CCPA) of 2018 which became effective January 1, 2020, guarantee
that individuals retain a certain amount of control over personal data and information.
However, blockchain applications are intended to prevent individuals from changing data
within their digital ledgers. Article 16 of the GDPR grants the right to rectify personal data
retained by a person or entity that makes decisions about processing a data subject’s per-
sonal data. Article 17 grants the right to require the deletion of all personal data. Article 18
grants the right to place restrictions on the processing of personal data. The CCPA gives
the consumer the right to instruct a business not to sell personal information to a third
party, meaning that a business that tries to sell a blockchain network will have a difficult
time removing individuals from the chain (Cheng et al., 2018).

Pseudonymous

Identity on the blockchain is pseudonymous as a user’s pseudonym is their public

address, rather than standard identification data of name, address, phone number, etc.
The complicated public address masks the user’s identity. A user who uses the same pub-
lic address, however, makes it possible to tie together their transactional activity. It is rec-
ommended that each transaction uses a new address to avoid the linkage of transactions
to a common owner.

Throughput

The consensus mechanism for blockchain bottlenecks the scalability of blockchain. In

order to promote increased acceptance and adoption of blockchain solutions in industry,
scalability needs to be improved.

Storage

Blockchain is designed so that each node maintains a copy of the blockchain and the
blockchain contains every transaction from the beginning of time. This design requires
significant storage capacity and the associated costs to maintain same.

Cost

The cost of conducting business transactions on blockchain has fluctuated based on a

number of factors, primarily based on supply and demand of processing resources.

101
 Energy efficiency

Use of the proof of work consensus mechanism on many blockchain networks demands
an increasing amount of processing power resulting in consumption of a high amount of
electricity, and at a cost. This has resulted in the location of some of the largest nodes or
processing pools being in countries where electricity is less costly such as China and Vene-
zuela.

Regulation

Due to a lack of regulation specific to blockchain, scams, hackers, and other nefarious
activities result in an environment that is not without risk.

Industry Growth

A study conducted by PWC (2018) shows that financial services is the leader in blockchain
implementations. Manufacturing/supply chain, energy, and healthcare follow, with gov-
ernment, retail, and entertainment further behind. Although the later industries are not
considered leaders, they are actively pursuing opportunities that may make them leaders
in the not too distant future.

102
Figure 15: Blockchain Industry Leaders

Source: PWC, 2017.

In addition to industrial sectors, individual countries have given an indication of their pro-
jected growth of blockchain as a platform for their transactional activity.

103
 Figure 16: Blockchain Country Growth

Source: PWC, 2017.

Blockchain engagement has shifted and will continue to do so. Gartner forecasts that
blockchain will generate an annual business value of over $175B by 2025 and rise to over
$3T by 2030. A shift is currently being experienced. In 2017, 82 percent of the blockchain
use cases were in financial services, dropping to 46 percent by 2018. Industrial products,
energy and utilities, and healthcare are all expected to grow (Groombridge, 2019).

The early center of blockchain focus in United States and Europe is expected to shift to
China within three to five years (Groombridge, 2019).

Common Foundations to Support Use of Blockchain in Multiple Industries

Personal identity

Almost all of the industries that will be discussed in the upcoming sections require identity
authentication and authorization. Verification is a part of our worldwide commerce and
culture.

The current standard for personal identification leaves the opportunity open for identity
theft, sale of personal data, and more.

• Companies sell personal identity information. Personal information is a commodity.

The buying and selling of user data is instrumental to corporate marketing strategies.
• Identity theft happens when a fraudster gets access to personally identifiable informa-
tion (PII). These fraudsters might use the data directly or they may sell it to other par-
ties. PII data is highly valuable to different parties for different reasons.
• Excessive reliance on cloud storage sets the stage for security issues and vulnerabilities.

104
Solving personal identity with blockchain

Blockchain technology offers a platform where identity can be authenticated in an irrefut-

able, immutable, and secure manner. A universal blockchain identity could be accepted
wherever personal information is required. Blockchain provides technology to make self-
governing of identities possible, empowering individuals to fully own their identity infor-
mation. This reduces the spread of data across multiple centralized data stores and pro-
tects against identity theft.

Thing identity (or Internet of Things)

Identity management is also for devices. There are approximately seven billion internet
connected devices, a number that is expected to grow to 10 billion by 2020, and to 22 bil-
lion by 2025. IoT devices and objects include vehicles, appliances, sensors, monitors, and
more. While many consumers have internet-connected devices, such as appliances, in
their home, many industries and governments use IoT devices to improve operations
and/or provide a better environment in which to live and work.

The key challenges of IoT are the tracking and management of the individual devices, as
well as the collection and management of the tremendous amount of data generated by
the connected devices.

Solving IoT with blockchain

Blockchain technology can be used to track connected devices and process transactions
and coordination between the devices. A decentralized approach eliminates single points
of failure, creating a more resilient ecosystem for devices. The cryptographic algorithms
used by blockchains also keeps the consumer-related data more private. Top benefits of
decentralizing IoT include the following:

• Improved security: Distributed networks lack a single point of entry for hackers and
cryptography makes hacking very difficult.
• Tamper-proof data: DLT uses asymmetrical cryptography to timestamp and immutably
store IoT data and other related information on the ledger.
• Trustless: All parties and devices using IoT will use the distributed ledger to verify, and
smart contracts to automate, the processing of the data being captured by the many
devices.
• Autonomy: Smart devices can act independently and can monitor themselves to assure
the overall system of their health and connectedness.

IoT is a foundation for many industries to be discussed. The following is a list of the poten-
tial examples of IoT-based applications which will be described in detail in the next few
sections.

• Supply chain: Sensors on products and/or containers can provide end-to-end visibility
of the movement of products.
• Vehicles: Sensors in vehicles can provide a full record of the vehicle and the parts within
the vehicle. This will improve the way vehicles are bought and sold.

105
 • Energy: Connected devices can offer energy grid surpluses in a peer-to-peer environ-
ment.

5.2 Financial Services

Finance

Industry summary

Centralized banking is commonly understood. Fiat funds are deposited to a bank where
they are stored. Banks serve as an intermediary between their depositors and the funds.
The current centralized banking system is used for the following reasons:

• Efficiency: Convenient bank locations, web portals, and mobile apps allow customers to
bank anywhere, anytime. Banks also provide loans, debit cards, credit lines, and more.
• Security: Storing funds in a centralized bank insures funds against theft and fraud.
• Interest: Although interest rates are low, depositors receive a small amount of interest
reward for allowing the bank to hold and invest deposited funds.

Opportunities for improvement

There are opportunities in money management to eliminate overhead and increase effi-
ciencies. While it is unlikely that decentralized financial platforms will eliminate central-
ized financial platforms, blockchain platforms offer a way that banks can adopt decentral-
ized platforms and improve upon some of the following areas:

• Efficiency: Moving to a global economy, across time zones, there is a demand to

improve cross border transactions so that they can be executed in a timely manner.
• Security: Centralized banking systems are vulnerable because there is one institute with
controlled access to funds.
• Potential for increased value: The interest rates in mid 2019 were between one and two
percent. There is a potential for a higher return on investment for digital assets. Crypto-
currency value is determined by the use of the currency and the network. The higher
the demand, the more likely it is that the value will increase.
• Lower costs: Costs for transactions, specifically domestic or international wire fees, will
be reduced significantly.

Financial Applications

Know-Your-Customer

Know your customer (KYC) and anti-money laundering (AML) regulations are burdensome
for banks and insurance companies. KYC is the verification of the identity of the customer
to assess suitability and determine risk of illegal intentions. Each financial service institute

106
has to onboard each customer. With the use of a blockchain, a customer can be
onboarded once. Any financial institute that the customer is to engage with can request
access to the on-chain documentation.

Mutualizing financial transaction information and simplifying the KYC onboarding via a
distributed ledger, Goldman Sachs estimates that American banks can save $3—5B in AML
compliance costs. Elimination of onboarding duplication efforts, improved quality of data,
and improved security have been identified as significant benefits (Kehoe et al., 2019).

Cognizant and Indian insurers have combined to collect and share KYC data, IBM has part-
nered with HSBC, Mitsubishi UFG, and Deutsche Bank in a KYC platform, and the State
Bank of India (SBI) went live with a KYC system with a consortium of 27 banks (Mukherjee,
2018).

Blockchains can provide a transparent and accessible system of record for regulators.
They can also be coded to authorize transactions which comply with regulatory reporting.
For example, banks have reporting obligations to agencies such as The Financial Crimes
Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury.
Every single time they authorize a transaction of more than $10,000, they must report the
information to FinCEN, who stores it for use in an anti-money laundering database.

Global payments

Blockchain enables financial institutes to make cross-border money transfers, providing a

number of benefits which include:

• real time settlement of international money transfers,

• reduction of liquidity and operational costs,
• direct interaction between sender and beneficiary banks and elimination of the role of
correspondents, and
• smart contracts can capture obligations and drive reporting.

Distributed ledger technology (DLT) allows for oversight because the transactions on the
ledger are recorded and immutable. Blockchain allows financial institutions to create
direct links with each other.

The following figures show the current process and pain points, as well as the future
depiction using blockchain with the benefits.

107
 Figure 17: Global Payments: Current-State Process Depiction

Source: World Economic Forum, 2016.

108
Figure 18: Global Payments: Current-State Pain Points

Source: World Economic Forum, 2016.

109
 Figure 19: Global Payments: Future-State Process Description

Source: World Economic Forum, 2016.

110
Figure 20: Global Payments: Future-State Benefits

Source: World Economic Forum, 2016.

Included in the payment cycle is the clearing and settlement process. Financial institu-
tions conduct a complex reconciliation process for interbank transactions. The goal of the
process is to ensure that the banks are in agreement about the transactions conducted
over the day. It is estimated that the three-day clearing and settlement cycle loses $20 bil-
lion annually in associated costs.

Santander launched a blockchain-based service called Santander One Pay FX in 2018 to

make same-day international money transfers. As of mid-2019, only customers in the
United Kingdom and Spain can send money to the United States over One Pay FX.
Santander is planning to add Latin American countries to the network (Browne, 2018).

Money lending

Financial institutions are using blockchain to automate syndicated loans that are provided
by a group of lenders who work together to provide credit to a large borrower, typically in
excess of $1M or more. In 2018, three banks completed a syndicated loan of $150M to Red
Electrica, the Spanish grid operator, on the blockchain, demonstrating that transactions
can be simplified and made faster. The processing time was reduced from two weeks to
two days (Noonan, 2018).

111
 Credit reports

In order to make large purchases, one needs to establish credit and prove a credit score.
Credit bureaus such as Equifax and Experian have been acting in the capacity of interme-
diary for the sharing of customer data. Banks give the credit bureaus their customer infor-
mation for free and then have to purchase it back in the form of credit reports. As a result,
lenders are very interested in a peer-to-peer system that eliminates the middleman (the
credit bureau). Blockchain credit reports save time and money, as well as storing data on
the immutable ledger while protecting user identity, therefore eliminating the credit
report being kept on a central storage device at a credit bureau. Spring Labs is partnering
with 16 lenders to eliminate credit bureaus from their role in granting loans to individuals
and companies. This method of information sharing supports the credit application proc-
ess without sharing the identities of the lenders and customers (Leising, 2019).

Asset tokenization

Asset tokenization is the representation of assets in the form of tokens on the blockchain.
They are designed to be unique, secure, instantly transferable, and digitally scarce. Today,
third parties need to execute transactions between buyers and sellers, and parties need to
wait for resolution and pay the associated fees.

Tokenization of assets is the process of issuing a blockchain token (a security token) that
digitally represents a real tradable asset. The security token can represent a share in a
company, ownership of a piece of real estate, or participation in an investment fund. Toke-
nization gives the advantage of the following advantages:

• Greater liquidity: Tokens can be traded on a secondary market.

• Faster and cheaper transactions: Transactions are completed with smart contracts.
• More transparency: Token is capable of having the token-holder’s rights and legal
responsibilities embedded directly onto the token, along with an immutable record of
ownership.
• More accessible: Opens up asset investments to a wider audience as a result of reduced
minimum investment amounts and periods.

Future Opportunities

Automated compliance

Financial statements (balance sheet, income statement, etc.) could be produced in real
time with the potential for real time audits, enhancing compliance and regulatory over-
sight. Blockchain financial reports could be readily released to corporate management,
investors, and stakeholders. Regulators could access information in real time to under-
stand and address risks to financial markets.

112
Equity trading

Blockchain could participate in equity trading platforms to buy and/or sell stocks. Block-
chain and smart contracts have the potential to facilitate post-trade processes and reduce
settlement times. Doing so eliminates the wait time investors encounter when selling
stocks and awaiting access to funds for reinvestment or withdrawal.

Insurance

Industry summary

The insurance industry has been conservative and risk-adverse in its adoption of techno-
logical improvements. Insurance is protection against financial loss. An insurance policy is
a contract between the insurer, the insurance company, and the policyholder. The policy-
holder purchases a liability policy to protect their property, assets, and or self (life). Insur-
ance companies underwrite the policy to evaluate the risk being taken to provide the
insurance. The higher the risk calculation, the higher the premium.

Opportunities for improvement

The insurance industry has an extensive list of areas that could be improved including cut-
ting costs, increasing efficiencies, enhancing customer experience, and improving data
quality, collection, and analytics.

Research has shown that 46 percent of insurers expect to integrate blockchain solutions in
the next two years, and 84 percent believe that blockchain and smart contracts can revo-
lutionize their engagement with partners. Whether enhancing existing insurance proc-
esses (for example, paying claims) or enabling new insurance practices (shared database
between different insurers), blockchain solutions render savings, efficiencies, and other
benefits (Kehoe et al., 2019).

Ideas for improvements to the insurance industry with blockchain include the following:

• Streamline underwriting, claims, payment, and reinsurance processes. Smart contracts

may eliminate the need for a representative to make a claim as the smart contracts can
trigger actions automatically when a specific event occurs.
• Reduce fraud and expenses incurred with processing fraud. This is a saving of up to
$10B industry-wide, the savings of which will pass down to insurance customers (CBIn-
sights, 2019).

Vertical considerations

• Health insurance: Decentralized applications in healthcare can help match patients with
providers in their area and automate the coverage process.
• Automobile insurance: More affordable quotes and faster resolution of accident claims.
Less paperwork as all data related to previous damages and repairs to an insured vehi-
cle are accessible from the blockchain and makes estimation of actual cash value an
automated task.

113
 • Life insurance: DLT can combine the death claims and death registration processes
together with the insurance company, funeral home, government, and beneficiaries.
Event-based smart contracts can automate the processes between these parties.
• Travel insurance: Event-based smart contracts can use oracles to understand when pay-
ments for contracted coverage needs to be made.

Insurance claims

Insurance claims processing is complex and fraught with error. Insurance processors have
to manage fraudulent claims, fragmented data sources, abandoned policies, and more.

Smart contracts can automate the parameters of a policy and execute actions automati-
cally, dispersing funds when a valid claim is processed. The settling of claims can be
reduced from days or weeks to almost immediately without the need for paper documen-
tation and data validation. Historical blockchain information reduces the potential for
fraudulent claims.

Insurwave was launched in 2018 by EY and Guardtime in collaboration with other insur-
ance industry leaders, including Maersk, ACORD, Microsoft, MS Amlin, Willis Towers Wat-
son, and XL Catlin. This platform uses blockchain technology to support marine hull insur-
ance. A new vessel is registered onchain and a premium is set by an algorithm, followed by
policy documents automatically distributed to carriers.

Details about the ship’s travel is recorded in real time, from location to weather condi-
tions. When the ship moves through a risky area, this fact is recorded in its file and used for
future underwriting. Premiums are made more accurate, and claims can be assessed and
approved more quickly. Data quality is immeasurably improved, and the immutable
record of the ship’s life is accessible in real-time by various stakeholders for improved trust
and transparency (Kehoe et al., 2019).

Reinsurance

Reinsurance is when multiple insurance companies share risk by purchasing insurance

policies to offset potential loss in the case of a significant disaster. Blockchain can stream-
line information and payments between insurers and reinsurers.

The Blockchain Insurance Industry Initiative (B3i) was formed in 2017 by a number of
Europe’s leading insurance and reinsurance companies, including Aegon, AIG, Allianz,
Munich Re, and Swiss Re. The group was incorporated in 2018 and is now owned by 16
insurance market participants around the world. Over 40 companies are involved as share-
holders, customers, and community members. Since 2017, B3i has put together a smart
contract for property catastrophe excess-of-loss reinsurance that rapidly reconciles
accounts between an insurer and its reinsurers, without redundancy or latency. Following
an event, payouts are automatically calculated for the affected parties (Mukherjee, 2018).

114
Peer-to-peer (P2P) insurance

Peer-to-peer (P2P) insurance is when a group of individuals with some degree of affinity
(family, friends, business associates, etc.) team up and contribute to insure each other
against loss. If properly selective, this group can produce a lower loss ratio and hence a
lower cost for its members. Additionally, funds that are available in the pool at the end of
the coverage period can be refunded to the members. Blockchain can enhance the effi-
ciency and transparency of this model. Written premiums can be held in escrow on a
smart contract. Claims can be paid out from this smart contract when the correct digital
signature is applied. The smart contract’s code might designate that the signature must
come from a certain third-party assessor, but it can also require that signatures be
received from multiple members of the pool to validate the claim. Members can be confi-
dent in the voting mechanism as the blockchain maintains an immutable record of every-
one’s decision.

Teambrella is a DApp that seeks to enable self-governing user communities to cover each
other for loss. Teams manage all coverage functions, including setting coverage rules,
accepting new members, appraising claims, and approving “reimbursements.” Team-
mates make reimbursements from cryptocurrency wallets that they control. They under-
write new members, who pay premiums on the basis of perceived riskiness. A teammate’s
liability is never greater than the funds in his or her wallet, and no other member owes the
teammate more than that amount in the event of a claim. These rules are governed by
open-source code (Mukherjee, 2018).

Fraud mitigation

Fraud is a major concern in the insurance industry. False and exaggerated claims result in
higher costs being paid by the honest policyholders. Insurance fraud costs insurance com-
panies in Ireland approximately €200 million annually. In the United States, fraud costs
non-health insurance companies more than $40 billion per year. A blockchain-enabled
database would help insurers to eliminate double-booking or processing of multiple
claims submitted for the same accident, and it would establish ownership of high-value
items through digital certificates to reduce counterfeiting; and reduce premium diversion
(Mukherjee, 2018).

5.3 Supply Chain

Products

Industry summary

A supply chain is the movement of goods from point A to point B, how goods are sourced
and then distributed to the end user. Supply chain management is critical to keep the
movement of goods done in a time and cost effective manner.

115
 As interconnectedness of all forms has grown in the past decades, supply chain tracking
has failed to maintain parity with consumer demand for transparency in the sourcing of
goods. With over 20M containers in transit at any one time, transporting more than $20T of
merchandise per year, processes need to be improved upon (Strukhoff & Gutierrez, 2017).

Challenges include the following:

• Visibility: Ships often do not have the details of what is being transported.
• Speed: Due to time zones and logistics management, transactions across time zones
require third-party services.
• Counterfeiting and fraud: Global supply chains are not able to know the inventory and
quality of every item stored in locations out of their control.
• Financial: There is no linkage between trade finance and the physical transfer of inven-
tory.
• Expensive: All of the above challenges add to the costs, which ultimately are passed on
to the consumer.
• Paper-based processes: Lead to a lack of real time information and duplication of
efforts by banks, importers, exporters, and carriers.

Figure 21: Supply Chain - Current

Source: White, 2018.

116
Opportunities for improvement

Improvements to the supply chain industry with blockchain include the following:

• Traceability: Blockchain facilitates more transparent supply chain operations. Move-

ment of a product from one location to the next will be documented on the public
ledger. Customers will know exactly where goods have come from. Using embedded
sensors and RFID tags, product information can be tracked back to the origin of the
product.
• Transparency: Provide accurate information in real time and make it available publicly
for satisfaction of financial commitments as well as making it available to all involved
parties.
• Environmental: Sensors can capture the ambient factors (eg. temperature and humid-
ity) of the environment that the products are in.
• Inventory management: DLT is ideal to manage multiple products across multiple loca-
tions and share that information across multiple parties.
• Financial: Smart contracts allow for payment to be released upon certain conditions,
and/or to hold payment between parties in escrow. Escrow amounts can be released
after shipment has arrived and has been confirmed.
• Reduced carbon footprint: The reduction and prevention of errors allows for improved
efficiencies and less stock returned, resulting in greener transport.
• Cost: All of the above reduces the overall cost of moving materials. With fewer middle-
men, more reliable data, and faster operations, blockchain reduces the cost of supply
chain overhead.

117
 Figure 22: Supply Chain - Future

Source: White, 2018.

Supply chain implementation

To address the issues of inefficiency and to provide optimal document workflow, IBM part-
nered with Maersk in a partnership known as Global Trade Digitization (GTD), to provide
support for physical document scanning and maintaining compliance with SWIFT, the
global interbank financial transaction network. GTD is expected to save the trade finance
industry billions of dollars by digitizing the supply chain process from end-to-end in order
to manage and track the paper trail of tens of millions of shipping containers across the
world. Thus, it is supposed to enhance transparency and enable the highly secure sharing
of information among trading partners.

• The GDT platform is developed to enable real-time status visibility of each shipment,
reduce fraud and errors, improve inventory management, eliminate delays, etc.
• Intended to be integrated with already established trade systems, the GTD looks to pro-
vide trusted, tamper-proof, and cross-border workflows for digitized trade documents.
• GTD improves visibility with blockchain through a shared communication network.

118
Figure 23: GTD Improvements to Supply Chain Processing

Source: White, 2018.

Food supply chain

Expanding upon provenance tracking, and tracing food from its origin to the supermarket
allows for source of food-borne contaminants to be determined quickly.

IBM and Walmart are working together to digitally track food products from farm to store
shelves in Walmart and ultimately to consumers. Information is tracked along the entire
food supply chain, such as batch numbers, origination details, expiry dates, factory and
processing data, and shipping details. Walmart aims to reduce waste, deliver food to
stores faster, cut down on the cost of logistics, and better manage product shelf life (Joshi,
2018).

Using sushi as an example, if the fish was produced on a farm, the owner could upload
information about the farm itself, together with information about the people and fish
welfare. The blockchain could be used to record the food and water conditions. Fish
caught at sea could be tagged with information about the fishing method and storage con-
ditions. Similar information can be collected about the processing plant and transporta-
tion to the supermarket shelf. At point of purchase, scanning a smart label would give the
consumer ready access to this information (Tang, 2019).

119
 Chemical industry

Radio Frequency Identification Tags (RFID) tags, attached to goods or containers, docu-
ment the location and movement of goods along the supply chain.

Oracles can be used to gather and include information in the blockchain. Examples of ora-
cles might be electrical sensors, available environmental data, or other people who
deliver information from the physical world.

One of today’s challenges in the chemical industry is the growing need for battery storage
capacity, as a result of the growing demand for electric vehicles. Battery technology is
heavily dependent on rare materials such as cobalt, which is mined in regions with violent
conflicts and poor working conditions. Companies and regulatory authorities wish to pre-
vent the procurement of minerals from these areas. Deloitte has developed a solution
where RFID technology is used to tag objects moving the cobalt along the supply chain in
order to capture relevant events. Oracles are used for steps conducted by a camera or
human that can confirm the loading or unloading of materials. Together with measures of
probability and timestamping, the authenticity of the sourced cobalt is ensured with very
detailed information, captured on the blockchain (Tang, 2018).

Luxury goods

Louis Vuitton SE (LVMH) created a solution with technology partners so that consumers of
luxury goods can access product history from raw materials through to the point of sale,
allowing authenticity to be proven at the point of sale and beyond. During production,
each product is recorded on the shared ledger which is then made available to the pro-
duct’s consumer.

Automotive

The entire vehicle history could be stored on an immutable, tamper-proof blockchain to

make purchasing a used vehicle trustless, or to enhance the resale value of a new vehicle
with the complete documentation of all repairs on a car captured in a public ledger.

Energy and the Environment

Industry summary

Use cases for the energy industry are less recognized. However, the World Economic
Forum, Stanford Woods Institute for the Environment, and PWC, jointly released a report
identifying 65 existing and emerging blockchain use cases for the environment. These
include new business models for energy markets, real time data management, and mov-
ing carbon credits or renewable energy certificates onto the blockchain (Consensys, n.d.-
a).

120
Opportunities for improvement

Improvements to the energy industry with blockchain include reduced costs and environ-
mental sustainability.

Oil and gas are heavily concerned with privacy and trade secrets. Private blockchain net-
works can offer data permissioning and selective consortium access to pre-approved par-
ties (Consensys, n.d.-a).

Wholesale electricity distribution

Blockchain, combined with IoT devices, enables consumers to trade and purchase energy
directly from the grid rather than from retailers. Grid+ is a blockchain energy company
focused on wholesale energy distribution. Grid+ has identified retailers as the reasons for
inefficiencies in the consumer electricity market. Retailers own very little of the grid infra-
structure, but instead, they manage services that blockchain can replace, such as billing
and metering usage. Supplementing retailers with a blockchain-based platform has the
potential to reduced consumer bills by 40 percent while connecting users directly to the
grid allows them to buy energy at an even lower cost (Consensys, n.d.-a).

Peer-to-peer energy trading

A peer-to-peer market is a shared network of individuals who trade and buy excess energy
from other participants. The Australian-based company, Power Ledger, has linked com-
munities together to create microgrids. Microgrids, although a layer on top of a national
grid, can be separate and self-sustaining.

LO3 Energy teamed up with Siemens to create a pilot microgrid using blockchain technol-
ogy. Residents with solar panels can sell excess energy back to their neighbors in a peer-
to-peer transaction using blockchain (Power Technology, 2017).

Oil and gas segments

The upstream segment of the industry involves resource exploration and extraction
(national oil companies, oilfield services, large oil and gas companies, and independents).
The midstream segment is the storing and transporting of resources once extracted. The
downstream segment is the companies that refine resources into final products or sell to
end users, such as gas stations. Blockchain technologies across the entire life cycle allows
for multi-party data coordination and asset tracking. Smart contracts can replace the
time, energy, and money that is currently expended by all involved parties.

121
 5.4 Healthcare
Industry Summary

The centralized healthcare system as we know it today varies from country to country.
Most countries have a national healthcare system that distributes care centrally through
the government. In the U.S., there is a privatized for-profit health care system with govern-
ment programs for low-income individuals and the elderly. National healthcare systems,
government administered programs, and privatized for-profit healthcare all share similar
pain-points as a result of decentralization and outdated technology.

High administrative fees, overpriced testing, duplicate treatments, fraud, and low-quality
prevention methods make healthcare one of the most wasteful trillion dollar industries in
the world. Ad hoc billing and insurance costs alone in the privatized U.S. system are in the
billions. Other wasteful spending is due to poor patient outcomes and lack of preventative
health care.

Opportunities for Improvement

Improvements to the supply chain industry with blockchain include the following:

• Information sprawl: Important and private patient information is spread across multiple
facilities. Patients with multiple providers are often left to coordinate their own care and
ensure that information is shared between providers. In addition to information sprawl,
data quality is an issue with an estimate of up to 40 percent of health records containing
errors or misleading information (Stambolija, 2019). Blockchain could resolve the issue
of data sprawl by providing an environment for all data about the patient to exist in one
location which can be made easily accessible to providers on a permissioned block-
chain.
• General inefficiencies: From insurance companies to medical supply chains to provid-
ers, the outdated centralized systems of service do not support a patient’s ability to
obtain the best care at the best facility. It is estimated that $800 billion plus is spent on
duplicate services that are a result of nothing more than low-quality communication
between healthcare professionals (Blockchain applications in healthcare, 2019).

Electronic Health Records

Personal health records could be stored on the blockchain and made available only to
individuals that have been identified by the owner of the data. The health records can
include test results, surgeries, prescription drugs, healthcare supplies, etc.

Not just a data sharing issue, privacy of data and informational freedom are key. Data pro-
tection law within the EU will be harmonized through the new General Data Protection
Regulation (GDPR), which will make the requirements tougher for gaining permission to
have data. In the United States, the HIPAA (Health Insurance Portability and Accountability
Act of 1996) is United States legislation that provides data privacy and security provisions
for safeguarding medical information.

122
There exists the opportunity for blockchain to be implemented in a manner to enable the
storage of complete data records while preserving patient privacy and empowering
patients to determine who will have access to what data and when. In healthcare, solu-
tions in which patients themselves control who knows their identity, where to remain
pseudonymous, and which pieces of data to share are key. Storing patient data on block-
chain saves time and resources in health facilities which could be better used for patient
care and innovation. Estonia, one of the most digitally advanced countries in the world,
will use blockchain technology to protect citizens’ electronic health records (Basu, 2016).

Drug Traceability

According to the World Health Organization (World Health Organization, 2018) approxi-
mately ten percent of drugs circulating in developing countries are either of low quality or
counterfeit. Substandard and falsified medical products contribute to antimicrobial resist-
ance and drug-resistant infections.

A blockchain-based system can provide a chain-of-custody record to track each step of the
medical supply chain. The transparency ability of blockchain can identify the path of ori-
gin of the drugs, helping to eradicate the circulation of counterfeit drugs. Besides tracking,
the blockchain can ensure authenticity and facilitate safety recalls.

Incentivization

Smart contracts could enable micropayments to be made to patients to incentivize spe-

cific behavior. Smart contracts can be established to release rewards to patients for fol-
lowing a treatment plan, sharing their data for clinical research purposes, and/or achiev-
ing agreed upon goals.

Administration and Finance

Blockchain is characteristically based on a transactional model. This model is suitable for

facilitating the transaction (patient visit, medical test, etc.) and it can expedite the pay-
ment cycle of the insurance industry and healthcare providers. Claim accuracy can be
improved, reducing financial errors, delayed payments, fraud, miscoding of medical pro-
cedures, etc., improving the system, reducing financial mismanagement, and improving
the focus on providing the necessary level of healthcare.

For example, the act of a patient checking in for a clinic visit, or logging into a virtual
appointment online, could be confirmed by the health system’s financial or clinical sys-
tems. This transaction could be combined with others from the same clinic that day and
uploaded to a blockchain that is accessible to the health plan. An employee at the health
plan could see the completed transaction and reimburse the health system accordingly.
Claims review could be streamlined because encounter data would be accessible and
easily verified on a blockchain. Health systems and physicians could also connect with
health plans to determine information about a patient’s health coverage, or to verify
patient demographics.

123
 5.5 Governments
Industry Summary

Local, state, and federal government bodies, depending on the country, provide a lengthy
list of services for their citizens. These might include

• health and human services,

• public safety,
• transportation and infrastructure,
• public works,
• environment and natural resources, and
• education.

Providing these services to citizens assumes a knowledge of the population demographics

as well as the personal and private data of each citizen. Citizens need to conduct many
transactions with governmental bureaus. In many countries, the transactions conducted
for governmental purposes are still being done on systems that are quite outdated. Some
are manual, others are done on dated, siloed computer applications.

A smart city uses data and information technology to integrate and manage physical,
social, and business infrastructures to streamline services to its inhabitants while ensuring
efficient and optimal utilization of available resources. In combination with technologies,
IoT, cloud computing, and blockchain technology, governments can deliver innovative
services and solutions to the citizens and local municipalities (Consensys, n.d.-b).

Opportunities for Improvement

Improvements to government transactions with blockchain include the following:

• Transaction processing on a blockchain affords participants the transparency needed to

understand the progression of the transaction.
• Citizen data can be kept on the blockchain, and in a manner similar to that for health-
care interactions, citizens can share only the necessary personal data.
• Since governments are a common target for hackers. The personal data, together with
the transactional data, give a level of security and privacy not currently available in the
outdated systems.
• Improvements in these areas lead to opportunities to lower transactional costs and
improve the efficiencies of transactional processing.

Potential Applications

The blockchain ledger also provides a platform for “responsive, open data.” According to a
2013 report from McKinsey and Company, open data – freely accessible government-
sourced data that is available over the internet to all citizens – can make the world richer
by $2.6 trillion. Startups can use this data to uncover fraudulent schemes, farmers can use
it to perform precision farm-cropping, and parents can investigate the side effects of medi-

124
cine for their sick children. Right now, this data is only released once a year and is, largely,
non-responsive to citizens input. The blockchain, as a public ledger, can open this data to
citizens whenever and wherever they want (Casey & Forde, 2016).

Figure 24: Blockchain in Government

Source: Consensys, n.d-b.

Citizen records

Blockchain offers a more secure, tamper-proof storage for records such as birth certifi-
cates, marriage certificates, divorce records, death certificates, visas, property titles, and
more. The record management benefits both the government and the citizen, as they
would both have ready access to the records when needed.

Smart Dubai is a paperless initiative. Dubai is in the process of digitizing the 1 billion
sheets of paper that are produced each year by digitizing all services, including visa appli-
cations, bill payments, and license renewals. These previous records will now be securely
transacted using blockchain technology.

Voting process

Blockchain offers the ability to vote digitally. Votes made via blockchain could be stored
on the public ledger with verifiable audit trails. Companies have introduced voting sys-
tems that ensure that a vote is recorded once and only once, through the use of a token,
for a specific candidate by placing the token into the candidate’s wallet (Tatar, 2019). Voter

125
 apathy has seen the number of voters dwindle in recent years, even as it has become more
important to do so. By providing an irrefutable and easy way to vote from one’s phone or
PC, these numbers would likely rise. Even governments have a reason to change the status
quo: a single vote currently costs between $7.00 and $25.00, when all factors are consid-
ered. A blockchain product could cost just $0.50 per vote (Liebkind, 2019b).

Weapons tracking

Blockchain could provide a transparent and immutable registry that allows government
agencies to track gun and weapon ownership, as well as to track the provenance of weap-
ons as they are sold privately.

Education

Blockchain can be used to create a student database of information that can collectively
simplify the enrollment process of students between primary and secondary schools. Fur-
thermore, the tracking and/or accommodations needed for underprivileged or disabled
students will be available from a secure environment.

5.6 Real Estate

Industry Summary

The real estate industry is a $217T global industry, including the development, appraisal,
marketing, selling, leasing, and management of commercial, industrial, residential, and
agricultural properties. This industry can fluctuate depending on the national and local
economies, although it remains somewhat consistent due to the fact that people always
need homes and businesses always need office space (Vault, n.d.).

Residential real estate is the most common type of real estate activity, consisting of hous-
ing for individuals, families, or groups of people. Commercial property refers to land and
buildings that are used by businesses, such as shopping malls, office buildings, etc. Indus-
try real estate refers to land and buildings used by industrial businesses for activities such
as factories, warehouses, etc.

Real estate development involves the purchase of land, and the construction and renova-
tion of buildings before the sale or lease of the finished project to the end users. Sales and
marketing firms work with developers to sell the properties they create. A real estate bro-
kerage is a firm that facilitates the transactions between buyers and sellers/lease, repre-
senting each party and helping to achieve the best possible terms. Property management
firms help real estate owners rent out properties in their buildings. Often, their role
includes rent collection, repairs, and managing tenants. Lenders support the process, pro-
viding debt to finance real estate development and real estate purchases.

126
Opportunities for Improvement

The real estate industry is behind when it comes to adopting new technology and still has
a considerable amount of paper-based activity. Blockchain has the potential to reduce
paper transactions, track ownership, improve efficiencies, and reduce costs across the
many real estate activities conducted.

Some of the challenges with real estate activities that can be addressed by blockchain are
as follows:

• Fraud: Rentals experience a high degree of fraud. Potential tenants share selective infor-
mation with landlords, who may not have chosen to rent had they known the full back-
ground of the tenant. Meanwhile, landlords share selective information with prospec-
tive tenants, who may not have chosen to rent the property had they known its whole
history.
• Time intensive: Inspections, contingencies, loan approval, and all the necessary paper-
work is time intensive for the buyer, seller, their respect agents, and multiple third par-
ties.
• Financing lag: Securing loans, especially for those with limited or bad credit history, can
be a time-consuming, paper-intensive process. Often, buyers need to approach multiple
lending institutes. In all cases, the lenders need to be provided with the financial history
and activities of the buyer.

In all of these scenarios, blockchain offers the following:

• Smart contracts: Smart contracts can automate the processes from the purchase agree-
ment, inspection and other contingent approvals, financing, through to the settlement
and payment of involved parties.
• Secure data
• Shorter processing time: Fewer intermediaries, faster settlement times
• Global access: Ability to make real estate transactions borderless, building the paper-
work specific to the locale into the smart contract logic.

Potential Applications

Titles

A tangible or intangible property, such as houses or property titles, can have smart tech-
nology embedded in them. Such registration can be stored on the ledger along with con-
tractual details of others who are allowed ownership of this property. Smart keys could be
used to facilitate access to the permitted party. The ledger stores and allows the exchange
of these smart keys once the contract is verified. The decentralized ledger also becomes a
system for recording and managing property rights as well as enabling the smart contracts
to be duplicated if records or the smart key is lost. Making property smart decreases your
risks of running into fraud, mediation fees, and questionable business situations. At the
same time, it increases trust and efficiency (Rosic, n.d.-a).

127
 Blockchain would replace paper deeds with true digital assets and track these documents
on an immutable ledger.

The blockchain results in a digital property history database that is current and transpar-
ent. This helps to track the history of repairs and issues that can improve resale value and
make buyers aware of any history of problems with the property.

SMARTRealty uses smart real estate contracts to enact and maintain property purchase
and rental agreements. Whether it’s paying rent, establishing mortgages or purchasing a
home, the company’s smart contracts help to establish protocols that, if not met, immedi-
ately dissolve a contract (Daley, 2019).

Real Estate Investment Trusts (REIT)

REITs are companies that own or finance income-producing real estate. Many REITs trade
on major stock exchanges, offering benefits to investors. Smart contracts could execute
upon event, from shareholder communication to dividend distribution, according to pre-
determined conditions. REITs can crowdfund using digital Initial Public Offering (IPO)s.
Investors can receive funds in a timely manner without waiting for the REIT to make good
on paper contracts.

Tenant identity

Blockchain-based digital identity is also valuable in the real estate sector. Landlords need
to conduct background checks on their tenants, and tenants want to know the reputation
of the landlord. Identities on blockchain allow know your customer (KYC) procedures for
background checks, increasing thoroughness, reducing paperwork and costs, and increas-
ing security.

Payments and leasing

Leases can be signed and paid on-chain, while allowing dividends and payments to be
automatically distributed to the investors or property owners. ManageGo is leveraging
blockchain for rental property owners. The ledger-backed software helps property manag-
ers and owners process payments, thoroughly complete credit background checks, and
manage maintenance ticketing. DLT is helping owners get a more transparent, thorough
view of payment history and renter backgrounds (Daley, 2019).

Escrow

Smart contracts can serve as escrow, creating a repository for funds which will be released
when triggered by confirmation of an event to release the escrow. For example, security
deposits can be held for the duration of the lease and returned at the end when the par-
ties confirm that the property is as expected.

128
Reasi is an end-to-end real estate transaction platform featuring secure and seamless
escrow. Instead of relying on third parties, real estate agents can use Reasi’s blockchain-
based escrow platform to expedite the real estate buying and selling processes (Daley,
2019).

Managing commissions

Smart contracts can assist in the distribution of funds for commission purposes. Often
there are four parties involved in commissioning, the real estate broker who lists the prop-
erty, the listing broker’s office, the real estate broker who sells the property, and the sell-
ing broker’s office. Automated commission splitting at conclusion of the real estate trans-
action allows for the prompt payment of funds.

5.7 Sports and Entertainment

Sports

The sports industry offers a number of opportunities in which blockchain could add value.

• Fan identity: Extended personal identity to a fan profile gives sports organizations more
KYC data about their fans to drive engagement and revenue.
• Memorabilia authentication: In the same manner as real estate and supply chain, block-
chain can be used to track and expose the provenance and authenticity of sports mem-
orabilia.

Gaming and eSports

Blockchain-based games can be created so that tokenized digital assets can be traded
within the game or winnings can be traded eternally on the public market.

Tokenization also allows the public to buy shares in teams represented by tokens, opening
ownership slices to the fanbase while raising funds separate to the traditional corporate
sponsors.

Music

Key problems in the music industry include ownership rights, royalty distribution, and
transparency. The digital music industry focuses on monetizing productions, while owner-
ship rights are often overlooked. The blockchain and smart contracts technology can cir-
cuit this problem by creating a comprehensive and accurate decentralized database of
music rights. At the same time, the ledger can provide transparent transmission of artist
royalties and real time distributions to all involved with the labels. Players would be paid
with digital currency according to the specified terms of the contract (Rosic, n.d.-a).

129
 In a world with growing internet access, copyright and ownership laws on music and other
content has grown hazy. With blockchain, those copyright laws would be considerably
stronger for digital content downloads, ensuring the artist or creator of the content being
purchased gets their fair share. The blockchain would also provide real-time and transpar-
ent royalty distribution data to musicians and content creators (Rosic, n.d.-a).

Blockchain offers the opportunity to do the following:

• Redistribute power: Smart contracts can automate payment distribution and royalty
directly to artists, with tokenized music platforms that run on a blockchain and with
blockchain-based copyright procedures.
• Revenue: Funds can be held in a smart contract on the blockchain and automatically
released to the artist based on a particular event. Blockchain is also a means for artists
to revenue share. The smart contract can release funds in real time based on the param-
eters of the agreement built into the smart contract.
• Digital rights management: The blockchain can authenticate and validate copyrights,
bringing a new level of transparency to what usually is centrally controlled information.
Distributed ledger technology software can verify creation with timestamps, publicly
allowing musicians to immutably brand tracks as their intellectual property.
• Piracy prevention: As an extension of digital rights management, tracks or albums can
be represented with a virtual watermark to indicate copyrighted media. Illegal distribu-
tion or use can be dealt with quickly.

5.8 Vehicles
Volkswagen has become one of the leaders in the implementation of blockchain solutions
in the industry of vehicle manufacturer, maintenance, and operation. Supply chain discus-
sions cover the provenance of parts and of the vehicle itself. Financial services discussions
cover the loan cycle in order to afford the vehicle and the government discussions cover
the myriad of registration, licensing, and taxing of the vehicle. However, there are many
more opportunities.

Mileage Clocking

Volkswagen AG is currently testing three concrete potential applications for distributed

ledger technology. A mileage clocking system is the first application being created. The
system makes it hard to manipulate odometers, because every odometer reading can be
saved permanently using a sophisticated system. Thus, the used car market becomes
more transparent and secure for Volkswagen cars, which helps Volkswagen vehicles better
retain their value. Customers can save their odometer readings in a distributed ledger sys-
tem at regular intervals. The data cannot be changed retroactively without somebody
noticing that they have been manipulated (Volkswagen, n.d.).

130
Virtual Key

In a second area of application, Porsche is developing a blockchain model that is better

than conventional systems at protecting cars from hackers. It enables Porsche owners to
give other individuals, such as parcel delivery personnel, a virtual key to open or even use
their car (Volkswagen, n.d.). The car-key may be outfitted with an immobilizer, where the
car can only be activated once the right protocol is tapped on the key. A smartphone will
also only function once the right PIN code is typed in. Both use cryptography to protect
your ownership.

Vehicle Communication Management Sharing

The use of blockchain technology is the latest innovation in the movement to vehicle-to-
vehicle (V2V) communications. The Federal Communications Commission set aside the
5.9GHz band for Dedicated Short Range Communications (DSRC) systems nearly two dec-
ades ago. The National Highway Traffic Safety Administration first issued a notice for rule-
making in 2014, and if rulemaking goes forward, all carmakers could be required to install
DSRC systems as soon as 2020. Considering the ability for V2V communications to save
lives, automakers are jumping ahead of potential mandates by voluntarily adding DSRC to
their vehicles (Linnewiel, 2018).

When fully implemented, a car would almost instantly know when another driver slam-
med their brakes, even if the other car was around a corner or two vehicles ahead. Vehi-
cles could navigate and ensure safety based on the location, direction, speed, brake sta-
tus, and other information available from other cars, as well as data from the
infrastructure, such as traffic lights and toll booths. Blockchain technology would add
trust to a so-called vehicle-to-vehicle network (Linnewiel, 2018).

Electric Vehicle Charging Management

An application of blockchain based P2P smart contracts is P2P electric vehicle (EV) charg-
ing. A key challenge to the widespread adoption of electric vehicles (EVs) is range anxiety.
Significant EV prospects have this fear of running out of battery power on long distance
commutes where there is no electric car charger available. Long distance trips have to be
planned carefully to ensure the availability of charging stations, and charging time needs
to be built in the commute. Lack of easy availability of charging infrastructure compared
to fossil fuel is often a key deciding factor for vehicle buyers. More and more efforts are
being made to install charging infrastructure. The installed base of various types of charg-
ers is increasing globally in high EV concentration countries (Linnewiel, 2018).

Volkswagen Financial Services is conducting a pilot study in Great Britain to test a block-
chain model that streamlines business contact between providers and customers of elec-
tric charging stations. “Different providers have different terms and methods of payment,
which can often make it complicated for customers to charge their electric vehicles. We
want to make this easier and improve the customer experience with a new technology,”
says Tobias Lipfert from Volkswagen Financial Services AG (Volkswagen, n.d.).

131
 An alternative solution is emerging to tackle this lack of charging infrastructure. Block-
chain based applications are enabling individuals to share their private EV chargers with
others. Using P2P EV charging platforms, private owners can make their chargers available
to the public during the times that they are not being used. In return they can earn some
cash on the side from their idle charger by increasing its utilization. Drivers of EVs can, at
any location, look for available chargers in the vicinity and charge their cars before they
run out of battery power (Linnewiel, 2018).

Automotive Maintenance Records/Recalls

In the automotive industry, millions of vehicles, OEM, and aftermarket parts are being digi-
tized to ensure smooth maintenance and services, assessment of fair market value, insur-
ance coverage, transfer of vehicles when bought and sold, and to prevent fraud.

Each vehicle has a unique fingerprint to prove its provenance and that of its components
when they wear out and fail. The unique identifiers track the source where the vehicle was
built, ensures year-make-model, trouble codes, maintenance requirements, and service
history are instantly available to dealers and service centers so that they can have the
right products available when vehicles arrive at their nearest location for an oil change,
repair, or maintenance work — all this is made possible by SHIFTMobility automotive
blockchain technology (Elliott, 2018).

Designed specifically for the automotive supply chain, this innovative technology is used
to store and record digital documents and transactions such as sales deed, title, insur-
ance, proof of ownership statement and receipts. Each block of data is cryptographically
linked to another on the blockchain to make it tamper proof, and is further enhanced by
algorithms and digital signatures for transport over peer nodes on the main network.
Blocks are automatically delivered to consumer accounts as new data is added, providing
a complete audit trail of transactions as they take place. Consumers can also add receipts
to the blockchain using their smart phones. When the vehicle is transferred, it is easy to
swap the complete history to the new owner (Elliott, 2018).

SUMMARY
The benefits of blockchain have been discussed in detail, together with
the limitations caused by the newness of the technology. Sound assess-
ment of potential blockchain-based applications could lead to solutions
that reduce costs, significantly improve processing time, increase trans-
parency, and produce a decentralized model that ensures immutability
of transactional data.

Finance, insurance, healthcare, governments, and real estate are all

industries that have implemented either full or pilot solutions. They are
starting with a limited number of use cases and will seek to expand as
each one is proved successful.

132
Vehicles, sports, and entertainment, as well as the use of personal/
household sensors and devices, are personal/consumer-oriented block-
chain solutions implemented by their respective industries.

133
 UNIT 6
DEVELOPMENT OF BLOCKCHAIN AND DLT
APPLICATIONS

STUDY GOALS

On completion of this unit, you will have learned …

– how to assess whether blockchain is the best technology for the proposed application.
– which factors should be considered when selecting a blockchain platform for the solu-
tion.
– about specific leading platforms and how they measure up to the factors to be consid-
ered.
– about considerations for specific components of the solution design.
 6. DEVELOPMENT OF BLOCKCHAIN AND
DLT APPLICATIONS

Introduction
Enterprise creating technology solutions for business needs should add blockchain as a
potential technology platform. Before any technology platform is considered, the busi-
ness requirements need to be identified and assessed. This unit will present the factors
that should be considered before determining a technology platform. That technology
platform may be blockchain. If so, a number of specifics need to be assessed before
selecting the best blockchain platform on which to develop and implement the solution.
That assessment requires a joint understanding of the business requirements as well as
the technical requirements and constraints.

Once the foundation on which the solution will be developed and implemented has been
established, the solution architecture for the project needs to be designed. It will include
detailed decisions on the blockchain nodes, data storage, APIs, user interface, and smart
contracts.

Although some of these steps are conceptually similar to those of centralized applications,
there is a deep understanding of blockchain concepts that is necessary to ensure success
and acceptance of blockchain-based solutions.

6.1 Architecture of Blockchain and DLT

Applications
Distributed Systems

A distributed system is a group of computers working together to appear as a single com-

puter to an end-user. The group of computers have a shared state, operate concurrently,
and can fail independently without affecting the whole system. A distributed system
allows for horizontal scaling (adding more computers) and scaling vertically (upgrading
individual computers). Distributed systems might include distribution for one or more
domains.

• Distributed computing: Splitting a task over multiple machines.

• Distributed databases and file systems: Storing and accessing data across multiple
machines.
• Distributed applications: Application running on a peer-to-peer network.

Architects of new applications must give careful consideration to the best architecture for
the database, application, and infrastructure to support the application.

136
Distributed Ledger Technologies

Distributed ledger technology (DLT) is a distributed system, and it includes more than just
blockchain. The directed acyclic graph (DAG) is another form of a DLT.

Directed acyclic graph

Directed acyclic graph (DAG) is an alternative to blockchain technology. In a DAG system,

there are no miners and no blocks. Participants confirm each other’s transactions via a
process that confirms previous transactions with each new transaction. In DAG technol-
ogy, each new transaction confirms at least one previous transaction (Khaleelkazi, 2017).

DAGs are well-suited to high transaction volumes. The higher the volume of transactions,
the faster a DAG validates them. DAGs eliminate the need for miners and mining equip-
ment, meaning lower energy consumption (Thake, 2018). Because DAG does not create
blocks, there is no limiting block size issue.

However, a reduction in the volume of transactions may cause a vulnerability to attacks.

To mitigate this risk, DAG projects have included centralized component systems such as
central coordinators and pre-selected validator or witness nodes (Thake, 2018).

Since DAG moves data quicker and at less cost, applications that require scalability might
be better suited to DAG technology. For example, P2P energy trading requires a large
amount of low-value micro transactions, which would not be economically feasible on
blockchain because of the transaction costs. Concluding the sale of a house where speed
and transaction fees are less important while security is more important lends itself to
being conducted on blockchain (Hofer, 2019).

Whether DAG or blockchain, the technology choice depends on the use case. Both systems
will co-exist, but the technology decision needs to be determined based on what is best
for the application.

Initial Assessment of Blockchain as the Appropriate Architecture

As with the development of a solution for a business problem, the first step is to under-
stand the business requirements from the involved business participants. Typically, a
business requirements document is established which ensures that the business stake-
holders are in agreement about the needs of the business and to provide a baseline for
communications throughout the project.

The technology participant, typically an architect, will consider the potential technology
platforms and architectural patterns to create a solution for the project. The primary con-
siderations will be described below the following diagram.

137
 Figure 25: Initial Assessment of Blockchain as Technology

Source: Kashyap, 2019.

If data is central to an organization (OrgA), and there is not a need to share the data with
other organizations (OrgB), then the application is probably not a good candidate for
blockchain. For example, a human resource application that captures employee data is an
internal application that is better developed on a centralized internal system. In compari-
son, OrgA’s business needs to understand the sourcing of materials for their final product,
which lends itself to a potential blockchain solution.

If the other organizational participants (OrgB, OrgC, etc.) have complete trust in the IT
applications and data of OrgA, then a more traditional approach of a centralized internal
system with an integration platform that broadcasts data transactions or APIs to access
needed data, are much more suitable solutions. For example, if OrgA uses a SaaS solution,
an API might be used to regularly read new prospect data and use it to populate a local
database for reporting. In this case, OrgA owns the data in the SaaS solution, and the SaaS
vendor provides the API to OrgA as they have a trusted relationship. In comparison, OrgB,
OrgC, etc., do not have an established technology trust relationship with OrgA, as the sup-
pliers for component materials may change on a regular basis.

138
If a transactional audit trail from the conception of the application does not need to be
retained and made available to both companies, or if data needs to be immutable, then a
shared database should be considered. If a shared database is acceptable, then block-
chain is not the best solution. If a shared database is not acceptable, then blockchain is
the better solution.

If all of these criteria have been satisfied, clearly a shared and visible transactional history
is needed. If a centralized ledger is acceptable, then explore solutions other than block-
chain. If a centralized ledger is not acceptable, then blockchain is the better solution.

Detailed Assessment of Blockchain as the Appropriate Architecture

Figure 26: Detailed Assessment of Blockchain as Technology

Source: Naab et al., 2019.

Data integrity

In the identification of requirements for a technical solution, the following factors should
be considered.

139
 • Data integrity must be more important than system performance. At this time, in a solu-
tion that has a high transaction count, a blockchain-based solution will not have a
throughput performance that matches that of a standard database management sys-
tem (DBMS).
• The mechanisms of blockchain make it computationally hard, but not impossible, to
alter the data in the blockchain retroactively. If an application, such as one that has
legal restrictions, requires a guarantee of data integrity, it may require a centralized
level of control and may not allow for the use of blockchain as a solution.
• In the same manner that it is almost impossible to alter data in the blockchain retroac-
tively, if the application is one that will require modifications to previously-recorded
transactions, blockchain may not be acceptable (Naab et al., 2019).

Scalability

• If the application is one that is intended to scale up or down to allow for a change in the
number of participants, blockchain technology allows for an increase or decrease in
peer nodes without the investment typically required by an application in a centralized
infrastructure environment.
• As previously stated, the expected transaction count and the required processing level
have to be considered for scalability purposes (Naab et al., 2019).

Data transparency

• As defined, blockchain-based solutions are defined by the visibility of all data to all par-
ticipants written to the ledger by pseudonymous participants. When designing a solu-
tion the visibility of data and the awareness of participants need to be implemented
explicitly in the solution.
• Legal requirements, such as those in the European General Data Protection Regulation
(GDPR, in German called DSGVO), which entitles users to demand deletion of their per-
sonal data, must be considered. As defined, blockchain data persists. When designing a
blockchain-based solution, this needs to be considered in the design of the solution
(Naab et al., 2019).

Reliability and availability

• The definition of requirements will indicate the necessary level of system availability. As
defined, blockchain is replicated among the peer machines, resulting in a high level of
availability. If a server or two in the network are unavailable, this will not affect transac-
tion processing. The reliability and availability that come with blockchain provide a sig-
nificant advantage over applications that need to be deployed in a centralized environ-
ment that is assured of a high availability.
• In the case of a public blockchain, the future needs to be considered. What happens
when a cryptocurrency (such as bitcoin) is replaced? Will applications built on that
blockchain become unavailable? Will data be lost?
• Also in the case of a public blockchain, the beginning also needs to be considered. How
does a critical mass of users get built to support the application to ensure sufficient par-
ticipants and nodes, to ensure trust and reliability in the application (Naab et al., 2019)?

140
6.2 Platform Considerations
Based on the previous section, the prerequisites that have been satisfied include the iden-
tification of the business need and requirements, an understanding of the solution scope,
and a determination that blockchain is the best technology for the solution to be designed
(Jenks, n.d.). Many other factors need to be considered and questions remain to be
answered. The following section discusses the factors that must be considered when
selecting an appropriate platform.

Participants

Nodes

The size of a blockchain network is typically referred to by the quantity of nodes in the
network. A node could be a computing device, including large devices such as servers in a
computer center to small devices such as a cell phone. The compatibility and value of the
network is dependent upon the chosen blockchain platform. For example, the Bitcoin con-
sensus algorithm is so computationally intensive that small computing devices would not
be of value to the network.

Calculating the number of nodes required to support the application’s user base is diffi-
cult. Each leading platform offers benchmarks of the volume and speed at which transac-
tions can be processed (transactions per second [tps]). However, the speed of a quantity
of transactions as compared to the number of nodes rarely includes an understanding of
how the nodes are being used and the latency introduced by the location of the nodes
(Kashyap, 2019).

Clients

While nodes are the computers where the majority of the processing occurs, the clients
are the users, whether human or automated, that generate transactions for processing.
The number of clients that a node can service is a complex calculation that includes the
consensus algorithm, complexity of transactional processing, location of nodes, location
of clients, speed of the internet, and more (Kashyap, 2019).

Public, Private, Permissioned

In addition to understanding the number of participants, it is necessary to understand the

roles of the participants. Are participants business partners, regulators, competitors, etc.?

Based on the roles of the participants, the network may be designed as public or private,
permissioned or non-permissioned.

141
 Figure 27: Public, Private, Permissioned Assessment

Source: Created on behalf of IU (2023)., based on Thota, 2018.

Public blockchain

Some blockchain networks are open to the public while others have limited access, known
as private blockchains.

Public blockchains are completely open. Anyone can participate in the network and there
is usually an incentive mechanism to encourage more people to join. Public chains are
decentralized, so no one has control over the network, anyone can read the chain and
write new blocks onto it. Bitcoin is the most well-known example of a public blockchain.
Highly regulated industries like healthcare or finance should be concerned with the pri-
vacy and compliance implications of a public blockchain as data confidentiality is not 100
percent guaranteed (Kashyap, 2019). Issues with a public network are that there is a lack

142
of complete privacy and anonymity, resulting in weaker security of the network and the
participant’s identity. Public blockchains are more susceptible to malicious activities such
as hacking and token stealing (Seth, S., 2018).

Private blockchain

Private blockchain networks are by invitation-only. New nodes must be approved by those
who started the network. Read, write, and audit permissions need to be granted, as
desired, to the clients (or participants) in the network. In a private blockchain, the owner
or operator of the blockchain controls can participate in the network, execute the consen-
sus protocol that decides the mining rights and rewards, and maintain the shared ledger.
The owner or operator also has the rights to override, edit, or delete entries on the block-
chain as required (Seth, S., 2018).

Private blockchains satisfy requirements for highly regulated industries that need to com-
ply with policies and regulations such as the Health Insurance Portability and Accountabil-
ity Act (HIPAA), know your customer (KYC), and anti-money laundering (AML) laws.

Permissioned blockchain

A permissioned blockchain, also known as consortium or federated blockchain, is a type

of private blockchain that is a hybrid between public and private blockchains. A permis-
sioned blockchain allows a combination of the capabilities of public and private block-
chains. Options allow for participants to join the permissioned network after suitable veri-
fication of their identity, as well as allocation of select and designated permissions to
perform certain activities on the network (Seth, S., 2018). For example, in a supply chain
use case, only certain companies would participate. Each participant in the supply chain
would have permission to execute transactions. How that data is shared among the partic-
ipants is specified in the rules (or permissions) as to how the blockchain functions and
who can see what data (Kayshap, 2019).

Consensus

Blockchains must reconcile transactions to maintain a single version of truth. At the time
of writing this document, Ethereum uses a proof of work (PoW) algorithm (soon to switch
to a hybrid proof of work/proof of stake algorithm called Casper). PoW ensures a high level
of immutability and transparency. With the variety of consensus mechanisms available
today, some algorithms may have more fine-grained approaches that offer better per-
formance and privacy (ACT IAC, n.d.).

Consensus algorithms

Consensus algorithms describe the rules and reward mechanisms that incentivize people
to use a blockchain network. The implication is that distributed systems must be designed
to provide enough benefit to their users, while maintaining a relatively fair and untam-
pered track record, until it’s worth the risk to the user.

143
 Consensus algorithms minimize risk to the blockchain network. With proof of work (PoW),
the mathematically intense demands minimize risks as a result of the computational
resources required, while proof of state (PoS) requires miners to risk money, therefore
reducing the likelihood that they would tamper with the system (Oza, 2018).

Security Considerations

Data protection

Sometimes, users will want to show that they have the correct private information with-
out sharing the actual data.

To prove that data exists without revealing it, you can use a cryptographic hash to create a
unique tag for that data. Cryptographic hashes are one-way streets; you can easily use the
data to recreate a hash, but you cannot use a hash to recreate the data. Anyone else with
that data can use the same algorithm to generate the same hash, and comparing hashes
can tell you that you share the same information.

Placing hash tags on the blockchain reliably and cost-effectively tells the world that you
have a specific set of data without revealing what the data is.

Anonymity

Another aspect of privacy is the concept of anonymity. For a truly anonymous system,
there should be no way of knowing which users performed what actions. Most blockchains
are pseudonymous, meaning that a user cannot be directly matched to a real-world iden-
tity from within the knowledge in the network; however, transactions can be correlated,
and a connection made using external services. For example, Bitcoin users can have multi-
ple public addresses, but purchasing Bitcoin requires you to sign up for an exchange,
which then has your full name and at least one wallet address. From there, the exchange
can easily track where the purchased Bitcoin goes as it moves through accounts (Kashyap,
2019).

If true anonymity is required, there are some blockchains that use more complex cryptog-
raphy to further hide data sources. These include ZCash and Monero.

Scalability and Growth

Technical factors that impact scalability concerns include the following:

• Geographical distance of nodes and clients.

• Complexity of queries: More complex queries increase computational overhead,
latency, and costs.
• Privacy requirements: Encryption increases computational overhead and slows down
the processing as a trade for additional privacy (Kashyap, 2019).
• Transaction volume: As previously discussed, it is important to understand the volume
of current transactions as well as the expected growth in volume in each period of time.

144
• Performance of the blockchain with respect to speed and latency: Also previously dis-
cussed, what are the requirements for throughput on the blockchain? It is necessary to
determine the requirements for processing of transactions as well as the latency in
retrieving information from the blockchain.

Currency

Many private blockchains rarely require tokens or cryptocurrencies. If your business

requirement includes the use of tokens or cryptocurrencies, the necessity of this needs to
be evaluated. Many current use cases are focused on non-currency digital assets such as
contracts or land deeds, the support for one or more cryptocurrencies may be a future
consideration. For example, Ethereum has Ether built-in. Ethereum and Hyperledger pro-
vide the ability to create other cryptocurrencies, and Corda provides little support for cur-
rency functionality overall (ACT IAC, n.d.).

Smart Contract Support

Some blockchain platforms offer the ability to create smart contracts. If the requirements
include autonomous operations, such as an automatic payment upon validation of an
insurance claim, then the ability to develop smart contracts is necessary. If the application
is serving as a ledger, such as capturing a simple data transaction, then the need for a
blockchain application that offered smart contracts support would not be required at this
time.

Platform Specifics

Platform license and governance

Open source platforms, such as Ethereum and Hyperledger Fabric, are governed by their
developer communities via nonprofit foundations, whereas Corda is managed by a corpo-
rate consortium called R3. The governance model could affect the support resources that
are made available to developers (ACT IAC, n.d.).

The Linux Foundation’s Hyperledger Project openly governs an openly sourced code base,
allowing any organization or contributor to submit suggestions, updates and policies.
Hyperledger openly validates the inputs through the Technical Steering Committee to
ensure innovations are supported which harden blockchain for business.

Platform support

Frameworks require support. There may be a community that provides support. There
may be a large corporation that backs it, and third-party service organizations might be
the support mechanism.

Other considerations include the controlling body’s release of updates and patches, and
availability of a roadmap for future development.

145
 Open source versus proprietary blockchain platforms

Different open source blockchain platforms are suitable options when implementing dif-
ferent consensus protocol mechanism, blockchain network types, or specific use cases.
They are a good option when implementing blockchains with more censorship resistant
use cases. The use of open source blockchains would reduce the investment cost in build-
ing blockchain services. However, organizations may need to manage the security, scala-
bility, and throughput considerations in their own custom ways. Interoperability and ease
of integration are areas of consideration, as open source blockchain platforms do not tra-
ditionally do well in these areas. Blockchain as a service (BaaS) is an emerging model that
combines the benefits of an open source platform with the benefits of proprietary solu-
tions (ACT IAC, n.d.). Other protocols such as Ethereum and Corda are managed by a very
small group of developers, often from a single organization. This means they centrally
control the roadmap of their technologies, ultimately at the expense of innovation in the
long run (Harrison, 2018).

Transaction costs

Applications deployed on a public blockchain such as Ethereum incur transaction costs

that are based on the computational resources consumed in the processing of transac-
tions. Applications deployed on a private blockchain do not have this requirement, but
they do have the expense of providing a supporting infrastructure, whether onsite or pro-
vided as a cloud deployment (ACT IAC, n.d.).

Community

Enterprise blockchain users should leverage technologies that enable their developers to
work with tools and programming languages with which they are familiar. There are a lim-
ited number of blockchain developers available on the market for most of these new plat-
form technologies, and this is further complicated by the fact that many of the platforms
have their own specific development languages.

There are not many developers available in the market on most of these technologies. The
problem is even more complicated with the fact that many of these frameworks have cus-
tom programming languages, which makes it even harder to train your existing developer
pool (Jenks, 2019). For example, Hyperledger supports Java and offers a composer tool
that allows organizations to develop smart contracts without writing much code, while
Ethereum uses its own Solidity language. Corda also expands on smart contract by sup-
porting the incorporation of legal prose along with the code (ACT IAC, n.d.).

146
6.3 Platform Selection
Once the business requirements are understood and the technical requirements are deter-
mined, blockchain platforms can be considered. Blockchain platforms can be refined by
those that have been designed to be used for public versus private versus permissioned
use, and/or they can be refined by those that have demonstrated strengths for a specific
industry.

Industry Specific

Although the blockchain platforms described in this section may be appropriate for other
use cases, they are considered to have strengths for specific industries and/or have a large
community following. This has resulted in them being a popular choice for solutions built
for that industry.

Finance

R3 Corda is a permissioned blockchain that allows users to have a choice of pluggable

consensus algorithms. It has programmatic capabilities for smart contracts. R3 is a consor-
tium of the world’s leading financial institutions that together built the open source block-
chain Corda in 2015 for the financial sector. Corda does not have a cryptocurrency or built-
in tokens. Although built for the financial sector, Corda is being used in other industries as
well. More than 60 firms are using Corda including HSBC, Intel, Bank of America, Merrill
Lynch, and others (Takyar, 2019).

Ripple is a permissioned blockchain, that uses a probabilistic voting consensus algorithm.

It does not have programmatic capabilities for smart contracts. Ripple’s strength is con-
necting payment providers, digital asset exchanges, and banks and corporations via their
blockchain network, RippleNet. It allows global payments using the cryptocurrency XRP
(or Ripple). Financial institutes including Santander, American Express, MoneyGram Inter-
national, and SBI Holdings are testing various use cases on the Ripple blockchain (Takyar,
2019).

Stellar is a both a public and private blockchain that uses the Stellar Consensus Protocol.
It has programmatic capabilities for smart contracts. Like Ripple, Stellar can deal with
exchanges between cryptocurrencies and fiat-based currencies. Unlike the PoW and PoS
algorithms that are in the larger blockchain platforms used by the traditional financial
institutions, the Stellar Consensus Protocol reduces the barrier to entry for new, smaller
participants. SureRemit, Transfer To, NaoBTC, RippleFox, and ICICI Bank are using the Stel-
lar network to enable money transfers across borders (Takyar, 2019).

Healthcare

Hyperledger Fabric is being used by the Health Utility Network, a consortium led by IBM,
together with Aetna, Anthem, PNC Bank, and Health Care Service Corporation for develop-
ment efforts in an effort to reduce administrative errors and streamline record keeping
(Roberts, 2019).

147
 Quorum, a fork of Ethereum, is being used by the Synaptic Alliance, which includes Aetna,
Humana, United Healthcare, and others, to create a provider data exchange – a coopera-
tively owned, synchronized distributed ledger to collect and share changes to provider
data (Hashed Health, 2019).

Ethereum will be used by the consortium, Mediledger, which includes life sciences compa-
nies such as Pfizer, McKesson, and more, to track an immutable record of pharma supply
chain transactional data and ease the certification process of raw materials and drugs
(Hashed Health, 2019). MedRecand Patientorywill also create applications on the Ether-
eum platform for patient-managed health information exchange applications. Nebula
Genomics proposes to share and analyze genomic data on an Ethereum-based blockchain
platform. It was also proposed that Ethereum was to be adopted in clinical applications
such as clinical data sharing and automated remote patient monitoring (Kuo et al., 2019).

The use of Hyperledger has been proposed for a number of healthcare-related applica-
tions including an oncology clinical data sharing framework for patient care, the design of
a framework to enforce Institutional Review Board regulations, and for medical data stor-
age or access applications. With the interest in Hyperledger, a working group was formed
by Hyperledger to cultivate technical or business collaborations for healthcare blockchain
applications (Kuo et al., 2019).

These are examples of early work in this area and to show the feasibility of adopting popu-
lar, open-source blockchain platforms for health or medicine. There are also some health-
related blockchain applications that do not explicitly reveal their underlying platforms
while others may be building an in-house blockchain (Kuo et al., 2019).

Specific Platforms

The platforms described below are cross-industry but will be discussed with respect to the
selection criteria.

Ethereum

• Ethereum is open-source.
• Ethereum is a public blockchain.
• Smart contracts can be developed. Ethereum includes a programming language, Solid-
ity (a subset of Javascript), for developers to create applications. Solidity lends itself to
the creation of consumer-based blockchain applications.
• Ether is the built in cryptocurrency for applications that need it.
• Ethereum is governed by a Decentralized Autonomous Organization (DAO), an organiza-
tion whose decisions are made electronically based on a vote by its members. The
Ethereum Enterprise Alliance has a group of corporate backers that includes BP, Cisco,
Accenture, Intel, and Toyota.
• Consensus mechanism is proof of work.

Hyperledger Fabric

• Hyperledger Fabric is open-source.

148
• Hyperledger Fabric is a permissioned network.
• Hyperledger Fabric was built as a modular, pluggable architecture where components
can be added as needed.
• Smart contracts (referred to as chaincode) can be developed using Golang or Java.
• Hyperledger does not have a built in cryptocurrency but currency can be built using
chaincode.
• Hyperledger is a set of projects, of which Fabric is one, that is hosted by the Linux Foun-
dation. Fabric was contributed by IBM and Digital Asset.

Quorum

• Quorum is an Ethereum-based, enterprise-focused, smart contract platform.

• Quorum is a permissioned network.
• Quorum supports both public and private blockchains.
• Quorum uses Solidity for smart contract development.
• It is ideal for applications that demand high speed and fast processing of private trans-
actions as a result of its simple consensus mechanism.
• As a result of being backed by JP Morgan, it was originally built for the financial service
industry.
• Private channels or data partitions on the blockchain allow enterprises to protect the
data which is highly sensitive due to the implication of various laws or regulations by
allowing access to the parties concerned (Swish Team, 2019).

Corda

• Corda has a private blockchain.

• Smart contracts can be developed with Kotlin or Java.
• Corda has no native cryptocurrency.
• Originally focused on financial applications but has expanded to applications in other
industries.
• Corda is owned by R3.

Ripple

• Ripple is a semi-permissioned blockchain.

• Originally founded as a global payment settlement mechanism providing services to
currency exchanges, banks, and digital asset exchanges.
• Smart contracts can be written in C++.
• Ripple’s cryptocurrency is XRP.
• Low transaction fees and fast processing of transactions.
• Governance is by Ripple Labs.

149
 6.4 Design of Blockchain and DLT
Applications
Creating a decentralized blockchain application needs to follow the same design process
as any other software product. Business requirements, functional specification, architec-
ture designs, and UX/UI designs are required for development.

An appropriate blockchain platform and consensus mechanism must be selected to ena-

ble the solution to be implemented.

Blockchain Nodes

As discussed earlier, blockchain solutions can be permissioned or permissionless, and pri-

vate or public. Another factor to consider is whether the nodes will run on premise, in the
cloud, or both. Once determined, the hardware configuration and operating system needs
to be decided upon.

Data Storage

As previously discussed, data is created in transaction format, and transactions are pack-
aged together and stored on the blockchain. In some cases, placing all of the data into the
transaction might be impractical. For example, doing so would make the transaction too
large and the amount of data would be stored by every full node in the network. In addi-
tion, a business requirement to retrieve the data for reporting may be a requirement.

One solution is the storage of the hash of the data on the blockchain. The hash is very
small so the transaction size and cost is low. To store the data, a relational database or a
file system can be used. The hash would be added to the raw data, while the transaction id
would be added to the relational database. The blockchain benefits of decentralization
and transparency are reduced with this alternative.

An alternative is to store the hash of the data and parts of the data on the blockchain.
Depending on the parts of the data placed on the blockchain, it becomes publicly accessi-
ble, and some transparency and decentralization is returned.

Off-chain data can be stored in a traditional database such as MySQL or MongoDB, a dis-
tributed database like MongoDB with replica-sets enabled, or cloud-solutions like Azure
CosmosDB or a distributed file system.

A traditional database will have strong query capabilities; however, it is a single point of
failure with a central authority. A distributed database will also have strong query capabili-
ties and redundancy of data, but it is controlled by a central authority. A distributed file
system allows redundancy of data and is decentralized, but has no easy query capabilities
(Marx, 2018).

150
APIs

Designing an application benefits from the use of APIs. APIs that have been created by
others can be used for this purpose. For example, if an application needs to understand
the route of the London transport system, APIs exist to obtain that data.

Conversely, APIs can be created and made available to others to optimize their develop-
ment efforts. Some of the common reasons that an API may be required are

• performing auditing functions,

• storing and retrieval of data,
• generating pairs of keys and mapping them to the specific addresses,
• performing data authentication with the help of hashes and digital signatures, and
• the managing and triggering of smart contracts to run the business capabilities of an
application (Rathore, 2019).

Some blockchain platforms come with pre-made APIs, while others do not.

User Interface Design

Now that you have planned everything, start creating user interfaces for the blockchain
solution. “Blockchain” has become a buzzword that is not well-understood by the average
person. There are three recommendations in which UX research and design principles can
be applied to blockchain.

1. Remove the use of industry jargon. Make the solution understandable.

2. Establish digital trust. Help users feel secure and confident in their decisions to
engage with blockchain and their actions when they do engage.
3. Implement design thinking. Design thinking relies on logic, strategy, and systemic rea-
soning in order to achieve the best possible design solution. It focuses on identifying
the problem first before thinking of the solution (Silver, 2019).

The front end programming language will need to be selected. Many exist already, such as
Java, Javascript, Python, Ruby, Golang, Solidity, and many more.

Smart Contract Design

Smart contracts are components of the overall solution. A smart contract is an automated
process that is executed when certain criteria have been met; therefore, it is self-executing
and self-enforcing. Designing smart contracts requires somewhat typical lifecycle practi-
ces of software development, as well as considerations that are specific to the use of
blockchain and smart contracts.

Life cycle practices

• The use case of smart contracts should be well defined. Business requirements must be
well identified. Developers need to discover third party libraries to be used in the devel-
opment cycle.

151
 • A basic architecture design of a smart contract will depict the business logic. The archi-
tectural design guides the developers during development.
• In the development phase, developers can use code editors or IDE to develop the smart
contract.
• Following development, manual testing should be conducted to verify that the smart
contract’s behavior is as intended.
• Unit testing should then be proceeded by the creation of test cases which reflect the
testing of the identified business requirements.
• Smart contracts should be audited by a 3rd party before deployment. Although smart
contracts pass manual and unit testing, smart contracts may contain logical errors,
security issues, or other bugs that would be identified by an audit (Sharma, A., 2019).

Interfaces and modules

Like with traditional coding, it is standard practice to separate code by concerns. The mod-
ularity allows for better understanding of the code by others, testing, and maintenance.
This is also true when designing smart contracts. Additionally, there are libraries of rou-
tines or modules that have been made available by other developers. Use of these libra-
ries eliminates the need to write more standard code and to leverage code that has been
tested and used by others. This frees the developer to write the code that is unique to the
smart contract being developed (Shah, 2019).

Security

Security must be considered from the very beginning of the process of smart contract soft-
ware development. Since contracts are public and visible on the blockchain, everybody
can potentially call every function. With a good amount of effort, anyone can figure out
what the contract does and call it. Therefore, most contracts implement the “owner pat-
tern” that can be used to restrict the “administrator” change functions like “setup,” “start,”
“stop,” and “kill.” Additionally, in the case of an unexpected event such as a severe bug or
vulnerability in the code, it is a good idea to have an “administrator” “halt” function that
stops the smart contract from being executed while the situation is being evaluated (Shah,
2019).

Designing single contracts

As a contract evolves and has more and more features added to it, it is easy to end up with
a contract that does way too much and becomes difficult to manage. Instead of putting all
functionality into a single contract, it is often advisable to divide it into several contracts
that act together (Shah, 2019).

Future

As the blockchain proves its value, consider enhancing it with technologies such as artifi-
cial intelligence, Internet of Things, data analytics, and much more.

152
SUMMARY
Development of blockchain applications generally follows the develop-
ment cycle of traditional centralized solutions. Understanding the suita-
bility of the technology is always the first priority. Once it is determined
that blockchain is the correct solution, a blockchain platform needs to
be selected. This phase is where the key differences lie, in that block-
chain concepts need to be fully understood, and a platform that best fits
the type of application to be developed is selected. The platform pro-
vides some of the development environment but, more importantly,
defines the ecosystem in which the solution will operate.

Once a platform has been selected, the solution design and implemen-
tation commences with domain-related decisions specific to the infra-
structure (nodes), data (storage on/off chain), the application (interfa-
ces, APIs, user interface), and last, but certainly not least, the security
that surrounds all domain decisions.

153
 UNIT 7
BLOCKCHAIN AND SOCIETY

STUDY GOALS

On completion of this unit, you will have learned …

– the concept of trusting technologies and the goal of blockchain as a trustless system.
– the original intentions and design of Bitcoin and blockchain technologies, and how
technologies have evolved around them and challenged the original intentions.
– the environmental impact of blockchain environments and options for improvement.
– the many ways in which cryptocurrencies have been used for nefarious activities
worldwide.
– the promise of Initial Coin Offerings as an investment vehicle and the potential risks.
 7. BLOCKCHAIN AND SOCIETY

Introduction
In 2008, Satoshi Nakamoto introduced Bitcoin with all good intentions. His belief was in
Bitcoin as a trustless system where cryptocurrencies can be used in a decentralized and
immutable manner. Over a decade since Nakamoto’s famous paper, we have to balance a
desire to make free-market capitalism available with the need to keep control of a plat-
form that has the potential to enable bad as well as good.

A decade has also brought about a fast moving technological environment which has ena-
bled the bad actors to conduct illegal activities on the darknet while using these crypto-
currency platforms. Drugs, weapons, and more can be transacted out of the purview of
regulatory bodies. While these illegal activities are done in the dark, it is in full view that
bad actors can also directly use the blockchain network to conduct fraudulent offerings to
raise money.

Finally, from a societal position, the demand on the environment is immense and worthy
of discussion, with positions held on both sides concerning whether it is as bad as it
seems.

7.1 (Mis-)Trust in Institutions

Understanding Trust

As a society, we state that we want to trust our friends, acquaintances, business asso-
ciates, businesses, institutions, government, and more. What does trust mean? The Oxford
Dictionary defines trust as the “firm belief in the reliability, truth, ability, or strength of
someone or something.” However, Webster’s defines trust as “a confident expectation”
and The American Heritage Dictionary states that “trust implies depth and assurance of
feeling that is often based on inconclusive evidence” (as cited in Trust, n.d.).

What is trust

As Werbach (2019) describes in his book, the simplistic definition of trust is cognitive risk
assessment. Is a person justified in relying on another person or organization? Do we trust
the pilot to fly the plane, do we trust that a credit card given to a restaurant server will not
be used to run up personal charges? While the cognitive dimension is important, it is not
the full entirety of the concept of trust. This is the line between trust and verification. An
airline requiring the credentials of a pilot before offering the pilot employment is verifica-
tion. Further, philosophers refer to the “affective dimension” of trust, the optimistic dispo-
sition of an expectation of goodwill. It is the aspect of trust concerned with motives, not
just actions. This dimension of trust becomes important when the parties cannot precisely
estimate costs and benefits. In short, trust is confident vulnerability, a confident relation-

156
ship to the unknown. People want to use systems they can trust (Werbach, 2019). This
takes us back to Webster’s definition of trust as “a confident expectation” and American
Heritage’s that it is “based on inconclusive evidence” (as cited in Trust, n.d.).

Establishing trust

Trust is foundational for most new technologies, especially social media platforms. Serv-
ices such as Uber and Lyft are based on trust. There is a confident expectation that the
driver is a good person and a safe driver, while there is also a confident expectation that
the customer is a good person and acts in an appropriate manner.

Uber has a rating system where both the driver and the passenger can rate each other. The
rating is made available so that the driver can see how other drivers have rated the pas-
senger, while the passenger can see how other passengers have rated the driver. This rat-
ing system helps to establish trust between driver and passenger.

As an example of the desire for an understanding of trustworthiness, China has imple-

mented a system that strives to automate the trustworthiness of its citizens to encourage
trust among them. China recently introduced a social credit system that allows people to
review and assess one another on a daily basis. The system monitors and assigns a value
to all areas of an individual’s life. For example, it records who your friends are and how
well you get along with them, what you bought in a shop and how good a customer you
were, how much time you spend each day on social networks and how regularly you pay
your bills. For example, someone who plays computer games for several hours a day will
have a lower score than someone who has children and is paying for the expenses of the
children, as the latter behavior is considered more mature and reliable. Although a volun-
tary system now, the Chinese government intends to standardize it in 2020 (Kuhar, 2019).

Certainty of trust

Trust is replaced by certainty. Complete trust in another is being in ignorance regarding

their actions, while eliminating trust means full certainty about what a person will do. The
more convinced we are that a person will act as expected, the less we need to trust them.
Conversely, the more unpredictable an action, the more trust we need to invest in it
(Kuhar, 2019).

A trustless system

A trustless system is one that is not dependent on the intentions or actions of its partici-
pants, good or bad. The system always acts in the same manner. The creator of the crypto-
currency Bitcoin, stated that “the root problem with conventional currency is all the trust
that’s required to make it work” (Nakamoto, 2009, para. 2). As it is, central banks must be
trusted not to debase the currency, banks must be trusted to hold our money and transfer
it electronically, and we have to trust them with our privacy. Nakamoto went on to com-
pare it to multi-user time-sharing computer systems of many years ago that had to rely on
password protection and the placement of trust in the system administrator who could
always override the elements of privacy. Over time, strong encryption technologies
became available and trust was no longer required. Nakamoto believed that it was a cer-

157
 tainty that “data could be secured in a way that was physically impossible for others to
access” (Nakamoto, 2009, para. 3). Based on this foundation, Nakamoto proposed that we
need the same confidence in money handling, that e-currency based on cryptographic
proof, without the need to trust a third party middleman, will mean that money can be
secure and transactions can be conducted in an effortless manner (Nakamoto, 2009).

Bitcoin

Reason for Bitcoin

Just prior to Nakamoto’s introduction of Bitcoin, trust in government and banks was at a
low because of the financial crisis. Since the introduction of Bitcoin, trust is in transition
from being a trust in banks or states to a trust in algorithms and encryption software.
There is a move from conventional trust in the gold standard—“In Gold We Trust”—to the
trust announced on U.S. currency—“In God We Trust”—to trust in software and networks—
“In Digital We Trust” (Baldwin, 2018).

The “digital” currency is believed to have arisen as a solution to the problems of fiat cur-
rencies. The main criticisms of existing financial systems are that

• centralization makes them susceptible to attack,

• millions of people are excluded from the global economy,
• some (primarily international) monetary transactions are slow and expensive, and
• the intermediaries increase the cost of individual transactions.

The final criticism connects all of the above, that the current system relies on trust that
individuals and institutions will operate as they should (Kuhar, 2019).

Bitcoin — Trustless?

Nakamoto (n.d.) begins the conclusion of his paper with the statement that “We have pro-
posed a system for electronic transactions without relying on trust.” This “electronic pay-
ment system based on cryptographic proof, rather than trust” is implemented in the form
of bitcoin, with a blockchain foundation.

Saying that Bitcoin is “trustless” means that there is certainty and reliability in the sys-
tem’s operation.

Thomas Hobbes put forth a concept referred to as the social contract, the condition in
which people give up some individual liberty in exchange for some common security. With
blockchain, people no longer need to engage in a social contract, giving up part of their
rights in exchange for security, and turning these rights over to a central party. Transac-
tions, including financial transactions, can now be based purely on the activity of partici-
pating actors, which supposedly makes it more democratic, more transparent, more pre-
dictable (certain), and above all, more trustworthy (Kuhar, 2019).

158
These statements, however, didn’t make it so. Nor have Bitcoin and other blockchain-
based platforms proven themselves in a manner to be considered trustless. If the trust and
willingness of market participants to exchange fiat currency for bitcoin erode and/or end
as a result of these breaches of trust, then the potential exists for the total loss of value of
bitcoin (Baldwin, 2018).

Decentralization

Bitcoin is decentralized, meaning that it does not need a third-party to verify or approve
the transactions that occur on its platform.

Decentralized movements have increased in the past decades. The internet as a mass
medium and worldwide technological advancements has built a more closely connected
global community. Castells calls this structure of society a “network society.” This societal
structure is characterized by nodes which represent relations between people and their
environment. A network society is decentralized as it has no center origin. Although some
nodes are more relevant to the network than others, the network can only perform as a
whole (Trauth, 2018).

While decentralization has facilitated certain elements of electronic connection, it also

unearths a new problem: the computer virus. The decentralized multiple and weak nodes
are now made vulnerable to viruses, worms, hacking, cyberterrorism, anomalies, acci-
dents, assemblages, contagions, and more. The solution of decentralization creates its
own new problems and threats (Baldwin, 2018), resulting in a lack of predictability and the
need to invest in order to develop trust.

Immutable

Data blocks, intended to be irreversible based on blockchain technology, can be erased

and re-established, if needed. When a large number of currencies were stolen, Ethereum
performed a hard fork, erased a blockchain, and set up a new one. The decision was con-
ducted democratically by a vote of its active members but is evidence that the history of
cryptocurrencies is not immutable.

Decline in institutional trust

An overall decline in the trust in institutional governments and other bodies has occurred
in recent years. This development gives room to global, decentralized movements and
developments. The real opposition can now be found in social movements and protests in
the streets rather than inside institutional governments where it expresses the dissatisfac-
tion and declining trust in political institutions and their way of governing people (Trauth,
2018).

159
 Environment for criminal activity

In addition to the use of cyber currencies in the Darknet, cybercurrencies were primarily
being used by financial speculators, who saw them as an opportunity to get rich quick,
launder money, and evade taxes (Kuhar, 2019). Most people will want laws and regulations
to help make blockchain-based systems trustworthy (Werbach, 2019).

Bitcoin as currency

Money is suggested by economists to have three prime functions: An accounting unit, a

medium of exchange, and a store of wealth. Bitcoin’s price has fluctuated wildly and is
open to derivation and speculation. The lack of stability makes it hard to consider Bitcoin
as a secure store of value. Bitcoin’s lack of regulation and openness to the whim of the
market ensures a volatility that prevents the stability necessary to store wealth or even
serve as an accounting unit. The fact that Bitcoin largely “floats free of any anchor to ordi-
nary valuing processes” (Golumbia, 2017, p. 71) means that it cannot fully function as a
stable accounting unit (Baldwin, 2018).

Table 5: Characteristics of Money

USD (FIAT) GOLD BTC (CRYPTO)

Durable Y Y Y

Portable Y Y Y

Divisible Y Y Y

Consistency Y Y ?

Instantly Recognisable Y Y Y

Acceptable Y N N

Intrinsically Valuable ? Y ?

Source: Liu, L., 2019.

Table 6: Functions of Money

USD (FIAT) GOLD BTC (CRYPTO)

Unit of Account Y N N

Medium of Exchange Y N N

Store of Value N Y ?

Source: Liu, L., 2019.

160
Privacy

Privacy, as defined by Merriam-Webster, is the quality or state of being apart from com-
pany or observation, or freedom from unauthorized intrusion. Technology improvements
and innovations have placed consumers in the situation where personal privacy is chal-
lenged on a daily basis. Location and activity is shared on social media, location is tracked
on our phones and vehicles, our purchasing data is available, and more. Much of this is
information that consumers are willing to share in exchange for other benefits. Some of
this information is captured, used, and exchanged for unauthorized purposes.

Personal privacy advocates believe that blockchain and cryptocurrency entrepreneurship

solutions can address the concerns of our dwindling right to privacy in the digital world.
The beauty of these solutions is that they offer encryption or at least partial obfuscation
on a massive scale (Moskov, 2019). Blockchain technology is armed to curb infringements
upon citizens' rights (Hagen, 2018). From a personal information perspective, citizens
would have the ability to store private information in a secure, decentralized ledger. Citi-
zens would maintain data ownership, deciding when and where it is shared. This technol-
ogy could prevent malicious actors and third parties from accessing or harvesting per-
sonal data without consent (Hagen, 2018).

In the financial world, the debate is that this level of privacy is a dangerous enabler of
chaos and disorder. The privacy is an enabler of many illegal activities that have occurred
on the darknet, however, the other side of the debate views privacy coins as what could
potentially be our last hope for freedom from external control (Moskov, 2019). As the
global economy becomes more interconnected, citizens can access new forms of wealth
and markets that remain outside the purview of their governments. Autocratic govern-
ments have responded by seeking ways to maintain control over an individual's or a
group’s access to resources. Cryptocurrencies can enable people to participate in an alter-
native form of finance that isn't subject to judgment by the state by removing the middle-
man from transactions. Individuals or groups who have been blacklisted by a government
or corporation can then do more than amass and spend wealth, they can prosper (Hagen,
2018).

Government

Apolitical nature

Bitcoin and blockchain technology have eliminated politics, governmental control, and
institutional control from the use and management of the blockchain environments.

As Nigel Dodd shows in “The Social Life of Bitcoin,” the basis of the paradox is the idea
that Bitcoin and the technology of blockchain have eliminated politics from the produc-
tion of money and its management (Kuhar, 2019). David Golumbia (2017) concludes that
assumptions regarding the supposed apolitical nature of cryptocurrencies are based on
ideologies within which freedom means freedom from governmental power. This includes
groups such as cyberlibertarians (advocate for use of technology to promote individual or
decentralized initiatives and less dependence on central governments), cryptoanarchists
(promote cryptography to maintain freedom of speech and prevent government control

161
 and regulation of the internet), and cyberpunks (belief that those with technological capa-
bility can fend off the tendencies of traditional institutes to use technology to control soci-
ety includes hackers, crackers and phreaks) (Kuhar, 2019).

Neoliberalism

Neoliberalism is a policy model (covering politics, social studies, and economics) that
seeks to transfer control of economic factors from the public sector to the private sector. It
promotes free-market capitalism and a shift away from government spending, regulation,
and public ownership. The belief is that continued economic growth will lead to human
progress, a confidence in free markets, and an emphasis on limited state interference.
Inspired by the term “liberalism,” neoliberalism is more focused on the economics, while
liberalism is a broad political philosophy (Kenton, 2019).

From this definition, one understands that centralization is an impediment to the decen-
tralized flow of neoliberal finance. Centralized government and banks are oppressive. This
supports the Nakamoto thesis stating that there is no need to trust government or banks
with currencies, and promotes technology concepts such as efficiency, speed, connectiv-
ity, decentralization, and anonymity (Baldwin, 2018).

Bitcoin is subject to the invisible politics of the programmers who develop the technology
and decide upon its functionalities. Implicit in this is that the developers will make the
right decision about the technical features to be implemented. This, however, is unlike the
original intention of Bitcoin to be a decentralized infrastructure that is not regulated by
any third party institution because the actual governance structure, in spite of its open
source nature, is highly centralized and undemocratic (DeFilippi & Loveluck, 2016). In
order to ensure the long term sustainability of organizations such as Bitcoin, it is neces-
sary to include a governance structure that works in an authentically democratic way to
make decisions on how and when the technology should evolve. Not only should those
building the technology (developers) be involved, but also those who are affected by
these decisions (the users) (DeFilippi & Loveluck, 2016).

The position of world leaders

Today’s leaders have generally taken a wait-and-see approach to cryptocurrencies. In gen-

eral, many are enthusiastic about blockchain technology without being enthusiastic
about any existing cryptocurrency. A concerted action against decentralized platforms in
favor of centralized, government-endorsed alternatives could have implications for crypto
that are quite contrary to the original intention.

Some countries such as China and South Korea have implemented bans on ICOs. China
has banned crypto exchanges, while South Korea has banned anonymous crypto trading.
Other countries have been open but have not yet established limiting legislation.

162
7.2 Blockchain and the Environment
Electricity Usage

Demand of mining

Today, Bitcoin mining is consuming more than 7 GW of electricity a day, equivalent to

Switzerland’s daily electricity consumption. Compared to 2017, Bitcoin’s computing
power has reached an all-time high, and is currently at 100 quintillion hashes (Liu, S.,
2019).

Figure 28: Hash Rate

Source: Liu, L., 2019.

The mining process is powered by countless high-powered computers that require a large
amount of energy to enable the processing and encryption of the transactions being
added to the blockchain. Electricity makes up 90 percent of the cost of mining cryptocoins
(Buttice, 2019).

Negative environmental effects

Digiconomist produces a number of charts that demonstrate energy consumption. As of

late 2019, the following chart shows the marked increase in energy consumption.

163
 Figure 29: Bitcoin Energy Consumption Index Chart

Source: Digiconomist, n.d.

Annualized total footprints of Bitcoin activity is shown in the following chart:

Figure 30: Bitcoin Annualized Total Footprints

Source: Digiconomist, n.d.

While a single transaction leaves the following footprint.

164
Figure 31: Bitcoin Transaction Footprint

Source: Digiconomist, n.d.

The following table gives a summary of the key network statistics for Bitcoin transactions.

Table 7: Bitcoin Network Statistics

Description Value

Bitcoin's current estimated annual electricity consumption (TWh) 73.12

Bitcoin's current minimum annual electricity consumption (TWh) 52.48

Annualized global mining revenues $6,453,724,124

Annualized estimated global mining costs $3,656,073,069

Current cost percentage 56.65%

Country closest to Bitcoin in items of electricity conosumption Austria

Estimated electricity used over the previous day (KWh) 200,332,771

Implied Watts per GH/s 0.085

Total network hashrate in PH/s (1,000,000 GH/s) 97,849

Energy footprint per transaction (KWh) 625

Number of U.S. households that could be powered by Bitcoin 6,770,506

Number of U.S. households powered for 1 day by the electricity consumed for a 21.11
single transaction

Bitcoin's electricity consumption as a percentage of the world's electricity con- 0.33%

sumption

Annual carbon footprint (kt of CO2) 34,733

165
 Description Value

Carbon footprint per transaction (kg of CO2) 296.68

Source: Digiconomist, n.d.

By comparison, the following chart shows the network statistics for Ethereum based
blockchain.

Table 8: Ethereum Network Statistics

Description Value

Ethereum's current estimated annual electricity consumption (TWh) 8.07

Annualized global mining revenues $1,233,403,543

Annualized estimated global mining costs $806,914,598

Current cost percentage 65.42%

Country closet to Ethereum in terms of electricity consumption Angola

Estimated electricity used over the previous day (KWh) 22,107,249

Implied Watts per MH/s 5.081

Total network hashrate in GH/s (1,000 MH/s) 181,283.00

Electricity consumed per transaction (KWh) 32

Number of U.S. households that could be powered by Ethereum 747,143

Number of U.S. households powered for 1 day by the electricity consumed for a 1.07
single transaction

Ethereum's electricity consumption as a percentage of the world's electricity 0.04%

consumption

Source: Digiconomist, n,d.

An article published in the science journal, “Nature,” makes a convincing argument that
since, “the network is mostly fueled by coal-fired power plants in China,” the carbon
impact of bitcoin mining, alone, could push global temperatures above 2°C within less
than three decades (Daab, 2019).

Canada’s Hut 8 Mining Corp, which has spent more than $100M to develop a 4.5 hectare
site with 56 shipping containers, each filled with 180 computer servers that digitally mine
for bitcoin around the clock. This operation uses so much power, that Medicine Hat, a city
which is right next to the facility, has a contractual right to “pull the plug” should residents
not have enough electricity (Bakx, 2018).

166
Or not?

The argument is being made that the mining is a profitable way to use surpluses of energy
that some nations would otherwise waste. Bitcoin miners have traditionally set up in
China, where coal supplies 60 percent of the nation’s electricity. However, bitcoin mining
is now expanding in areas with cheap power, like the United States Pacific Northwest,
where there is a large availability of hydropower, a low-carbon resource. In Europe, Ice-
land is a popular location, as they rely on nearly 100 percent renewable energy for its pro-
duction. Geothermal and hydropower energy make miners’ power demand inconsequen-
tial (Kelly-Pitou, 2018).

Expectation of growth

Many believe that blockchain and distributed ledger technology is in its infancy, and it can
therefore be assumed, that as the industry matures and people are aware of its potential,
that the demand on electricity usage will increase (Buck, 2018).

Global electricity consumption, in general, is expected to increase nearly 28 percent over

the next 20 years. Increasing energy consumption is only bad if there isn’t a shift toward
less carbon-dense power production, and that is what miners are doing (Kelly-Pitou,
2018).

Options for Improvement

Proof of work consensus mechanism

The proof of stake (PoS) consensus mechanism has long been posed as a more sustaina-
ble consensus mechanism over proof of work (PoW). PoS uses the term forgers (rather
than miners) to describe those randomly chosen to mine blocks. There are no block
rewards, but forgers can collect transaction fees. One criticism is that PoS favors those
with more assets to be selected as forgers (Cox, 2019).

There are many other consensus mechanisms that are being used and evaluated by differ-
ent blockchain platforms. Given Bitcoin’s governing structure and concentrated power, it
is unlikely that there will be a decision to change consensus mechanism.

Directed acyclic graph

Directed acyclic graph (DAG) can be thought of as blockchain minus the blocks. If there are
no blocks, there are no miners. So, instead of verifying transactions via miners, DAG uses
previous transactions to verify new ones. DAG is currently used by Byteball and IOTA and
has the potential to challenge blockchain based alternatives (Cox, 2019).

167
 Other innovative ideas

A new blockchain-based energy grid known as Eloncity has been proposed as a futuristic
and innovative solution to improve the efficiency of the system. The idea is to move away
from the uneconomical and cumbersome centralized power supply, to a much more effi-
cient and intelligent energy storage system based on a network of smart microgrids (But-
tice, 2019).

There is also the option to offset the CO2 released into the atmosphere. Ripple’s XRPL
believes that planting trees allows them to be considered carbon-neutral. WanderingWare
has partnered with OneTreePlanted to plant enough trees to offset the carbon output
from the electricity production needed to operate the XRPL. One Tree Planted works with
planting partners in North America, Latin America, Asia, and Africa to plant trees in areas
that have been deforested. The trees they plant help the local and global environment
and, in some instances, provide an income for families in the area if the trees bear fruits or
nuts. Based on their calculation, to offset the carbon footprint of the XRPL 427,273 trees
will need to be planted. At $1 per tree, the XRPL can be carbon-neutral for less than
$500,000 (Buck, 2018). As of late 2019, only $7,591 has been donated.

Disk Usage

Demand for storage

The size of the Bitcoin blockchain has grown at a stable rate over the past decade. In late
2019, the size of the Bitcoin blockchain is approximately 242GB in size.

168
Figure 32: Size of Bitcoin Blockchain from 2010 to 2019

Source: Liu, S., 2019.

Because of the peer-to-peer nature of blockchain technology, each node contains a full
copy of the blockchain. Every time data is added to the chain, it must be added to the data
storage of all nodes.

The size of this storage is only going to increase over time. This will put small individual
miners (who can't afford to have too much storage capacity) out of business, and favor
large groups of miners, hence centralization. The problem becomes worse if we increase
the transaction rate (since it means data is getting into the chain at a faster rate) (Kansal,
2018).

Expectation of growth

Bitcoin storage requirements will grow for two reasons. They are as follows:

• As the userbase grows, there are more transactions happening per second.
• Each transaction increases the size of the ledger and because it is append-only there is
always an upward trend in storage consumption (Davenport, 2018).

When compared to mutable where values are replaced, it can be seen that Bitcoin will be
impacted by ever-growing ledger size. There are potential options to control the ledger
size, but it is a growing concern that, in a few years, the size of these ledgers will grow
beyond the reasonable size of available disks (Davenport, 2018).

169
 Options for Improvement

Blockchain storage solutions

Decentralized file storage, such as Storj, is an option that uses encryption, file sharding,
and a blockchain-based hash table to store files on a peer-to-peer network. Storj breaks
apart files and distributes them across specialized nodes so that they are stored economi-
cally. Signatures are returned that identify the files on the network (Garner, 2018b). It is
these unique signatures that would be stored to a blockchain. When the need arises to
retrieve a file, the signature is retrieved from the blockchain and submitted to the storage
system which then unlocks and retrieves the requested file. In summary, the blockchain is
storing the signature, not the entire transaction (May, 2018).

Pruning

Pruning is the process of removing non-critical blockchain information from local data
storage. Full nodes keep an entire copy of everything that is stored on the blockchain,
while pruned nodes can remove non-critical blockchain information to have a lighter foot-
print.

For Bitcoin, pruning is discussed in the context of intermediary transactions. For example,
if person A sends person B 1BTC and person B sends that to person C, the initial payment
from person A to person B is considered an intermediary transaction and has less impor-
tance. Full nodes would have both transactions while pruned nodes would only have the
second transaction. Pruning has to be assessed as an option that does not compromise
existing functionality.

Sharding

Sharding breaks data into manageable chunks distributed across different nodes. The
blockchain process can be partitioned across multiple nodes to enable a parallel execu-
tion model that increases performance and reduces the amount of data that each node
processes and stores. After the data is partitioned into multiple shards, each shard is dis-
tributed across multiple nodes. For example, if a blockchain network supports 1,000
nodes, the data might be partitioned into 10 shards, with each shard assigned to 100
nodes. In this way, each node processes and stores only one-tenth of the data, but the
data is still verified across 100 nodes (Sheldon, 2019). How shards communicate with each
other and arrive at a consensus is an active area of research (Kansal, 2018).

Spare capacity

Swarm networks can provide a long term data solution for blockchain. Businesses and
individuals could use their excess data storage as storage nodes by keeping the data in
shards or fragments, with one node never holding all the information. For this reason,
swarm networks are much more secure than cloud networks that rely on centralized
server farms. Each computer in the network would be encrypted in different ways, mean-
ing that a successful attack would be virtually impossible. The data being stored could
only be pieced together by a keyholder after a lot of work (Bains, 2018).

170
A data storage network of thousands of computers spread out across the world could also
improve performance. When someone wants to access their data from the swarm it comes
from the closest nodes, and when that data is retrieved from several swarms at once, it
comes in parallel (Bains, 2018).

7.3 Cyber-Currencies in the Darknet

Using Cryptocurrencies on the Darknet

Digital currencies allow criminal actors to buy and sell illegal goods and services through
the black markets of the darknet (or darkweb), ranging from weapons to people, narcot-
ics, illegal pornography, organs, and hitmen for hire. Digital currencies also create oppor-
tunities for cyber-criminals to hack digital exchanges and e-wallets for purposes of finan-
cial fraud and identity theft, a major tactic adopted by North Korea (Fruth, 2018).
Cryptocurrencies provide a way for terrorist organizations and criminal syndicates to laun-
der and relocate wealth across the globe quickly, easily, and privately, potentially even
replacing bulk-cash smuggling (Fruth, 2018).

Bad actors are turning to money laundering or crypto-cleansing for two reasons. First, dig-
ital currency is the easiest, quickest, and most private way to launder money globally,
largely due to anonymous privacy coins (Fruth, 2018). Privacy coins use a number of differ-
ent techniques that give its users a truly anonymous and private means of exchanging
value. Although Bitcoin is referred to as having these capabilities, the Bitcoin blockchain is
inherently public, and if a wallet address can be linked to a user, all transaction history for
the user becomes public (Fenech, 2019). Second, there is no global standard for regulating
digital currency exchanges, with many lacking risk, sanctions-screening, and anti-money
laundering (AML) programs (Fruth, 2018).

Bitcoin has become less popular in the darknet marketplaces, whereas Litecoin and Dash
are becoming more popular. This is because Litecoin has low transaction fees and quicker
fund transfer, while Dash assures instant payments (Makadiya, 2018).

Illegal Activities on the Darknet

Transactional data on blockchain is not directly linked to names, addresses, or other iden-
tifying information. This makes digital currencies anonymous to a certain degree and com-
plicates efforts by law enforcement agencies to identify individual transactions and link
them to users (Malik, 2018).

A study found that illegal activity accounts for a substantial proportion of the users and
trading activity in bitcoin. For example, approximately one-quarter of all users (25%) and
close to one-half of bitcoin transactions (44%) are associated with illegal activity. The esti-
mated 24 million Bitcoin market participants that use bitcoin primarily for illegal purposes
(as of April 2017) annually conduct around 36 million transactions, with a value of around
$72 billion, and collectively hold around $8 billion worth of bitcoin. In effect, cryptocurren-

171
 cies are facilitating a transformation of the black market much like PayPal and other
online payment mechanisms revolutionized the retail industry through online shopping
(Foley et al., 2018).

Named after the network of trade routes that connected the East and the West and
launched in 2011, the Silk Road website was created by Ross Ulbricht as a free-market eco-
nomic experiment that focused on user anonymity. Silk Road used Bitcoin for currency
and they also used Tor, a network of computers that makes it impossible to trace by rout-
ing internet traffic through servers by anonymizing IP addresses. Ulbricht believed that
people should have the right to buy and sell whatever they wanted so long as they weren’t
hurting anyone else. Counterfeits, weapons, and anything that could be used to defraud
or harm others was prohibited. Soon, Silk Road became a drug marketplace. After two
years of growth, Silk Road was targeted by a denial of service attack, ransomware, and
other hacks. Ulbricht was involved in contracting hit men, hiding his identity, and more. In
2013, Silk Road was shut down with the indictment of Ulbricht on charges of narcotics
conspiracy, money laundering, and solicitation of murder for hire. Ulbricht was sentenced
to life in prison without the possibility of parole.

Drug trafficking

Professor Talis Putnins, co-author of the University of Technology Sydney report on cryp-
tocurrency and illegal drugs stated that

Cryptocurrencies have fundamentally transformed the way illegal drugs are bought and
sold, shifting much of the activity from a cash-based, physical ‘on the street’ market to an
online marketplace. The online illegal drugs trade needed two fundamental things to take
off. One is an anonymous communications platform, which was provided by the darknet
and underpinned by TOR (an anonymous communications protocol). And the second
important piece was an anonymous or private way of making digital payments that was
difficult to trace by authorities. That is the role that cryptocurrencies have played. Thus,
they are an integral part of the online drugs trade. (as cited in Birch, 2019, Where...? sec-
tion, para. 3)

On the other hand, Europol spokesperson Jan Op Gen Oorth expressed the opinion that
the transparent nature of cryptocurrency renders transactions easier to trace compared to
those involving cash as “payment for drugs using cryptocurrencies naturally makes more
sense when compared to, for example, bank transfers. On the other hand, most cryptocur-
rency transactions are far better traceable due to their inherently transparent nature than
cash” (as cited in Birch, 2019, Where...? section, para. 5).

Over the last six years, there have been notable data points concerning the purchasing of
drugs using cryptocurrencies. There has been a year-on-year increase in the percentage of
surveyed participants obtaining drugs on the darknet. In a survey, 30 percent of respond-
ents claimed that the range of drugs they use has increased, and a further 5 percent
reported that they had never tried drugs before accessing them via the darknet (Birch,
2019). These data points demonstrate that enabling the drug trade with technology has
broadened the drug trade in multiple dimensions.

172
An interesting challenge stated by Tom Robinson, co-founder and chief scientist at block-
chain analytics firm Elliptic, is that the benefits of anonymity for drug dealers can be lim-
ited by the ability to cash out their crypto profits. As stated by Tom Robinson, “the chal-
lenge for drugs traffickers is how to cash-out the proceeds of their sales. Most
cryptocurrency exchanges make use of cryptocurrency transaction monitoring tools such
as Elliptic's, which use blockchain analysis to determine whether funds are coming from
sources such as dark markets” (as cited in Birch, 2019, How...? section, para. 3).

Based on research conducted by Soska and Christin, amphetamines (MDMA) and mari-
juana each account for about 25 percent of sales on the dark web. Weapons are so uncom-
mon that they were lumped into the “miscellaneous” category, along with drug parapher-
nalia, electronics, tobacco, Viagra, and steroids. Together those account for a very small
percentage of sales.

Figure 33: Fraction of Sales Per Item Category

Source: Soska & Christin, 2015.

173
 Weapons and crime

In addition to Bitcoin being used for the purchasing of illegal drugs, it was also believed
that Bitcoin, especially when it came to Silk Road, also enabled purchasing weapons and
the services of hitmen. Nicolas Christin, assistant research professor of electrical and com-
puter engineering at Carnegie Mellon University, is one of the researchers behind a recent
deep-dive analysis of sales on 35 marketplaces from 2013 to early 2015. He stated that
“weapons represent a very small portion of the overall trade on anonymous marketplaces.
There is some trade, but it is pretty much negligible” (as cited in Pollock, 2018b, What...?
section, para. 4).

Money laundering — how it works

The following example presented by Fruth (2018) illustrates the general methodology for
laundering illicit funds through digital currencies.

Phase 1: Fiat currency to primary digital currency (bank to basic digital exchange).

A global crime syndicate attempting to cleanse illicit U.S. dollars can enter crypto currency
markets in two ways: Either through purchase of digital currency from a basic digital
exchange via the syndicate’s bank account, or by cash or debit card at one of over 1,600
U.S.-based digital currency ATMs. Basic digital exchanges are generally preferred, as bit-
coin ATM companies are regulated as money service businesses (MSBs), which requires
that they maintain anti-money laundering (AML) programs.

As a result, most launderers open online accounts with basic digital currency exchanges,
such as Coinbase, Gemini, Bitstamp, or Kraken, which accept fiat currency from traditional
bank accounts.

For additional online privacy, launderers may adopt pseudonyms through encrypted
email services (e.g. ProtonMail or Hushmail), set up anonymous e-wallets (e.g. Jaxx,
Samourai, or BitLox), and run logless virtual private networks (VPNs) (e.g. Mullvad or
Windscribe), all via an encrypted, blockchain-optimized smartphone.

Account-opening typically requires detailed personal information for account verification.

Launderers may use “straw men,” or money laundering intermediaries, with clean records,
corroborated employment, and a direct deposit to provide an additional layer of separa-
tion. They can also purchase fully verified accounts from willing participants on social
media forums such as Reddit.

Once verified, the digital exchange account can receive fiat currency deposits through wire
transfers, automated clearing house (ACH) transfers, by bank account, or credit/debit card
number. The funds can then be used to directly purchase stake in a “primary coin,” such as
Bitcoin, Ethereum, or Litecoin.

174
These primary coins can be used as an intermediary between fiat currency and alternate
digital currencies, or “alt-coins.” Alt-coins can only be purchased on advanced exchanges
using primary coins (not with fiat currency). Many classes of alt-coin exist, each with
unique purposes. Among these are centralized and decentralized currencies, lightning fast
payment-oriented coins, and privacy coins.

While traditional decentralized blockchain coins, like bitcoin and Ethereum, maintain a
detailed transaction audit trail, some alt-coins do not maintain a ledger of this informa-
tion. These node-to-node (N2N) privacy coins encrypt transaction details so that only
transacting parties can see them, using privacy features such as “homomorphic encryp-
tion,” which allows for the data calculations needed to facilitate a transaction without the
need to first decrypt the data; and “proof cryptography,” which verifies the transaction
without revealing the details.

Phase 2: Bitcoin mixing — primary coins (basic exchange) to privacy alt-coins (advanced
exchange).

Assume the launderer purchased bitcoin with U.S. dollars on the basic Coinbase
exchange. The resulting bitcoin ownership would be represented in a bitcoin digital wal-
let, which has its own unique and traceable digital address, as well as a unique QR code.

In order to obfuscate the primary coin’s audit trail, launderers use a tactic known as “mix-
ing” or “tumbling.” Mixing services, such as Bitmixer or Helix, perform primary coin
address swaps against temporary digital wallet addresses in an attempt to fool the block-
chain and break audit traceability. Some advanced exchanges, like ShapeShift, which
require no login or verification, may be used as an alternative mixing method. ShapeShift,
which operates only through sending and receiving wallet addresses, allows for a backup
address to be used if a transaction fails. Launderers intentionally use false receiving
addresses in order to re-route transactions to the backup address, thereby breaking the
audit ledger.

The next step is to transfer the mixed bitcoin holdings to an advanced digital exchange,
such as Bittrex or Binance, for the purpose of acquiring privacy coins. The transfer process
between exchanges can take hours with bitcoin, while Litecoin and Ethereum generally
process in minutes.

Once the launderer’s bitcoin arrives in the advanced digital exchange bitcoin wallet, they
can then trade bitcoin for a privacy coin, such as Zcash, Verge, Monero, Dash, and Desire.
Desire uniquely provides its own mixing service within the blockchain itself.

Phase 3: Layering through multiple privacy coins, exchanges, and digital addresses.

The money laundering layering process involves a series of money movement tactics
designed to provide anonymity to the illicit source of funds. Upon purchasing privacy
coins on an advanced exchange, money launderers can easily and anonymously layer
funds between various digital currency exchanges, privacy coins, and crypto wallets that
can belong to anyone. After several layers, money launderers can sever the audit trail,
effectively cleansing illicit funds for integration back into the traditional financial system.

175
 Having severed the audit trail in phases 1 through 3, the launderer now has several
options for withdrawing the cleansed funds from the digital currency world.

Phase 4: “Bust-out” integration.

Privacy coin holdings can be re-exchanged for primary coins, which can then be transfer-
red back to a basic currency exchange where funds may be withdrawn to a connected
bank account.

If the launderer deems reintegration into retail bank accounts too risky, they can transition
funds into real estate, citing the legal, expected desire to avoid capital gains taxes.

However, the most secure way to transition funds for integration is to transfer digital hold-
ings to a portable hardware crypto wallet. These flash drive-sized devices provide couriers
with the means to avoid risky bulk cash smuggling by transporting funds covertly. In fact,
a courier can accomplish the same task with a printout of the digital address or QR code.
Laundering cells may further limit access to funds throughout their logistical network by
requiring an elaborate passphrase known only to the sender and desired recipient.

As such, a sanctions evasion/currency cleansing operation could clean $10 million per 10
people per week like this:

• $10 million dollars is spread out across 10 straw man intermediaries, each responsible
for cleansing $1 million.
• Each straw man maintains a stake in 10 transferrable digital currencies, allowing their
$1 million to be segmented into $100,000 increments.
• In addition, each straw man maintains wallet addresses for each digital currency with
10 separate exchanges, reducing segmentation to $10,000 increments.
• Each straw man then withdraw 2 separate transactions of $5,000 to their accounts with
10 different financial institutions.

Conversely, phases 1 through 3 could utilize similar straw-man tactics on the deposit end.

Addressing the Problem

Government authorities have to be involved in enacting laws to reduce drug trafficking,

money laundering, and other criminal uses of cryptocurrencies. The more decentralized
the network is and the more technology advances together with the worldwide spread of
the bad actors and the network of computer systems, the more difficult it will be to keep
pace with, or get in front of, the bad actors.

In 2017, the United States Government proposed that the Department of Homeland Secur-
ity should study the link between bitcoin and terrorism because the anonymity offered by
digital currencies provides terrorists with the privacy they seek. Her Majesty's Treasury in
the United Kingdom has also sought to increase regulation by requiring digital currency
exchange users to disclose their identities (Malik, 2018).

176
In June 2019, the Financial Action Task Force (FATF), a coalition of countries from the
United States to China and bodies such as the European Commission, told countries to
tighten oversight of cryptocurrency exchanges to stop digital coins being used for money
laundering. Countries will be compelled to register and supervise cryptocurrency-related
firms and will have to carry out detailed checks on customers and report suspicious trans-
actions. Although the participants are in agreement that something needs to be done and
that this is a good first step, Teana Baker-Taylor, executive director of Global Digital
Finance, an industry body that represents crypto-related companies worldwide, stated
“we are obviously going to comply. The challenge is asking for something that there is the
technical facility to do” (O’Donnell & Wilson, 2019).

Prosecutions

In 2014, the FBI seized 27 darknet sites during Operation Onymous, a joint effort from the
FBI and the European Union Intelligence Agency Europol to stamp out illicit markets. In
2019, darknet markets are still selling illegal drugs that can be purchased with cryptocur-
rency, but U.S. law enforcement continues to take a hardline approach, arresting a couple
in California for selling drugs on the darknet in exchange for Bitcoin and Bitcoin Cash
(BCH) (Birch, 2019).

European and American investigators have broken up one of the world’s largest online
criminal trafficking operations in a series of raids in the United States and Germany. Three
German men, ages 31, 22, and 29, were arrested after the raids in three southern states on
allegations they operated the so-called “Wall Street Market” darknet platform, which
hosted approximately 5,400 sellers and 1.15 million customer accounts. The men face
drug charges in Germany on allegations they administrated the platform where cocaine,
heroin, and other drugs, as well as forged documents and other illegal materials, were
sold. They have also been charged in the United States, said Ryan White, a prosecutor with
the US Attorney’s Office in Los Angeles, who traveled to Germany for the announcement
along with FBI and DEA agents (Associated Press, 2019).

Value of Acting Like a Criminal… But Not Being a Criminal

There are valid reasons to use blockchain platforms legally with the desire or need to
remain anonymous.

The simplest reason is that many people who understand technology want to increase
their privacy level and reduce the likelihood of being a hacker's target.

More complicated are the millions of people around the globe that are not accepted in
their societies for reasons out of their control. Pseudonyms are used by women who speak
up for their rights, atheists born into religious societies, and people critical of their govern-
ments who speak their minds, empower their causes, and encourage those around them
to do the same. Technology allows and empowers them to be leaders in social change and
to connect with like-minded individuals in a community. They need to pay for products
and services. Without the ability to pay for these services anonymously, they would be
forced to reveal their true identity. This is a situation which clearly makes no sense, and
one with potentially dangerous ramifications (ExpressVPN, 2020).

177
 There are many positive reasons for a private and secure banking system like Bitcoin.
Workers’ rights group could, for example, raise funds with Bitcoin. The money could be
used for servers, flyers, or remote helpers without tying any transaction to the real identi-
ties of the volunteers (ExpressVPN, 2020).

7.4 ICO Fraud

A new type of investment, called initial coin offerings (ICO), further illustrates why block-
chain-based activity still requires trust. Since 2017, blockchain-based startups have raised
more than $20B by selling cryptocurrency tokens to supporters around the world. While
there were a few good investments, a large percentage of those companies were frauds.
Blockchain implementations do not require the same disclosures as that of traditional
securities (Werbach, 2019).

How ICOs Work

Companies and individuals are increasingly using initial coin offerings (ICOs) as a way to
raise capital to participate in investment opportunities. While these digital assets and the
technology behind them may present a new and efficient means for carrying out financial
transactions, they also bring increased risk of fraud and manipulation because the mar-
kets for these assets are less regulated than traditional capital markets (U.S. Securities
and Exchange Comission, n.d.).

Compared to initial public offerings (IPOs), which are used by corporations to raise capital
for growth, the shares of company stock are offered for purchase in a more traditional
manner. Similar to crowdfunding, the ICO projects generally offer their own brand of
tokens in exchange for popular cryptocurrencies such as Bitcoin (BTC) or Ethereum (ETH).
Besides the difference of tokens rather than shares, IPOs are protected by financial author-
ities who ensure that conditions and particular legal standards are met by companies
offering shares. However, ICOs are not protected by the same rules, and investment may
not be recoverable when a fake project vanishes, taking investor funds with it (Osborne,
2018).

There are many legitimate blockchain projects that launch an ICO due to a real dedication
to their goals and a true need to raise funds. However, many ICOs have resulted in a theft
of funds and exit scams. Like many angel investments in startups, ICOs are a risk which
may later offer good returns, leading many to invest in the blockchain space (Osborne,
2018).

Examples of Failed ICOs

In Canada, authorities have seized luxury cars and frozen bank accounts owned by the
ringleaders of FUEL, an allegedly fraudulent $22-million initial coin offering (ICO) from
2017. Court documents claim “blockchain services company” Vanbex raised $22 million
(CAD$30 million) in cryptocurrency and fiat with absolutely no intention to develop the
FUEL token. Instead, founders Kevin Hobbs and Lisa Cheng used the money to fund a lav-

178
ish lifestyle, which included the purchase of two new Land Rovers, a $3 million (CAD$4
million) Vancouver condominium, as well as the leasing of a Lamborghini Aventador S.
Vanbex is said to have sold its FUEL tokens on the basis it would be integrated with a new
platform for smart contracts called “Etherparty.” Hobbs, Cheng, and Vanbex marketed the
ICO by promising that FUEL’s value would dramatically increase once Etherparty was
deployed. The FUEL token was, in substance, treated like security while avoiding the pro-
tections of securities regulation that would ordinarily protect investors (Cannellis, 2018).

In Vietnam, the Pincoin ICO exit scam occurred in April 2018 in a Ponzi scheme devised by
the team behind Modern Tech. In the first ICO, the firm promised investors constant finan-
cial returns before launching another token in the form of the iFan. Proceeds from the sec-
ond ICO were used to pay Pincoin investors, before the ICO team disappeared with $660
million belonging to about 32,000 investors (Asia Blockchain Review, 2019).

Potential and Advice for ICO Investments

Those who wish to invest in ICOs, either to truly support the growth of the business and/or
as an investment opportunity, are given the following words of caution.

Get to know the team: The cryptocurrency and blockchain domains are dominated by
major names, those who have been successful developers. It is becoming increasingly
common for scammers to invent fake founders and biographies for their projects (Reiff,
2019b). Know who you are dealing with.

Read the whitepaper: An ICO whitepaper is the baseline document for the project. It
should provide the background, goals, strategy, concerns, and roadmap for implementa-
tion of the project. Read the paper thoroughly, ensure that it is consistent, and well
thought out.

Watch the token sale: AN ICO will make the progress of the token sale (funding) easy for
potential investors to view. Watch the token sale over time to see how it is progressing. If
this transparency is not available, then consider this a red flag (Reiff, 2019b).

Feasibility: Determine the feasibility of the project. Determine whether the interim goals
are achievable.

Exercise caution: ICOs are speculative investing which is always tempting enough to draw
seasoned investors and beginners into risky areas. Be aware that projects that sound too
good to be true likely are (Reiff, 2019b).

SUMMARY
Blockchain, and specifically Bitcoin, have a somewhat checkered his-
tory. Although the intention of Bitcoin was defined by Nakamoto, it is
likely that he did not predict the illegal activities that would take place
on the platform, nor the technologies that further enable them. Whether

179
 a trade of coin for drugs, illegal goods, money laundering, or raising of
funds with no intention to deliver, Bitcoin has presented the govern-
ment and other agencies with the challenge to provide regulation with-
out breaking the primary principle of decentralization as defined by
Nakamoto a decade ago.

180
 UNIT 8
LEGAL ASPECTS

STUDY GOALS

On completion of this unit, you will have learned …

– the difference between physical contracts, blockchain-based smart contracts, and the
regulatory concerns for smart contracts.
– the comparison of cryptocurrencies with fiat currencies and considerations for world-
wide regulation of cryptocurrencies.
– how ICOs are the IPOs for the blockchain environment, their purpose, and the bounda-
ries being considered by countries to protect investors and control activities of the ICO.
– considerations for data protection and security in a decentralized blockchain environ-
ment compared to that of a centralized data environment.
 8. LEGAL ASPECTS

Introduction
Blockchain technologies present many opportunities for the next generation of web-
based applications. Blockchain leverages a number of previously-known technologies to
create an ecosystem that was designed to be decentralized and self-governing.

There are a number of legal issues that must be addressed so that consumers and govern-
ment alike can be confident in the technology and allow it to prosper.

The legal concerns of smart contracts and the regulations enacted by various countries
will be discussed in this unit. Are smart contracts enforceable? If so, under what jurisdic-
tion?

Cryptocurrencies, the foundation of blockchain, will be compared to fiat currencies.

Should cryptocurrencies be regulated and to what level? What are the pros and cons of
strict regulations?

Initial coin offerings (ICOs), the IPOs of blockchain, are the means by which new projects
are funded. How can investors be protected? How can the ICOs be regulated to stop the
funding of illegal activities on the blockchain?

Finally, how do data privacy regulations differ in centralized versus decentralized environ-
ments and how can they be implemented in blockchain?

8.1 DLT and Smart Contracts as Legal

Contracts
Smart contracts are based on blockchain and consist of code which is automatically exe-
cuted upon specified criteria being met. The code is the essence of the smart contract.
Execution of smart contracts over the blockchain network eliminates the need for inter-
mediary parties to confirm the transaction, leading to self-executing contractual provi-
sions. The benefits of smart contracts are the cost and efficiency gains to be achieved.
Smart contracts raise significant legal questions in relation to applicable regulations, leav-
ing a sense of uncertainty concerning their legal enforceability (McKinlay et al., 2018).

In the classic textbook “Code Complete” by Steve McConnell, it is stated that there are typ-
ically 15—50 errors per 1000 lines of traditional code, whereas in the blockchain world, the
National University of Singapore found that almost half of Ethereum smart contracts have
errors (bugs) in them (Morris, 2019). How can a smart contract user be assured that the
contract will function as described?

182
What Needs Regulation — Service Levels and Performance

As a decentralized technology, the services conducted on a public blockchain environ-

ment, whether for the processing of transactions or the use of a smart contract, are gener-
ally provided as they are. Xu et al. (2019) state that “there are no guarantees or defined
service-level agreements (SLAs) provided by public blockchains” (p. 86).

An unknown level of service may be acceptable for individuals conducting transactions

that are not time-sensitive. McKinlay et al. (2018) proposes that for “users who are utilis-
ing the service as part of their business, this is unlikely to be an acceptable proposal. The
balance of performance risk will therefore be a key issue.”

Together with timeliness, the accuracy of processing must also be considered. A malfunc-
tioning blockchain service may not only affect those directly participating, but also those
who might be affected by the incorrect processing of the transaction. McKinlay et al.
(2018) pose the scenario of stock trades not settled or settled incorrectly. Consideration
needs to be given not just at the vendor-customer level, but between all relevant partici-
pants, in particular the parties (perhaps counter-parties for a trade) affected by the failure.

The question is not only whether smart contracts are subject to the law, but also to which
law they are subject. Which law regulates the effective formation of a smart contract?
Which law determines whether a particular contractual term is fair (Rühl, 2019)?

Jurisdiction of Regulations

Blockchain environments spread across national and international borders, since nodes
can be anywhere in the world. As physical contracts are typically written to be subject to
the laws of a specific jurisdiction, blockchain smart contracts and the transactions they
generate present complicated jurisdictional issues.

It may be difficult to identify the appropriate set of rules to apply (McKinlay et al., 2018).
The participants in the transactions, as well as each node in the network which is process-
ing and/or storing the data, are all involved and could be subject to compliance in a large
number of jurisdictions.

The inclusion of an exclusive governing law and jurisdiction clause in the smart contract is
therefore essential and should ensure that a customer has legal certainty concerning the
law that will be applied to determine the rights and obligations of the parties to the agree-
ment, and which courts will handle any disputes if they should arise (McKinlay et al.,
2018).

Country-Specific Regulations

United States

Regulatory and legislative activities in the United States have thusfar concentrated on
crypto assets. While Congress has not taken steps to legislate blockchain technology, state
lawmakers in a half dozen states have passed a variety of laws and empowered state regu-

183
 lation of blockchain technologies. The federal laws and regulations, coupled with
unharmonized state laws and regulations, create a highly complex environment in the
United States for the consistency of functioning smart contracts (Baumert et al., 2019).

European Union

The EU has been active in addressing the use of blockchain capabilities. For instance, in
2018, the European Commission (EC) launched the EU Blockchain Observatory and
Forum, a multilevel platform for discussion about blockchain’s developments, impacts,
and regulatory challenges. Another step was taken in April 2018 when a group of member
states established the European Blockchain Partnership (EBP) and the European Block-
chain Services Infrastructure (EBSI), which are initiatives that aim to support the delivery
of cross-border digital public services. The EBP continues to grow, with Hungary joining in
February 2019 and becoming the group’s 29th member (Baumert et al., 2019).

In the EU, agreements that are entered with consumers through smart contracts need to
comply with the applicable consumer protection laws. Market participants are obliged to
clearly define the material terms and conditions of the underlying transactions and make
them available to their consumers. EU consumers need to be informed of the automatic
and non-reversible nature of transactions executed through smart contracts (Baumert et
al., 2019).

To create a legally binding contract in the EU, two parties must reach consensus expressed
in two consistent statements of will. If parties use a smart contract in a manner sufficient
to express one’s will, such a smart contract may be recognized as a legally binding con-
tract. However, numerous statutes require additional forms of reaching and expressing
consensus. In such cases, executing a smart contract on blockchain may not be sufficient
to create a legally binding agreement (Baumert et al., 2019).

Common to the US and EU

The Chamber of Digital Commerce, which claims to be the world’s leading trade associa-
tion representing the digital asset and blockchain industry, believes that no new laws are
necessary in the United States and EU because the existing federal framework already
“supports the formation and enforceability of smart contracts under state law” (as cited in
Baumert et al., 2019, Smart Contracts section, para. 2). Particularly, the framework ena-
bles that the Electronic Signatures in Global and National Commerce Act (ESIGN Act) and
the Uniform Electronic Transaction Act (UETA) “provide sufficient legal basis for smart
contracts executing terms of a legal contract” (as cited in Baumert et al., 2019, Smart Con-
tracts section, para. 2).

Asia

Clarity in rules and regulations make Singapore a favorite destination for crypto-hobbyists
and traders. Singapore hosts over 40 percent of the smart contract platform projects that
were cryptocurrency startups in 2017—2018 (Parker, 2019).

184
Corporate Structure that Uses Smart Contracts — Decentralized Autonomous
Organizations

A decentralized autonomous organization (DAO) is a business that uses an interconnected

web of smart contracts to automate all its essential and non-essential processes. DAOs
have only one interest, and that is to protect the business itself. It requires no employees
or managers. Business functions are automated and executed in the form of a smart con-
tract (Liebkind, 2019c).

In the physical world, companies are legal institutions created to allow their constituent
individual human members to act collectively for the purpose of engaging in trade (i.e.,
transactions). They hold assets and liabilities that are ultimately owned and controlled by
their members. Those members (via the governance and management agents appointed
by them) are liable for both the financial and wider societal obligations arising from trans-
acting corporate business (Howell, 2019).

The question is: Can an autonomous firm be constituted without the involvement of
humans, and if so, how? Since there are no people directly involved, the liability of the
DAO and the DAO’s creators need to be considered.

Many in the justice system would describe the legal relationship between members of a
DAO and their investors as a general partnership, making every stakeholder of a DAO liable
for any legal actions that the DAO might face (OpenLaw, 2019).

OpenLaw DAO, a DAO itself, provides blockchain-based tools to build legal templates to
deploy “limited liability wrappers” for DAOs, to create a limited liability autonomous
organization (LAO). Under laws in the United States, a DAO would have to be structured as
a business entity, a limited liability company (LLC) (Kim, 2019). The LLC contracts will han-
dle mechanics concerning funding, voting, and allotment of collected funds. The organiza-
tion will limit LAO members’ liability. The LAO’s membership interests will be restricted
and available only to the qualifying parties that fit into the criteria of the accredited
investor for complying with United States law (Cook, 2019). DOrg LLC is the first legally
valid DAO under United States laws, licensed as a blockchain-based LLC firm. DOrg can
now participate in contractual agreements and provide liability protection (Boddy, 2019).

Ownership of Smart Contracts — Intellectual Property

Intellectual property (IP) positions need to be understood for smart contract software
written for purpose of blockchain transactions. Software vendors will likely want to capi-
talize on their investment and the commercial benefits generated from the usage of their
smart contracts. Possible IP options are no different than that of traditional software and
are likely to hinge on whether those specific requirements could give a smart contract cus-
tomer a competitive edge and/or whether that custom development can be used by the
blockchain developer with another customer or, conversely, by the customer with another
blockchain developer. Depending on the answer to these questions, a customer may insist
on ownership of such developments, and may be willing to license them for the term of

185
 the agreement (or perpetually if usable with other networks) or restrict the developer’s
ability to use such developments. This restriction could be time, use, or recipient based. It
could even be a combination of all three (McKinlay et al., 2018).

8.2 Cryptocurrencies as Legal Currencies

Fiat Currencies and Cryptocurrencies

Fiat money

Fiat currency came into existence in approximately 1000 AD in China and was originally
based on physical commodities such as gold. Fiat money is issued by the government and
regulated by a central authority, such as a central bank. Fiat money acts as legal tender
and is based on the credit of the economy. The fiat currencies, such as US Dollar, Pound or
Euro, obtain their value from the supply and demand in the market.

Fiat money has remained a means of payment recognized by law to meet a financial obli-
gation (legal tender) in most countries because they are stable and controlled. It is this
stability that also allows fiat money to be a means for storing value and enabling
exchange. Since fiat money is not linked to physical reserves such as a physical commod-
ity (for example, gold), and is instead based on the strength and credit of the issuing body
(government), there is a risk that fiat currencies could lose value due to inflation or
become worthless in the event of hyperinflation (Goyal, 2018).

Cryptocurrencies

A cryptocurrency is a digital or virtual currency that, as a medium of exchange, uses cryp-

tography technology to process, secure and verify transactions. Cryptocurrencies are not
controlled by a central authority. Anyone who can conduct an online transfer can acquire
and transfer cryptocurrency. Faster settlement times, lower transaction fees, and privacy
are the benefits of cryptocurrency-based transactions (Goyal, 2018). As compared to the
stability of fiat currency, since there is no central bank to change monetary policy, crypto-
currency eliminates the potential of the value being affected by the strength and credit of
the central government. However, in the ten year life span of Bitcoin, price fluctuations of
the Bitcoin cryptocurrency have spanned from $0.03 in 2009 to over $19,000 in late 2017 to
a value of approximately $8,600 in 2019 November.

Differences between fiat money and cryptocurrencies

Legality: Fiat money is legal tender in that it is often the official means of finalizing trans-
actions. Governments control fiat money supply and issue policies that affect their value.
Cryptocurrencies are digital assets that act as a medium of exchange that governments
have no control over. A central body does not control or influence their value.

Tangibility: Cryptocurrencies are virtual while fiat currencies exist as coins or notes.

186
Exchange: Cryptocurrency exchange is strictly digital, while fiat money can be exchanged
in digital and physical form.

Supply: Fiat money has an unlimited supply as central authorities do not have a cap on
the extent to which they can produce money. Cryptocurrencies, however, do have a cap.
For example, Bitcoin is capped at 21 million coins (Goyal, 2018).

Reasons for Regulation

Reasons to support the regulation of cryptocurrencies include:

• Controlling and reducing cryptocurrency use for illegal activities through the anonymity
characteristic of blockchain. As a result of the design of blockchain ecosystems, authori-
ties cannot track the users involved in these illegal activities.
• The broad swings in the value of cryptocurrencies have happened while other commod-
ities have been fairly stable. Regulating cryptocurrencies could stabilize values and end
extreme shifts (Sloan, 2018).
• The elements of blockchain technology provide an amount of self-regulation; however,
as has been described previously, thefts of cryptocurrencies have occurred. Regulation
may help reduce fears based on the lack of understanding of the intricacies of block-
chain technology including the mechanisms that protect from theft (Sloan, 2018).
• In the United States, cryptocurrencies are classified as an asset by the Internal Revenue
Service (IRS).
◦ If kept as an investment, capital gains and losses must be reported, resulting in a
higher taxation bracket.
◦ Some companies are using cryptocurrencies to evade taxes since cryptocurrencies
are not classified as money.
◦ Individuals are using cryptocurrencies as cash, making the cash transactions difficult
to track by the IRS (Sloan, 2018).
• Many trading firms and banks, including some of the world’s largest financial institu-
tions, are transacting with crypto-intermediaries. As a result, the financial system at
large is becoming increasingly exposed to failures in the crypto-markets (Funderburk,
2019).

Pros and cons of regulation

The arguments in favor of regulation are similar to those that oppose regulation.

Obie and Rasmussen (2018) state that without clear regulations, cryptocurrency innova-
tion in the United States is being hampered because

• potential investors delay making investment decisions because of uncertainty of valua-

tion,
• entrepreneurs that would leverage blockchain environments are cautious because of
fear of conducting activities against the law, and
• the country suffers as other countries have established rules that are more hospitable
to the use of cryptocurrencies.

187
 Avan-Nomayo (2019) argues that many of the regulatory measures can negatively impact
innovation in the industry and that strict regulations will cause a capital flight and brain
drain from nations that adopt them.

In addition, implementing regulations on blockchain environments has the likelihood of

increasing the cost of doing business on the blockchain.

What should be regulated

Cryptocurrency users conduct financial transactions that are validated and disseminated
by a network of computers on the currency platform. Intermediaries have emerged to fill
additional roles, such as storing users’ currency in virtual wallets or exchanging cryptocur-
rency into fiat currency and back. Funderburk (2019) asserts that the problem is that these
intermediaries are not subject to regulations barring fraud or misuse of funds.

Kuskowski (2018) insists that the crypto market must acknowledge that cryptocurrencies
should not be the primary focus of regulation, but that it should be the outcome of the
blockchain technology that is regulated. For example, if an individual uses blockchain to
exchange data or transfer shares, the regulatory focus must be on the data elements or
shares of those transaction rather than on the cryptocurrencies.

Self-Regulation

In the context of cryptocurrencies, self-regulation is the establishment of guidelines and a

code of conduct for market participants to operate within the ecosystem. The Interna-
tional Organization of Securities Commissions (IOSCO) has defined the characteristics of
transparency and accountability, contractual relationships, coordination, and information
sharing as the elements of self-regulation (Sharma, R., 2019).

It is hoped that self-regulation could help to temper some of the more stringent crypto
laws being enacted by several governments, paving the way to a healthy and sustainable
market, as well as to fuel long-term innovation. With guidelines that outline best practices,
customer trust can be established and maintained if those best practices are followed by
member organizations (Sharma, R., 2019).

Japan and South Korea have pioneered self-regulation in cryptocurrency exchanges. The
Japan Blockchain Association has 127 members with 35 crypto exchanges, while South
Korea has 25 members. CryptoUK is a formation of the UK’s seven largest crypto compa-
nies and has its own self-regulatory code of conduct (Sharma, R., 2019).

To date, most self-regulation efforts service local markets. OKEx, a Malta-based cryptocur-
rency exchange, is looking to form a global self-regulated organization (SRO) for crypto-
currency trading platforms. As a global SRO for crypto exchanges, the organization could
function like the World Federation of Exchanges in lobbying regulators across different
countries to come up with more favorable laws. Andy Cheung, head of operations at OKEx,
stated that “exchanges to grow and deliver impact is by joining together to develop practi-
ces and policies that will set a global standard and adapt to regional regulatory frame-
works” (as cited in Avan-Nomayo, 2019, Establishing section).

188
Country-Specific Cryptocurrency Regulations

One of the most critical legal considerations for any cryptocurrency investor has to do with
the manner in which central authorities view cryptocurrency holdings. In the United
States, the Internal Revenue Service (IRS) has defined cryptocurrencies as property, rather
than as proper currency. This means that individual investors are subject to capital gains
tax laws when it comes to reporting their cryptocurrency expenses and profits on their
annual tax returns, regardless of where they purchased digital coins. This aspect of the
cryptocurrency space adds layers of complexity for United States taxpayers which is fur-
ther exacerbated when holdings have been purchased on foreign exchanges as there are
additional reporting measures required for tax purposes (Reiff, 2019c).

The following map shows countries around the world in which cryptocurrencies are ban-
ned as well as those in which they are allowed.

Figure 34: Worldwide Legal Status of Cryptocurrencies

Source: Library of Congress, 2019.

The following map shows where tax laws, anti-money laundering/anti-terrorism financing
laws, or both, are enforced as part of cryptocurrency regulations around the world.

189
 Figure 35: Regulatory Framework for Cryptocurrencies

Source: Library of Congress, 2019.

The following map shows countries that have, or are issuing, national or regional crypto-
currencies.

190
Figure 36: Countries Issuing National/ Regional Cryptocurrencies

Source: Library of Congress, 2019.

Facebook Libra

Libra is Facebook’s blockchain-based cryptocurrency platform (and same-named cur-

rency) planned for a 2020 launch. According to the Facebook whitepaper, “Libra is a sim-
ple global currency and financial infrastructure that empowers billions of people.” Face-
book’s goal is to bring customers closer to businesses across the world in an improved
way that feels easier, stable, and more secure (as cited in Mitra, 2019a, What...? section,
para. 1).

Components of Libra

Libra has six features:

1. Built on a secure, scalable, and reliable blockchain.

191
 a) Libra will start as a permissioned blockchain with the goal of becoming permis-
sionless once it is able to handle the scale, stability, and security needed to sup-
port the volumes of people and transactions around the world
b) Blocks are not the core data structure. The data environment is described as a
“decentralized, programmable database.” The transactions in Libra will form a
sequence which will be stored in Merkle trees.
c) Like Ethereum, Libra will use a gas model (Mitra, 2019a).
2. Libra, the cryptocurrency, is a stablecoin backed by a reserve of assets, the Libra
Reserve. Stablecoins are cryptocurrencies which minimize the volatility of price by
pegging it to the value of assets, such as a cryptocurrency, fiat money, or to exchange-
traded commodities. In the case of Libra, the assets will be “a collection of low-volatil-
ity assets, such as bank deposits and short-term government securities in currencies
from stable and reputable central banks” ( as cited in Mitra, 2019b, Stablecoin Proper-
ties section).
3. Libra, the platform, is governed by the independent Libra Association. The Libra Asso-
ciation is an independent, not-for-profit membership organization, headquartered in
Geneva, Switzerland. It will have 100 members before launch and will assume final
decision-making (Mitra, 2019a). The two most important roles of the Libra Association
are as follows:
a) Manage the Libra reserve: Only the association can mint (when authorized resell-
ers have purchased coins from the association with fiat assets to back the new
coins) and burn (when authorized resellers sell Libra coin to the association in
exchange for the underlying assets) Libra currency (Mitra, 2019b).
b) Increase decentralization over time: Starting the transition within five years of its
launch, the network’s reliance on the founding members will decrease. The
founding members initially included companies such as EBay, Lyft, Mastercard,
PayPal, Spotify, Uber, Visa, Vodafone Group and 20 others (Mitra, 2019b). In Octo-
ber 2019, six companies, including eBay, Visa, Mastercard, and PayPal withdrew
from the association.
4. Libra uses the LibrBFT consensus mechanism. In LibraBFT, the nodes in charge of
block production are called “validators,” which make progress in rounds. Each round
has its own designated validator called a leader, which is responsible for proposing
new blocks and obtaining majority votes from the rest of the validators to get the
block approved (Mitra, 2019b).
5. Smart contract coding is done with the “Move” programming language. Move is a new
programming language with the priority to provide smart contracts with a high degree
of security (Mitra, 2019b).
6. Libra will use the Calibra digital wallet, built by a Facebook subsidiary, in addition to
other wallets.

Negative reactions

The concern with the concept of a blockchain platform implemented by Facebook is the
amount of data in totality that Facebook will have access to. Facebook has said that the
social media information on their social media platform and the financial data on their
blockchain platform will not be connected in any way. The plan for Libra is to profit from
advertising and not the sale of private data (Mearian, 2019a).

192
Jehan Chu, Co-founder of Social Alpha Foundation and Managing Partner at Kenetic,
believes that Libra can refresh the blockchain industry.

“While critics bemoan the centralized nature of Facebook’s crypto, I believe it is an enor-
mously positive driver that will accelerate crypto into mainstream consciousness and
adoption and provide further capital and opportunities for fully decentralized blockchains
like bitcoin and Ethereum and the startups that build on them” (as cited in Litsa, 2019,
Experts react section).

The negative reactions have been extensive.

Nouriel Roubini, an American economist, stated “It has nothing to do with blockchain.
Fully private, controlled, centralized, verified, and authorized by a small number of per-
missioned nodes. So what is crypto or blockchain about it? None” (as cited in Mitra, 2019b,
Negative Reactions section).

Sarah Jamie Lewis, an anonymity and privacy researcher, facetiously states “Can’t wait for
a cryptocurrency with the ethics of Uber, the censorship resistance of PayPal, and the cen-
tralization of Visa, all tied together under the proven privacy of Facebook” (as cited in
Mitra, 2019b, Negative Reactions section).

Representative Sherrod Brown, the leading Democrat on the United States Senate Bank-
ing Committee, said, “Facebook is already too big and too powerful, and it has used that
power to exploit users’ data without protecting their privacy. We cannot allow Facebook to
run a risky new cryptocurrency out of a Swiss bank account without oversight” (as cited in
Mitra, 2019b, Negative Reactions section).

In September 2019, French and German regulators promised to block Libra because it
believed it could threaten the Euro’s value and unlawfully privatize money. They also plan
to create their own national cryptocurrencies. At the meeting of G7 Finance Ministers and
Central Bank’s Governors in July 2019, the 19-country euro zone block indicated it is
united in pursuing a tough regulatory approach should Libra seek authorization to oper-
ate in Europe (Mearian, 2019b).

It is also believed that Libra could become the de facto central banking authority for a
developing country, or one in turmoil, like Venezuela. Felix Shipkevich, an attorney spe-
cializing in cryptocurrencies, stated “if you're Facebook and maintain ten percent of Vene-
zuela's local currency through Libra, you become a quasi-federal reserve for that system
[...] My first reaction to Libra was, 'Are you kidding me?' How are we just ten years after a
global Great Recession allowing a single company to be able to potentially control the fed-
eral reserve systems of developing countries?” (as cited in Mearian, 2019b, para. 24).

193
 8.3 Regulation of ICOs
An initial coin offering (ICO) is the exchange of funds for the promise of a digital token for
the future delivery, typically the development, of an application on which the token will
be useful. It is often the software developers that are issuing the ICO (Zuluaga, 2018). ICOs
are similar to initial public offerings (IPOs), where a company’s stock is given in exchange
for venture funding. Many new and established companies have begun exploring ICOs as
an alternative form of raising venture capital (Araya, 2018).

ICOs have presented challenges to three well-entrenched sectors: venture capital, public
finance, and entrepreneurship (Mougayar, 2018).

Need for Regulations

ICOs versus IPOs

The challenge with ICOs in many countries is that it gives the appearance of going around
the regulations that have been in place for IPOs. ICOs satisfy the need for a low amount of
seed funding without offering the due diligence, regulatory requirements, time, or fidu-
ciary permissions a traditional IPO would require (Reese, 2018). The result, however, has
been a high level of fraud. China claims that the possibility of scammers using ICOs to
defraud investors is the primary reason the nation moved to ban the creation or selling of
them in their country. Meanwhile, the United States Security and Exchange Commission
(SEC) has issued an alert indicating that companies may be engaging in schemes that arti-
ficially inflate the price of tokens through false and misleading positive statements in
order to then sell the tokens, which had been purchased at a low price, at a much higher
price (Reese, 2018).

Protecting investors

Regulators are concerned with the many risk factors to investors that are associated with
ICOs. Some of these are listed below.

• Unlike shareholders who have obtained stock in an IPO and can vote for or against
directors, ICO investors do not have any control over the ICO originators.
• A lack of mandatory disclosures for ICOs often results in irregular or no disclosures as
time passes, demonstrating a lack of transparency in the ICO.
• Originators can alter the smart contract to change ICO sales rules mid-course during an
ICO.
• ICO investors have no preemptive rights or other anti-dilution protections. If the ICO
originators decide to issue more tokens to additional investors, the investment by cur-
rent ICO investors may be diluted.
• Token holders typically do not receive a liquidity preference that would protect them in
the case of bankruptcy or termination of the platform in which they invested. In cases of
bankruptcy, token holders have no recourse after the debt holders and outside creditors
are satisfied with the liquidation value of the entity (Kaal, 2018).

194
Classification

There is an uncertainty among government regulators as to how to classify ICOs, which

causes uncertainty in how to govern and tax them (Araya, 2018). If the ICO relates to prop-
erty transfers to fiat currencies, these ICOs may be dealing with assets that fall into the
regulations required of securities (Reese, 2018).

The challenge for both regulators and entrepreneurs is that some of the tokens have a
dual nature: They’re both consumptive because they grant access to a technology service,
and, at the same time, provide an investment opportunity for investors. There is a gap in
the classification of tokens that have a strong utility and consumptive value because they
do not fully fit the definition of “investment contract” under the SEC’s Howey Test or its
international equivalents (Chester, 2018). The Howey Test determines that a transaction
represents an investment contract if someone invests their money in a common enter-
prise and is led to expect profit that is made by the efforts of a third party (Reiff, 2020a).

Funding illegal activities

Another key concern for regulators is eliminating the use of ICOs to fund blockchains that
enable the funding of illegal activities such as money-laundering and terrorism (Araya,
2018).

General Country Direction

Many countries are reviewing and proposing changes to regulations that will codify adher-
ence to anti-money laundering/know your customer (AML/KYC) practices into law for ICOs
and to require additional oversight, such as registrations and disclosure statements
(Reese, 2018).

Although some progress is being made, the complication is that the blockchain ecosystem
is worldwide, yet governments around the world hold widely divergent views on regula-
tion. Put simply, there are three positions held by countries.

1. Closed to ICOs, such as China

2. Open and strict, such as the United States
3. Open and liberal, such as Switzerland

In the open countries, the priority is to address the need for regulations, combatting fraud
and illegal activities, while enabling legitimate businesses to have a platform for growth
(Araya, 2018).

Regulations by Country

The following is a summary of regulations specific to ICOs by country.

195
 Table 9: Summary of Regulations by Country

Country Generalized Approach Details

EU Allowed/subject to ICOs are allowed, given that they are in adherence to

future regulations anti-money laundering/know your customer (AML/KYC)
policies and to required business regulations and
licenses, per the ICO’s business function.

Canada Allowed The Canadian Securities Administrators have ruled that

ICOs are securities, subject to regulations on a case-by-
case basis. The Canadian authorities have developed a
“regulatory sandbox” for the purpose of regulating fin-
tech projects that would not normally fit in the national
regulatory scheme, such as ICOs.

China Banned ICOs are banned for all businesses and individuals by
order of the People’s Bank of China. Chinese ICOs that
have completed their funding cycles have been
requested to refund any altcoins raised.

Estonia Allowed Estonia is currently considering starting its own ICO to

raise funds. However, the Eurozone rule on nation states
not having their own currencies continues to split opin-
ions about the possibility of this happening.

Germany Allowed Germany has no specific regulations for ICOs, but expects
ICOs to adhere to existing regulations, including those
encapsulated in the Banking Act, Investment Act, Securi-
ties Trading Act, Payment Services Supervision Act, and
Prospectus Acts.

Japan Allowed, subject to

future regulations

Russia Allowed, heavily regu-

lated

Switzerland Allowed, subject to Recent attempts to regulate ICOs have failed, but the
future regulations need to codify protections may reignite the regulation
efforts. The Swiss Financial Market Supervisory Authority
(FANMA) has started to examine ICOs for possible
breaches of securities laws, which may be the first signs
of a new wave of campaigning for regulatory oversight.
Regulations are not thought, however, to be able to stop
the current momentum to incorporate ICOs into Swiss
culture. Switzerland (FINMA) treats ICOs differently,
depending on the functionality of token (lending-utility/
supporting or donating/charity character of tokens) and
provides feedback on specific requests about ICOs on a
case-by-case basis. No regulations or investor protection
around ICOs have been officially announced.

UK Allowed, subject to Like most other nations, the UK has issued an investor
future regulations warning on the unregulated nature of ICOs. The Financial
Conduct Authority argues that even if the ICO is acting in
good faith, investors still stand a good chance of losing
their entire investment.

196
 Country Generalized Approach Details

US Allowed, but heavily ICO rules vary widely from state to state, from no regula-
regulated tions at all in some states to regulations requiring depos-
its that are equal to, or in excess of, all local transactions,
to regulations requiring a license for businesses to
engage in altcoin activities. On the federal level, there are
no current regulations banning ICOs specifically,
although ICOs are expected to be registered and licensed
the same as if they were not ICOs. This includes register-
ing with the SEC if the ICO is to sell or trade securities.
The SEC has recently found that some altcoins may be
securities, and as such, may be subject to the SEC’s ruling
in the future. Some SEC commissioners hold the position
that most ICOs are securities and should be treated as
such. ICOs are expected to adhere to AML/KYC practices.
Failure to adhere to these practices may leave an ICO
open to legal action or possible seizure.
The United States has also moved to recognize celebrity
endorsements of ICOs to be illegal unless all compensa-
tion involved is disclosed.

Source: Created on behalf of IU (2023)., based on Reese, 2018.

Risks of regulation

ICOs have democratized access to capital funding for small start-ups. Overregulation has
the potential to discourage risk-taking which could result in undermining this grass-roots
innovation. The birth of ICOs presents an opportunity for a different mechanism of regula-
tion that enables ICOs to successfully raise funds for growth while providing investors with
a reasonable expectation of protection and providing the general public with an assurance
of legal activities (Araya, 2018).

8.4 Data Protection/Privacy in

Blockchains
Data privacy is the capability to choose whether information is disclosed to others and to
determine how it is used. The highest degree of privacy of an element of information is
when an owner has complete control over the dissemination of the data and complete
control over its use for the life of the data (Snyder, 2019).

Data security includes the mechanisms used to insure the confidentiality, integrity, and
availability of information. The highest level of security would guarantee that information
is only disclosed to those who should access it, its integrity would be insured at all times,
and the information would be available to be used as defined by the owner (Snyder, 2019).

197
 Summary of Blockchain Data Concepts

As defined by the National Institute of Standards and Technology, “Blockchains are tam-
per evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e.,
without a central repository) and usually without a central authority (i.e., a bank, com-
pany, or government)” (Yaga et al., 2018).

Data on a blockchain has the characteristics described below.

Pseudonymous

Identity on the blockchain is pseudonymous as a user’s pseudonym is their public address

rather than standard identification data of name, address, phone number, etc. The com-
plicated public address masks the user’s identity. A user who uses the same public
address, however, makes it possible to link their transactional activity together. It is rec-
ommended that each transaction uses a new address to avoid the linkage of transactions
to a common owner.

Immutability

Blockchain boasts an immutable ledger, meaning that the blockchain demonstrates the
following:

• Tamper evidence: Each participant has the ability to detect non-consensual changes to
transactions.
• Tamper resistant: Enforces barriers to resist changes to historical transactions.

Challenges

Data privacy and confidentiality are not met because each node has access to the block-
chain transaction data, the blockchain is publicly available, and every transaction can be
traced to the genesis block. The public availability of the blockchain and the pseudonym-
ity of the transactions results in minimal privacy protection (Snyder, 2019). Many concerns
are raised, including the following:

• What are the roles and responsibilities of each of the parties?

◦ Who is the person or agency that determines the purposes and means of processing
of personal data (data controller) on the blockchain?
◦ Who is the person or agency that processes personal data on behalf of the controller
(data processors) on the blockchain?
• How can privacy compliance principles, such as the principle of data minimization, be
complied with?
• How can privacy rights, such as the right to be forgotten, be enforced?
• What data recorded on a blockchain is considered personal data (Coraggio, 2019)?

198
The integrity of blockchain data is questionable. Certainly the transaction was valid when
it was processed, however, integrity must also consider the validity of the transaction
itself. This means protection against fraudulent or mistaken transactions, as well as pre-
venting inadvertent loss. Immutability provides no defense against fraud or mistake
(Snyder, 2019).

GDPR

GDPR is EU’s General Data Protection Regulation and is applicable in all member states.
The GDPR applies only to personal data.

GDPR definitions

To better understand the regulations as specified in the GDPR, it is necessary to have a

baseline of definitions.

Personal data is defined as any information relating directly or indirectly to a living natural
person, whether it actually identifies them or makes them identifiable (Maxwell & Salmon,
2018).

Processing is any operation or set of operations performed upon personal data, for exam-
ple, the collection, recording, organization, structuring, storage, adaptation, and/or altera-
tion of data (Maxwell & Salmon, 2018).

The data controller is the person or entity that determines the purposes for which, and the
manner in which, personal data is processed (Maxwell & Salmon, 2018).

The data processor is the person or entity that processes personal data, carrying out proc-
essing based on the instructions of the data controller (Maxwell & Salmon, 2018).

GDPR details

The GDPR applies to all personal data held about citizens of the EU, wherever in the world
that data is stored. Individuals have the right to see the data that companies capture
about them and the right to request deletion of personal data under certain circumstances
(Emmadi & Narumanchi, 2019).

GDPR’s privacy by design principle means data protection needs to be through technology
design. Systems used to capture and store personal data must be built to ensure the pri-
vacy of the people whose data they process. This requirement applies to blockchains as it
does to all other business systems (Emmadi & Narumanchi, 2019).

GDPR requires that data collected on individuals must be relevant to the purpose being
collected and cannot be stored for longer than necessary. The emphasis under GDPR is
data minimization, in terms of both of the volume of data stored on individuals and the
length for which it is retained. Article 5 (3) of the GDPR states that personal data shall only
be kept for the purposes for which it is being processed (McElhill, 2017).

199
 GDPR and blockchain data challenges

GDPR requires every organization that handles personal data to identify a data controller
who is accountable for compliance with the GDPR. Potentially every node in a blockchain
ecosystem that holds data of EU citizens is a data controller and is responsible for compli-
ance with the regulation (Emmadi & Narumanchi, 2019).

While pseudonymization may help obfuscate data, it does not render the subject data
nonpersonal. Because GDPR applies to personal data that might be linked, directly or indi-
rectly, with the individual, the features of blockchain may prove insufficient due to the risk
of reidentification (Cutler et al., 2019).

The immutable characteristic of blockchain presents challenges when posed with the indi-
vidual’s right to erasure and correction requests. Technically, the ability to provide a per-
petual erasure of blocks in a blockchain is contrary to the design of the blockchain. Era-
sure of one block would break the hash computations that are brought forward through
all following blocks while modification to one block would require a re-computation of all
following blocks.

Methods to delete data from a blockchain are not available, but this may change. Franks
(2019) posed several solutions to this dilemma.

1. Exemption: Should personal data stored on a blockchain be exempt?

2. Deletion of the private key: This is a technical means to render encrypted data unusa-
ble by deleting the keyed hash function’s secret key. This will make it impossible to
prove/verify which information was hashed; however, it may not satisfy the require-
ments of the legislation.
3. An editable blockchain: In 2016, Accenture was awarded a patent for an editable
blockchain for enterprise use. While geared to permissioned (privately controlled)
blockchains, this option could allow organizations to alter data in the event of errors
or fraud, and possibly to respond to requests to erase private information.

Storage of data for only as long as is necessary is yet another challenge. Blockchain data is
stored permanently. Removing all evidence of a person’s transactions would destroy the
integrity of a blockchain and falsify the record. Potentially, personal data can be archived
or deleted by using off-chain storage mechanisms to store the personal data while writing
a hash of the data onto the blockchain. The hash would be a pointer to the off-chain per-
sonal data. This would preserve the integrity of the blockchain but ensure that the per-
sonal data is no longer present on the blockchain (Emmadi & Narumanchi, 2019). GDPR
requirements could then be implemented on the off-chain personal data.

As a general set of regulations, the GDPR regulations extend far beyond the member coun-
tries of the EU because of the following reasons:

200
1. A non-EU business needs to comply with GDPR if it monitors the behavior of EU resi-
dents or offers them goods and services.
2. The GDPR requires data controllers to notify a data breach to the supervisory author-
ity within 72 hours.
3. The sanctions for a breach are higher than €20 million, or up to 4 percent of an organi-
zation’s total worldwide annual turnover of the preceding financial year (Yates & Chan,
2018).

Other jurisdictions around the world are also tightening up their data protection regula-
tions. China introduced cybersecurity laws in June 2017 in which many provisions mirror
those in the GDPR. In the wider Asia-Pacific region, mandatory data breach reporting has
also been introduced in South Korea, Taiwan, the Philippines, Indonesia, and Australia
(Yates & Chain, 2018).

United States

The United States does not have a single data protection regulation. Many laws are
enacted at the federal and state levels, many of which are specific to industries such as
financial services, healthcare, and more. For example, the Federal Trade Commission Act
enforces actions against companies for failing to comply with their own posted privacy
policies and for disclosing personal data without authorization. A second example is the
Health Insurance Portability and Accountability Act (HIPAA) which regulates medical infor-
mation by healthcare providers, data processors, and pharmacies that handle the infor-
mation (Franks, 2019).

The California Consumer Privacy Act (CCPA), passed into California law in June 2018, is the
strongest data privacy legislation enacted in the United States and it also mirrors the
GDPR. The CCPA requires businesses to disclose the purpose for the information collected,
gives consumers the right to ask businesses for the types and categories of personal data
being collected, and gives consumers the right to request the deletion of their personal
data (Franks, 2019).

However, like the GDPR, the CCPA presumes a traditional data model, making it difficult to
implement and enforce in a decentralized data model. Like the GDPR, the CCPA aligns
philosophically with many of the tenets of blockchain technology (i.e., data integrity,
cybersecurity, and transparency). However, inherent features of blockchain technologies
can pose compliance challenges; specifically, the decentralized, worldwide ecosystem and
the immutability of data on the blockchain (Cutler et al., 2019).

Unlike the GDPR, the CCPA limits its regulations to businesses, which are defined as any
for-profit company doing business in California that collects personal information and sat-
isfies at least one of the following thresholds:

1. Receives an annual gross revenue in excess of $25 million.

2. Annually buys, sells, or, for commercial purposes, receives or shares personal infor-
mation of at least 50,000 California consumers, households, or devices.
3. Derives 50 percent or more of its annual revenue from “selling” California consumer
personal information (Cutler et al., 2019).

201
 The term “doing business” is undefined by the statute and could include a blockchain eco-
system with nodes in California or nodes that collect data from Californian consumers
(Cutler et al., 2019).

The second criteria for the CCPA threshold test brings into question whether nodes func-
tioning in California are considered to be “sharing” personal information, as all nodes
would maintain a copy of the ledger.

The third criteria for the CCPA threshold raises the possibility that blockchain companies
could be considered to be “selling” personal information simply by hosting and operating
a blockchain platform through which people and entities can exchange personal informa-
tion — particularly if the blockchain company charges a fee to access the blockchain or
derives other valuable consideration from the hosting and operating of a platform that
facilitates personal information exchange (Cutler et al., 2019).

The Future of Data Protection on the Blockchain

Dr. Michele Finck (2019), author of a study for the European Panel for the Future of Science
and Technology, offered additional thoughts which include:

• the need to create a clear regulatory framework that is consistent no matter what the
technological platform, whether centralized or decentralized, and
• use of private, or enterprise blockchains, which will have a central or limited group of
data controllers and can control the extent to which data can be deleted from the block-
chain.

SUMMARY
After ten years, the blockchain ecosystem as a whole continues to refine
itself. The basic premise of blockchain is that of a decentralized system,
not controlled by the government. However, in order to operate within
the financial and legal systems at large, a number of legal and regulatory
concerns need to be addressed.

Smart contracts need to assure users of service levels and performance.

Regulations are needed to provide this assurance without stifling the
growth of this platform.

Cryptocurrencies and fiat money have a number of differences that

demand regulations that protect investors. However, once again, stiff
regulations can impact innovation and cause a departure of both the
currencies and the intellect that are growing the platform.

To encourage more investment in blockchain growth, ICOs, the IPOs of

blockchain, would benefit from the protection of regulations.

202
Finally, a balance needs to be struck conerning the privacy of data on
the blockchain. The inherent design of blockchain assures data protec-
tion qualities that, although not consistent in definition with data stand-
ards placed on centralized data, they may potentially be sufficient. This
is an area that requires an understanding of the differences between
decentralized and centralized systems and the protection mechanisms
that best serve the consumers.

203
BACKMATTER
 LIST OF REFERENCES
ACT IAC. (n.d.). Blockchain playbook online — beta: Phase 3 — technology selection. ACT-
IAC. https://blockchain-working-group.github.io/blockchain-playbook/phases/3/

Agarwal, A. (2019, April 2). Top 10 Tron DApps that are ruling the DApp ecosystem. CoinGape.
https://coingape.com/top-10-tron-dapps/

Agrawal, H. (2019a, August 6). Top 6 biggest bitcoin hacks ever. Coinsutra. https://coinsutra.
com/biggest-bitcoin-hacks/

Agrawal, H. (2019b, September 6). What are DApps (decentralized applications)? The begin-
ner’s guide. Coinsutra. https://coinsutra.com/dapps-decentralized-applications/

Antonopoulos, A. (2014). Mastering bitcoin. O'Reilly. https://www.oreilly.com/library/view/

mastering-bitcoin/9781491902639/ch07.html

Araya, D. (2018, October 10). The future of cryptocurrency regulation. Brookings. https://ww
w.brookings.edu/blog/techtank/2018/10/10/the-future-of-cryptocurrency-regulation/

Asia Blockchain Review. (2019, July 25). ICO investment: Fending off fraud, sidestepping
scams. https://www.asiablockchainreview.com/ico-investment-fending-off-fraud-side
stepping-scams/

Asolo, B. (2018, December 18). Litecoin scrypt algorithm explained. Mycrptopedia. https://
www.mycryptopedia.com/litecoin-scrypt-algorithm-explained/

Associated Press. (2019, May 3). Germany arrests 3 in ‘Wall Street market’ darknet probe.
New York Post. https://nypost.com/2019/05/03/germany-arrests-3-in-wall-street-mark
et-darknet-probe/

Avan-Nomayo, O. (2019, October 12). Pushing for crypto self-regulation amid tightening
government scrutiny. Cointelegraph. https://cointelegraph.com/news/pushing-for-cry
pto-self-regulation-amid-tightening-government-scrutiny

Aziz. (n.d.). Guide to consensus algorithms: What is consensus mechanism? Master The
Crypto. https://masterthecrypto.com/guide-to-consensus-algorithms-what-is-consen
sus-mechanism/

Bains, P. (2018, October 30). Blockchain-as-a-service (BaaS) faces a big data challenge.
Information Age. https://www.information-age.com/blockchain-as-a-service-baas-12
3476014/#

Baldwin, J. (2018). In digital we trust: Bitcoin discourse, digital currencies, and decentral-
ized network fetishism. Palgrave Communications,4(14), 1—10. https://doi.org/10.105
7/s41599-018-0065-0

206
Bakx, K. (2018, September 24). Bitcoin mining uses so much electricity that 1 city could cur-
tail facility’s power during heat waves. CBS News Business. https://www.cbc.ca/news/
business/hut8-medicine-hat-bitcoin-mining-1.4834027

Basu, M. (2016, March 6). Estonia using blockchain to secure health records. GovInsider. htt
ps://govinsider.asia/innovation/estonia-using-blockchain-to-secure-health-records/

Baumert, M., Ciach, S., & Gałka, P. (2019, May 1). Blockchain consortia: A legal roadmap to a
dynamically changing regulatory landscape in the US and the EU . Barnes & Thornburg
LLP .https://btlaw.com/insights/news/2019/blockchain-consortia-a-legal-roadmap-to
-a-dynamically-changing-regulatory-landscape

Beigel, O. (2019, December 11). Bitcoin historical price & events. 99 Bitcoins. https://99bitco
ins.com/bitcoin/historical-price/

Bhardwaj, C. (2018, June 18). What are smart contracts: Advantages, limitations, and use
cases. Appinventiv. https://appinventiv.com/blog/smart-contract-guide/

Billfodl. (n.d.). Bitcoin transaction fees. https://billfodl.com/pages/bitcoinfees

Birch, J. (2019). Crypto, cash, and drugs: Crypto use grows as drug trade digitalizes. Cointe-
legraph. https://cointelegraph.com/news/crypto-cash-and-drugs-crypto-use-grows-as
-drug-trade-digitalizes

Bitcoin. (n.d.). Frequently asked questions. https://bitcoin.org/en/faq

Bitcoin.com. (n.d.). Markets. Retrieved September 4, 2019, from https://markets.bitcoin.co

m/

Blockchain. (2017, December 20). BTC/transaction. https://www.blockchain.com/btc/tx/71

7e4d969a2241065afe896986bf2b481ab5059d3dba901dc0c0f1feca796524

Blockchain. (2019, August 27). BTC/block. https://www.blockchain.com/btc/block/0000000

0000000000002e19f31933bdb6dcb8722abcb4bae282ed08f6c8fd14f

Blockchain applications in healthcare. (2019). Blockchain technologies. https://www.block

chaintechnologies.com/applications/healthcare/

Bloomenthal, A. (2020, January 12). What determines the price of 1 bitcoin? Investopedia. h
ttps://www.investopedia.com/tech/what-determines-value-1-bitcoin/

Boddy, M. (2019, June 12). DOrg LLC purports to be first legally valid DAO under US law.
Cointelegraph. https://cointelegraph.com/news/dorg-llc-purports-to-be-first-legally-v
alid-dao-under-us-law

Brown, C. (2016, June 18). Why build decentralized applications: Understanding DApps.
Due. https://due.com/blog/why-build-decentralized-applications-understanding-dap
ps/

207
 Browne, R. (2018, April 12). Santander launches a blockchain-based foreign exchange serv-
ice that uses Ripple’s technology. CNBC. https://www.cnbc.com/2018/04/12/santander
-launches-blockchain-based-foreign-exchange-using-ripple-tech.html

Buck, O. (2018, November 9). The staggering environmental cost of blockchain. Modern
Consensus. https://modernconsensus.com/cryptocurrencies/bitcoin/the-staggering-e
nvironmental-cost-of-blockchain/

Butcher, J. R., Blakey, C. M., & Hastings, P. (2019). Cybersecurity tech basics: Blockchain
technology cyber risks and issues: Overview [Practice Note]. Practical Law. https://www
.steptoe.com/images/content/1/8/v2/189187/Cybersecurity-Tech-Basics-Blockchain-T
echnology-Cyber-Risks-and.pdf

Buterin, V. (2015, November 15). Merkling in Ethereum. Ethereum. https://blog.ethereum.o

rg/2015/11/15/merkling-in-ethereum/

Buttice, C. (2019, January 14). Is blockchain good or bad for the environment? Techopedia.
https://www.techopedia.com/is-blockchain-good-or-bad-for-the-environment/2/3362
4

Canellis, D. (2018, October 8). Research: China has the power to destroy bitcoin. TNW. https:
//thenextweb.com/hardfork/2018/10/08/china-means-intent-destroy-bitcoin/

CBInsights. (2019). How blockchain could disrupt insurance. https://www.cbinsights.com/r

esearch/blockchain-insurance-disruption/

Casey, M., & Forde, B. (2016, January 5). How the blockchain will enable self-service gov-
ernment. Wired. https://www.wired.co.uk/article/blockchain-is-the-new-signature

Chandler, S. (2018, July 9). Bitcoin vs altcoins: Which cryptocurrency is the most usable as
money? Cointelegraph. https://cointelegraph.com/news/bitcoin-vs-altcoins-which-cry
ptocurrency-is-the-most-usable-as-money

Chargebacks.com. (n.d.). Understanding tokenization and fraud prevention. https://charge

backs.com/understanding-tokenization-fraud-prevention/

Cheng, B., Weaver, J., & Weaver, J. F. (2018, December 21). When blockchain meets data
privacy and security: How the paradigm is shifting as regulations and the technology
evolve. NH Business Review. https://www.nhbr.com/when-blockchain-meets-data-priv
acy-and-security/

Chester, J. (2018, April 9). What you need to know about initial coin offering regulations.
Forbes. https://www.forbes.com/sites/jonathanchester/2018/04/09/what-you-need-to
-know-about-initial-coin-offering-regulations/#7f5702332f13

Chu, J. (2016, March 3). The beginning of the end for encryption schemes? MIT News. http://
news.mit.edu/2016/quantum-computer-end-encryption-schemes-0303

208
Consensys. (n.d.-a). Blockchain in energy and sustainability. https://consensys.net/enterpri
se-ethereum/use-cases/energy-and-sustainability/

Consensys. (n.d.-b). Blockchain in government and the public sector. https://consensys.net/

enterprise-ethereum/use-cases/government-and-the-public-sector/

Consensys. (2019, April 4). Building blockchain for government: Why governments need
blockchain. https://media.consensys.net/building-blockchain-for-government-why-go
vernments-need-blockchain-9691d1e21e3d

Cook, S. (2019, September 5). OpenLaw to unveil the first for-profit DAO “The LAO” for
funding blockchain projects and start-ups. CryptoNewsZ. https://www.cryptonewsz.co
m/openlaw-to-unveil-the-first-for-profit-dao-the-lao-for-funding-blockchain-projects-
and-start-ups/40619/

Coraggio, G. (2019, September 3). Legal issues of blockchain and how to deal with them.
Technology’s Legal Edge. https://www.technologyslegaledge.com/2019/09/legal-issue
s-blockchain/#page=1

Cox, L. (2019, May 28). Blockchain and sustainability: A blessing or a curse? DisruptionHub.
https://disruptionhub.com/blockchain-sustainability-blessing-or-curse/

Cuen, L. (2019, April 5). Tron DApps saw $1.6 billion in volume in Q1 2019, driven by gam-
bling. Coindesk. https://www.coindesk.com/tron-dapps-saw-1-6-billion-in-volume-in-
q1-2019-driven-by-gambling

Cuthbertson, A. (2019, May 21). Bitcoin price explained: How a single trade crashed the
cryptocurrency market. The Independent. https://www.independent.co.uk/life-style/g
adgets-and-tech/news/bitcoin-price-explained-usd-latest-value-market-today-a89218
06.html

Cutler, J., Ho, C., Mourlam, A. C., Gatto, M., & Percival, T. (2019, August 17). Reconciling
blockchain technology with California consumer privacy act. Cointelegraph. https://coi
ntelegraph.com/news/reconciling-blockchain-technology-with-california-consumer-p
rivacy-act

Daab. J. (2019, February 1). The environmental issues with blockchain. Magnani. https://ww
w.magnani.com/blog/blockchain

Dale, B. (2019, September 19). Everyone’s worst fears about EOS are proving true. Coindesk.
https://www.coindesk.com/everyones-worst-fears-about-eos-are-proving-true

Daley, S. (2019, April 10). 17 blockchain companies boosting the real estate industry. Builtin.
https://builtin.com/blockchain/blockchain-real-estate-companies

Daniel. (2018a, December 5). Proof of work blockchains: An overview for beginners.
Komodo. https://komodoplatform.com/proof-of-work/

209
 Daniel. (2018b, August 14). Cryptographic hash functions explained: A beginner’s guide.
Komodo. https://komodoplatform.com/cryptographic-hash-function/

Davenport, K. (2018, April 11). How to deal with the growing blockchain ledger size in con-
tainers. Portworx. https://portworx.com/deal-growing-blockchain-ledger-size-contain
ers/

De Filippi, P., & Loveluck, B. (2016). The invisible politics of bitcoin: Governance crisis of a
decentralized infrastructure. Internet Policy Review, 5(3). http://doi.org/10.14763/2016.
3.427

Deloitte Development. (2018). Blockchain: A technical primer. https://www2.deloitte.com/c

ontent/dam/insights/us/articles/4436_Blockchain-primer/DI_Blockchain_Primer.pdf

DigiCash. (2019, December 20). In Wikipedia. https://en.wikipedia.org/wiki/DigiCash

Digiconomist. (n.d.). Bitcoin energy consumption index. https://digiconomist.net/bitcoin-e

nergy-consumption

Elliott. (2018, July 26). Vehicle passport: Industry’s first blockchain application for car own-
ership and transfer of records. Coinmonks. https://medium.com/coinmonks/vehicle-p
assport-industrys-first-blockchain-application-for-car-ownership-and-transfer-of-3c74
8dbf090a

Emmadi, N., & Narumanchi, H. (2019, June 13). What you need to know about blockchain
and data protection law. #DigitalDirections. https://digitaldirections.com/what-you-ne
ed-to-know-about-blockchain-and-data-protection-law/

Ethereum. (2019, November 18). Ethereum cryptocurrency: Everything a beginner needs to

know. Coinsutra. https://coinsutra.com/ethereum-beginners-guide/

ExpressVPN. (2020, February 18). Protect your financial privacy with bitcoin: A comprehen-
sive guide. https://www.expressvpn.com/internet-privacy/bitcoin-anonymity/

Federov, A., Kiktenko, E., & Lvovsky, A. (2018). Quantum computers put blockchain secur-
ity at risk. Nature: International Journal of Science, 463, 465—467. https://media.nature
.com/original/magazine-assets/d41586-018-07449-z/d41586-018-07449-z.pdf

Fenech, G. (2019, January 24). The privacy coin dilemma—What are the options on offer?
Forbes. https://www.forbes.com/sites/geraldfenech/2019/01/24/the-privacy-coin-dile
mma-what-are-the-options-on-offer/#5217d075707d

Filipova, N. (2018). Blockchain — an opportunity for developing new business models.

Business Management / Biznes Upravlenie, (2), 75—92. https://dlib.uni-svishtov.bg/bits
tream/handle/10610/3902/3827872e00070a74964396467ad38140.pdf?sequence=1&is
Allowed=y

210
Finck, M. (2019, July). Blockchain and the general data protection regulation: Can distrib-
uted ledgers be squared with European data protection law? European Parliamentary
Research Service. https://doi.org/10.2861/535

Foley, S., Karlsen, J., & Putnins, T. (2018). Sex, drugs, and bitcoin: How much illegal activity
is financed through cryptocurrencies? University of Oxford Faculty of Law. https://doi.o
rg/10.2139/ssrn.3102645

Frankenfield, J. (2019). Howey test. Investopedia. https://www.investopedia.com/terms/h/

howey-test.asp

Franks, P. C. (2019, August 27). Data privacy regulations versus blockchain technology.
Kmworld. https://www.kmworld.com/Articles/White-Paper/Article/Data-Privacy-Regul
ations-Versus-Blockchain-Technology-133764.aspx

Fruth, J. (2018, February 13). Crypto-clenasing: Strategies to fight digital currency money
laundering and sanctions evasion. Reuters. https://www.reuters.com/article/bc-finreg-
aml-cryptocurrency/crypto-cleansing-strategies-to-fight-digital-currency-money-laun
dering-and-sanctions-evasion-idUSKCN1FX29I

Funderburk, K. (2019, July 31). Regulating cryptocurrency. The Regulatory Review. https://
www.theregreview.org/2019/07/31/funderburk-regulating-cryptocurrency/

Garner, B. (2018a, August 31). What’s a sybil attack & how do blockchains mitigate them?
Coincentral. https://coincentral.com/sybil-attack-blockchain/

Garner, B. (2018b, February 14). What is storj?: Beginner’s guide. Coincentral. https://coince
ntral.com/storj-beginners-guide/

Giles, M. (2019, July 12). Explainer: What is post-quantum cryptography? MIT Technology
Review. https://www.technologyreview.com/s/613946/explainer-what-is-post-quantu
m-cryptography/

Golumbia, D. (2017). The politics of bitcoin: Software as right-wing extremism. Journal of

Cultural Economy 10(2), 1—3. http://doi.org/10.1080/17530350.2017.1322997

Gopal, G., Martinez, A. G., & Rodriguez, J. M. (2018). Get smart with your contracts: Block-
chain technology is enabling business value advancement in everything from manu-
factured goods to online music. ISE: Industrial & Systems Engineering at Work, 50(5), 26
—31.

Gopie, N. (2018, July 2). What are smart contracts on blockchain? IBM Blockchain Blog. http
s://www.ibm.com/blogs/blockchain/2018/07/what-are-smart-contracts-on-blockchai
n/

Goyal, S. (2018, August 9). The difference between fiat money and cryptocurrencies. Yahoo
Finance. https://finance.yahoo.com/news/difference-between-fiat-money-cryptocurr
encies-132027811.html

211
 Groombridge, D. (2019). Blockchain potential and pitfalls [video file]. Gartner. https://www.
gartner.com/en/webinars/3878710/blockchain-potential-and-pitfalls

Haber, S., & Stornetta, W. S. (1991). How to time-stamp a digital document. Journal of
Cryptology, 3(2), 99—111. https://doi.org/10.1007/BF00196791

Hagen, M. (2018, August 23). Blockchain is how we can protect our privacy in a world of
ubiquitous surveillance. Entrepreneur. https://www.entrepreneur.com/article/318027

Haley, C., & Whitaker, M. (2017, November 28). To blockchain or not to blockchain: It’s a
valid question. Forbes. https://www.forbes.com/sites/groupthink/2017/11/28/to-block
chain-or-not-to-blockchain-its-a-valid-question/#3d45ce4b229d

Harrison, K. (2018, March 21). Top 5 questions for choosing a blockchain technology. IBM. ht
tps://www.ibm.com/blogs/blockchain/2018/03/top-5-questions-for-choosing-a-block
chain-technology/

Hashed Health. (2019). The seven major consortia (in chronological order). https://hashed
health.com/consortia-july-2019-2/

Hintze, J. (2018, March 12). Blockchain may have weaknesses that proponents overlook.
Association for Financial Professionals. https://www.afponline.org/ideas-inspiration/t
opics/articles/Details/blockchain-may-have-weaknesses-that-proponents-overlook

Hofer, L. (2019). Dag vs. blockchain: Technologies for different use cases. ICO.li. https://ww
w.ico.li/dag-vs-blockchain/

Howell, B. (2019). Artificially (or autonomously) intelligent institutions: Fact or fiction? AEI-
deas. https://www.aei.org/technology-and-innovation/innovation/artificially-or-auto
nomously-intelligent-institutions-fact-or-fiction/

Hu, Y., Liyanage, M., Mansoor, A., Thilakarathna, K., Jourjon, G., & Seneviratne, A. (2018).
Blockchain-based smart contracts - Applications and challenges. http://arxiv.org/abs/1
810.04699

Hyperledger. (n.d.). The Hyperledger greenhouse. https://www.hyperledger.org/

Hyperledger. (2018, November 30). Five hyperledger blockchain projects now in produc-
tion. https://www.hyperledger.org/blog/2018/11/30/six-hyperledger-blockchain-proje
cts-now-in-production

icao. (n.d.). Security [image file]. https://www.icao.int/Security/FAL/PKD/BVRT/PublishingI

mages/Pages/Basics/Basics%20Page%20_%20Image%201.png

Idris, U. A., Awwalu, J., & Kamil, B. (2016). User authentication in securing communication
using digital certificate and public key infrastructure. International Journal of Com-
puter Trends and Technology, 37(1), 22—25.

212
InfStones. (n.d.). The economics of EOS blockchain. https://infstones.io/the-economics-of-e
os-blockchain/

Jawaheri, H. A., Sabah, M. A., Boshmaf, Y., & Erbad, A. (2018). Deanonymizing Tor hidden
service users through Bitcoin transactions analysis [working paper]. http://arxiv.org/ab
s/1801.07501

Jenks, T. (n.d.). Using blockchain technology in your project: The ultimate guide to building
a blockchain application. Very. https://www.verypossible.com/using-blockchain-techn
ology-in-your-project

Joshi, N. (2018, March 19). Blockchain and the food industry. BBN Times. https://www.bbn
times.com/en/technology/blockchain-in-the-food-industry

Kaal, W. (2018, June 23). Initial coin offerings: The top 25 jurisdictions and their compara-
tive regulatory responses (as of May 2018). Stanford Journal of Blockchain Law & Pol-
icy, 41—63. https://stanford-jblp.pubpub.org/pub/ico-comparative-reg

Kaiser, B., Jurado, M., & Ledger, A. (2018). The looming threat of China: An analysis of Chi-
nese influence on Bitcoin.

Kansal, S. (2018, December 26). Blockchain scalability: Challenges and recent develop-
ments. Arc. https://www.codementor.io/blog/blockchain-scalability-5rs5ra8eej

Kashyap, R. (2019, March 26). How do I select a blockchain platform? Medium — The
Startup. https://medium.com/swlh/how-do-i-select-a-blockchain-platform-d7e0dd5a
27ad

Kaushal, M. & Tyle, S. (2015, January 13). The blockchain: What it is and why it matters. http
s://www.brookings.edu/blog/techtank/2015/01/13/the-blockchain-what-it-is-and-wh
y-it-matters/?utm_source=blockchainbeach&utm_medium=article

Kehoe, L., Verbeeten, D. & McGrath, S. (2019). Blockchain and insurance: New technology,
new opportunities. ConsenSys Insights. https://pages.consensys.net/blockchain-insur
ance

Kelly-Pitou, K. (2018, August 20). Stop worrying about how much energy bitcoin uses. CBS
News. https://www.cbsnews.com/news/stop-worrying-about-how-much-energy-bitco
in-uses/

Kenton, W. (2019, April 9). Neoliberalism. Investopedia Government & Policy. https://www.i
nvestopedia.com/terms/n/neoliberalism.asp

Khaleelkazi. (2017). What is dag technology? An alternative ledger system for cryptocurren-
cies|coinpickings podcast #2. Steemit. https://steemit.com/steem/@khaleelkazi/what-i
s-dag-technology-an-alternative-ledger-system-for-cryptocurrencies-or-coinpickings-
podcast-2

213
 Kim, C. (2019, September 29). New interest in DAOs prompts old question: Are they legal?
Coindesk. https://www.coindesk.com/new-interest-in-daos-prompts-old-question-are
-they-legal

Kuhar, L. (2019, February 4). Economy of (mis)trust: The case of bitcoin. Eurozine. https://w
ww.eurozine.com/economy-mistrust-case-bitcoin/

Kuhrt, T. (2019, March 22). Project lifecycle. Hyperledger. https://wiki.hyperledger.org/displ

ay/TSC/Project+Lifecycle

Kuo, T., Rojas, H. Z., & Ohno-Machado, L. (2019). Comparison of blockchain platforms: A
systematic review and healthcare examples, Journal of the American Medical Informat-
ics Association, 26(5), 462—478. https://doi.org/10.1093/jamia/ocy185

Kuskowski, P. (2018, August 1). Why regulating cryptocurrencies as securities would stifle
growth. Forbes. https://www.forbes.com/sites/pawelkuskowski/2018/08/01/why-regul
ating-cryptocurrencies-as-securities-would-stifle-growth/#399959ed242b

Lai, V. & O'Day, K. (2018a, October 18). What is practical byzantine fault tolerance (PBFT)?
CrushCrypto. https://crushcrypto.com/what-is-practical-byzantine-fault-tolerance/

Lai, V. & O'Day, K. (2018b, December 19). Introduction to cryptography in blockchain tech-
nology. CrushCrypto. https://crushcrypto.com/cryptography-in-blockchain/

Lamport, L., Shostak, R., & Pease, M. (1982). The byzantine generals problem. ACM Transac-
tions on Programming Languages and Systems, 4(3), 382—401. http://doi.org/10.1145/
357172.357176

Lee, S. (2018, July 10). Blockchain smart contracts: More trouble than they are worth? For-
bes. https://www.forbes.com/sites/shermanlee/2018/07/10/blockchain-smart-contrac
ts-more-trouble-than-they-are-worth/#45c588c923a6

Leising, M. (2019, January 17). Blockchain startup aims to cut out Equifax from loan process.
Bloomberg. https://www.bloomberg.com/news/articles/2019-01-17/spring-labs-nabs
-lenders-to-test-peer-to-peer-credit-sharing

Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q. (2018, March 6). A survey on the security of block-
chain systems. Cornell University. https://arxiv.org/abs/1802.06993

Library of Congress. (2019, August 16). Regulation of cryptocurrency around the world. http
s://www.loc.gov/law/help/cryptocurrency/world-survey.php

Liebkind, J. (2019a, June 25). Bitcoin government regulations around the world. Investope-
dia. https://www.investopedia.com/news/bitcoin-government-regulations-around-wo
rld/

214
Liebkind, J. (2019b, June 25). How blockchain technology can prevent voter fraud. Investo-
pedia. https://www.investopedia.com/news/how-blockchain-technology-can-prevent
-voter-fraud/

Liebkind, J. (2019c, June 25). DAOs, blockchain and the potential of ownerless business.
Investopedia. https://www.investopedia.com/news/daos-and-potential-ownerless-bu
siness/

Linnewiel, R. (2018, July 19). Trust in vehicle-to-vehicle communications depends on a

centralized blockchain. Medium — DAV. https://medium.com/davnetwork/trust-in-vehi
cle-to-vehicle-communications-depends-on-a-decentralized-blockchain-eed920f2bf9
e

Linux.com Editorial Staff. (2019). Essential developer guide for building blockchain applica-
tions using hyperledger sawtooth. Linux.com. https://www.linux.com/tutorials/essenti
al-developer-guide-for-building-blockchain-applications-using-hyperledger-sawtooth
/

Litsa, T. (2019, June 25). Facebook’s Libra: Concerns, interests, benefits, and experts’ reac-
tions. ClickZ. https://www.clickz.com/facebooks-libra-concerns-interests-benefits-and
-experts-reactions/246611/

Liu, L. (2019, September 23). An in-depth discussion on the investment logic of bitcoin.
Medium — Cryptocurrency. https://medium.com/@Louishliu/an-in-depth-discussion-o
n-the-investment-logic-of-bitcoin-f0380e839cbc

Liu, S. (2019, October 1). Size of the Bitcoin blockchain from 2010 to 2019, by quarter. Sta-
tista. https://www.statista.com/statistics/647523/worldwide-bitcoin-blockchain-size/

Makadiya, A. (2018, February 11). Survey suggests cyber criminals prefer Litecoin and Dash
over bitcoin. Bitsonline. https://bitsonline.com/survey-cyber-criminals-litecoin-dash/

Malik, N. (2018, August 31). How criminals and terrorists use cryptocurrency: And how to
stop it. Forbes. https://www.forbes.com/sites/nikitamalik/2018/08/31/how-criminals-
and-terrorists-use-cryptocurrency-and-how-to-stop-it/#6bc960f33990

Martucci, B. (n.d.). What is cryptocurrency — How it works, history & bitcoin alternatives.
Money Crashers. https://www.moneycrashers.com/cryptocurrency-history-bitcoin-alt
ernatives/

Marx, L. (2018, July 5). Storing data on the blockchain: The developers guide. Malcoded. htt
ps://malcoded.com/posts/storing-data-blockchain/

Matzutt, R., Hiller, J., Henze, M., Ziegeldorf, J.H., Mullmann, D., Hohlfeld, O., & Wehrle, K.
(2018). A quantitative analysis of the impact of arbitrary blockchain content on bit-
coin. In Proceedings of the22nd International Conference on Financial Cryptography
and Data Security 2018. https://www.researchgate.net/publication/321192957_A_Qua
ntitative_Analysis_of_the_Impact_of_Arbitrary_Blockchain_Content_on_Bitcoin

215
 Maurya, N. (2019, March 18). Top 10 EOS DApps that are keeping EOS in the DApp ecosystem
race. CoinGape. https://coingape.com/top-10-eos-dapps/

Maxwell, W. & Salmon, J. (2018). A guide to blockchain and data protection. Hogan Lovells.
https://www.hoganlovells.com/en/news/a-guide-to-blockchain-and-data-protection

May, K. (2018). Blockchain issues: #1:Data storage. Medium. https://medium.com/@Kyle.M

ay/blockchain-issues-1-data-storage-40fb9812c9a2

McElhill, D. (2017). GDPR data retention quick guide. Data protection network. https://www
.dpnetwork.org.uk/gdpr-data-retention-guide/

McKinlay, J., Pithouse, D., McGonagle, J., & Sanders, J. (2018, February 2). Blockchain:
Background, challenges, and legal issues. DLA Piper. https://www.dlapiper.com/en/om
an/insights/publications/2017/06/blockchain-background-challenges-legal-issues/

Mearian, L. (2019a, November 11). Facebook’s Libra co-creator: Social, financial data will
remain separate. Computerworld. https://www.computerworld.com/article/3452672/f
acebooks-libra-co-creator-social-financial-data-will-remain-separate.html

Mearian, L. (2019b, September 18). Why France and Germany fear Facebook’s cryptocur-
rency — and plan to block it. Computerworld. https://www.computerworld.com/articl
e/3439436/why-france-and-germany-fear-facebooks-cryptocurrency-and-plan-to-bloc
k-it

Merkle tree. (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Merkle_tree

Mitra, R. (2019a). What is Facebook Libra cryptocurrency? [The most comprehensive guide]
— part 1. Blockgeeks. https://blockgeeks.com/guides/understanding-facebooks-crypt
ocurrency-libra/

Mitra, R. (2019b). What is Facebook Libra cryptocurrency? [The most comprehensive guide]
— part 2. Blockgeeks. https://blockgeeks.com/guides/what-is-facebook-libra-cryptocu
rrency-the-most-comprehensive-guide-part-2/

Morris, N. (2019). Navigating blockchain’s legal potholes. Ledger Insights: Enterprise block-
chain news. https://www.ledgerinsights.com/navigating-blockchain-legal-potholes/

Moskov, A. (2019, August 22). How blockchain can save our privacy before it disappears.
CoinCentral. https://coincentral.com/blockchain-and-privacy/

Mougayar, W. (2018, December 12). The future of ICOs: In the hands of regulators or innova-
tors? Coindesk. https://www.coindesk.com/the-future-of-icos-in-the-hands-of-regulat
ors-or-innovators

Mukherjee, S. (2018). Cognizant and Indian insurers jointly develop blockchain solution for
secure data sharing. Inc42. https://inc42.com/buzz/cognizant-insurers-blockchain-sol
ution-data-sharing/

216
Naab, M., Plociennik K., & Schneider, J.C. (2019). Blockchain architecture design guidelines
— Architecting blockchain-based applications. Fraunhofer. https://blog.iese.fraunhofer.
de/architecting-blockchain-based-applications-3-blockchain-architecture-design-gui
delines/

Najera, J. (2018, October 13). Blockchain oracles: What they are and why they’re neces-
sary. Medium. https://medium.com/@setzeus/blockchain-oracles-af3b216bed6b

Nakamoto, S. (2008, October 31). Bitcoin: A peer-to-peer electronic cash system. Satoshi
Nakamoto Institute. https://nakamotoinstitute.org/bitcoin/

Nakamoto, S. (2009, February 11). Bitcoin open source implementation of P2P currency. P2P
Foundation. http://p2pfoundation.ning.com/forum/topics/bitcoin-open-source

Nakamoto, S. (n.d.). Bitcoin: A peer-to-peer electronic cash system. Bitcoin. http://www.bitc

oin.org/bitcoin.pdf

Narayanan, A., Bonneau, J., Felten, E., Miller, A., & Goldfeder, S. (2016). Bitcoin and crypto-
currency technologies: A comprehensive introduction. Princeton University
Press.Natoli, C. & Gramoli, V. (2016). The balance attack against proof-of-work block-
chains: The r3 testbed as an example. Cornell University. https://arxiv.org/abs/1612.09
426

Ng, J. (2019). Voting on blockchain: How it works. Medium — Coinmonks. https://medium.c

om/coinmonks/voting-on-a-blockchain-how-it-works-3bb41582f403

Noonan, L. (2018). Banks complete first syndicated loan on blockchain. Financial Times. ht
tps://www.ft.com/content/2b12d338-e1d1-11e8-a6e5-792428919cee

Obie, S. J., & Rasmussen, M. W. (2018, July 17). How regulation could help cryptocurren-
cies grow. Harvard Business Review. https://hbr.org/2018/07/how-regulation-could-hel
p-cryptocurrencies-grow

O’Donnell, J., & Wilson, T. (2019, June 21). Global money-laundering watchdog launches
crackdown on cryptocurrencies. Reuters. https://www.reuters.com/article/us-moneyla
undering-crypto-fatf/global-money-laundering-watchdog-launches-crackdown-on-cr
yptocurrencies-idUSKCN1TM1I8

O’Neal, S. (2019, July 29). Differences between tokens, coins and virtual currencies,
explained. Cointelegraph. https://cointelegraph.com/explained/differences-between-t
okens-coins-and-virtual-currencies-explained

OpenLaw. (2019). The era of legally compliant DAOs. Medium. https://medium.com/@Ope

nLawOfficial/the-era-of-legally-compliant-daos-491edf88fed0

Orcutt, M. (2019, February 19). Once hailed as unhackable, blockchains are now getting
hacked. MIT Technology Review. https://www.technologyreview.com/s/612974/once-h
ailed-as-unhackable-blockchains-are-now-getting-hacked/

217
 Osborne, C. (2018). These are the warning signs of a fraudulent ICO. ZDNet. https://www.zd
net.com/article/here-are-the-warning-signs-of-a-fraudulent-ico/

Oza, H. (2018, November 17). How to easily select the right platform for blockchain app
development. Hyperlink InfoSystem. https://www.hyperlinkinfosystem.com/blog/how
-to-easily-select-the-right-platform-for-blockchain-app-development

Parker, E. (2019, September 18). In cryptocurrency, will Asia supass the US? Exclusive inter-
view with SEC commissioner Hester Peirce. LongHash. https://en.longhash.com/news/i
n-cryptocurrency-will-asia-surpass-the-us-exclusive-interview-with-sec-commissione
r-hester-peirce

Pollock, D. (2018a, December 13). Merging internet of things and blockchain in prepara-
tion for the future. Forbes. https://www.forbes.com/sites/darrynpollock/2018/12/13/
merging-internet-of-things-and-blockchain-in-preparation-for-the-future/#300a50914
1fc

Pollock, D. (2018b, March 19). Crypto vs cash — How the numbers stack up on drugs, guns,
murders. Cointelegraph. https://cointelegraph.com/news/crypto-vs-cash-how-the-nu
mbers-stack-up-on-drugs-guns-murders

Power Technology. (2017, April 11). The Brooklyn microgrid:blockchain-enabled community

power. https://www.power-technology.com/digital-disruption/blockchain/featurethe-
brooklyn-microgrid-blockchain-enabled-community-power-5783564/

Principles of Bitcoin. (n.d.). In Bitcoin Wiki. https://en.bitcoin.it/wiki/Principles_of_Bitcoin

Privacy. (n.d.). In Merriam Webster.com dictionary. https://www.merriam-webster.com/dict

ionary/privacy

Privacy Canada. (n.d.). Hash collision attack. https://privacycanada.net/hash-functions/ha

sh-collision-attack/

Public key infrastructure. (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Public_key_inf

rastructure

PWC. (2017, April 14). Blockchain is here. What's your next move? https://www.pwc.com/gx/
en/issues/blockchain/blockchain-in-business.html

Radix. (2018a, June 7). What is an eclipse attack? https://www.radixdlt.com/post/what-is-a

n-eclipse-attack/

Radix. (2018b, June 14). What is a double spend attack and how to prevent them? https://w
ww.radixdlt.com/post/what-is-a-double-spend-attack/

Rathore, A. (2019). How to develop a blockchain application — overview. NAPPD. https://e

nappd.com/blog/how-to-develop-a-blockchain-application/4/

218
Ream, J., Chu, Y., & Schatsky, D. (2016, June 8). Upgrading blockchains: Smart contract use
cases in industry. Deloitte Insights. https://www2.deloitte.com/us/en/insights/focus/si
gnals-for-strategists/using-blockchain-for-smart-contracts.html

Reese, F. (2018, July 27). ICO regulations by country. Bitcoin Market Journal. https://www.b
itcoinmarketjournal.com/ico-regulations/

Reiff, N. (2019a). What is bitcoin gold, exactly? Investopedia. https://www.investopedia.co

m/tech/what-bitcoin-gold-exactly/

Reiff, N. (2019b). How to identify cryptocurrency and ICO scams. Investopedia. https://www.
investopedia.com/tech/how-identify-cryptocurrency-and-ico-scams/

Reiff, N. (2019c). What are the legal risks to cryptocurrency investors? Investopedia. https://
www.investopedia.com/tech/what-are-legal-risks-cryptocurrency-investors/

Reiff, N. (2020a). Bitcoin vs bitcoin cash: What is the difference? Investopedia. https://www.i
nvestopedia.com/tech/bitcoin-vs-bitcoin-cash-whats-difference/

Reiff, N. (2020b). Bitcoin vs. Ripple: What’s the difference? Investopedia. https://www.invest
opedia.com/tech/whats-difference-between-bitcoin-and-ripple/

Reiff, N. (2020c). Why bitcoin has a volatile value. Investopedia. https://www.investopedia.c

om/articles/investing/052014/why-bitcoins-value-so-volatile.asp

Roberts, J. J. (2019). Can blockchain solve the mess of medical records? IBM announces
tie-up with healthcare providers. Fortune. https://fortune.com/2019/01/24/ibm-blockc
hain-healthcare/

Romeo Ugarte, J. L. (2018, October 23). Distributed ledger technology (DLT): Introduction.
Banco de Espana. https://ssrn.com/abstract=3269731

Rosic, A. (n.d.-a). 17 blockchain applications that are transforming society. Blockgeeks. http
s://blockgeeks.com/guides/blockchain-applications/

Rosic, A. (n.d.-b). Cryptocurrency wallet guide: A step-by-step tutorial. Blockgeeks. https://b

lockgeeks.com/guides/cryptocurrency-wallet-guide/

Rosic, A. (n.d.-c). What is ethereum gas? [The most comprehensive step-by-step guide ever!].
Blockgeeks. https://blockgeeks.com/guides/ethereum-gas/

Rühl, G. (2019, January 23). The law applicable to smart contracts, or much ado about
nothing? University of Oxford Faculty of Law. https://www.law.ox.ac.uk/business-law-b
log/blog/2019/01/law-applicable-smart-contracts-or-much-ado-about-nothing

Samuel, N. (2018). Decentralized applications: An introduction for developers. Skinny Bottle

Publishing.

219
 Sayeed, S. & Marco-Gisbert, H. (2019, April 29). Assessing blockchain consensus and secur-
ity mechanisms against the 51% attack. MDPI: Applied Sciences. https://www.mdpi.co
m/2076-3417/9/9/1788/pdf-vor

Sedgwick, K. (2018, August 29). 25% of all smart contracts contain critical bugs. Bit-
coin.com. https://news.bitcoin.com/25-of-all-smart-contracts-contain-critical-bugs/

Sedgwick, K. (2019, September 22). What Google’s quantum breakthrough means for block-
chain cryptography. Bitcoin.com. https://news.bitcoin.com/what-googles-quantum-br
eakthrough-means-for-blockchain-cryptography/

Secure Hash Algorithms. (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Secure_Hash_

Algorithms.

Seth, P. (2018, June 13). An insight into hashing & digital signatures in blockchain. SYST-
weak. https://blogs.systweak.com/an-insight-into-hashing-digital-signature-in-blockc
hain/

Seth, S. (2018). Public, private, permissioned blockchains compared. Investopedia. https://

www.investopedia.com/news/public-private-permissioned-blockchains-compared/

Shah, P. (2019, May 24). Part II: Designing smart contracts: Considerations involved. Entre-
preneur India. https://www.entrepreneur.com/article/334268

Sharma, A. (2019, April 2). Life cycle of smart contract development. QuillHash—Medium. h
ttps://medium.com/quillhash/life-cycle-of-smart-contract-development-8929fa073b7
f

Sharma, R. (2019). Should cryptocurrency exchanges self-regulate? Investopedia. https://w

ww.investopedia.com/news/should-cryptocurrency-exchanges-selfregulate-themselv
es/

Sheldon, R. (2019, September 5). How blockchain sharding solves the blockchain scalabil-
ity issue. TechTarget. https://searchstorage.techtarget.com/tip/How-blockchain-shard
ing-solves-the-blockchain-scalability-issue

Silver, S. (2019, April 17). Blockchain technology and ux principles. Key Lime Interactive. htt
ps://info.keylimeinteractive.com/blockchain-technology-and-ux-principles

Sloan, K. (2018, April 21). 3 reasons cryptocurrency needs to be regulated. Due. https://due.
com/blog/cryptocurrency-needs-to-be-regulated/

Solidity. (n.d.). Solidity. https://solidity.readthedocs.io/en/latest/

Soska, K. & Christin, N. (2015, August 13). Measuring the longitudinal evolution of the
online anonymous marketplace ecosystem. In Proceedings of the 22nd USENIX Secur-
ity Symposium. Washington DC. 33—48. https://www.andrew.cmu.edu/user/nicolasc/
publications/SC-USENIXSec15.pdf

220
Snyder, S. T. (2019, January 14). The privacy questions raised by blockchain. Bradley. https
://www.bradley.com/insights/publications/2019/01/the-privacy-questions-raised-by-
blockchain

Stambolija, R. (2019, January 22). Healthcare on blockchain: Exploring the use cases.
Medium. https://medium.com/mvp-workshop/healthcare-on-blockchain-exploring-th
e-use-cases-aea40190b26e

Strukhoff, R. & Gutierrez, C. (2017, March 15). Blockchain for trade finance: Real-time visibil-
ity and reduced fraud. Altoros. https://www.altoros.com/blog/blockchain-for-trade-fin
ance-real-time-visibility-and-reduced-fraud/

Swish Team. (2019, January 4). The 5 best blockchain platforms for enterprises and what
makes them a good fit. Swish Labs — Medium. https://medium.com/swishlabs/the-5-b
est-blockchain-platforms-for-enterprises-and-what-makes-them-a-good-fit-1b44a9be
59d4

Szabo, N. (1997, September 1). Formalizing and securing relationships on public networks.
First Monday, 2(9). https://doi.org/10.5210/fm.v2i9.548

Takyar, A. (2019). Top blockchain platforms of 2019. LeewayHertz. https://www.leewayhertz

.com/blockchain-platforms-for-top-blockchain-companies/

Tang, G. Y. (2018, December 13). Building trusted supply chains in the chemical industry.
Blockchain institute — Medium. https://medium.com/deloitte-blockchain-institute/bui
lding-trusted-supply-chains-in-the-chemical-industry-1dd113578838

Tang, G. Y. (2019, April 10). Blockchain in the seafood industry. Blockchain institute —
Medium. https://medium.com/deloitte-blockchain-institute/blockchain-in-the-seafoo
d-industry-29d8ae2370d3

Tapscott, D. (2016). How the blockchain is changing money and business [transcript]. TED. h
ttps://www.ted.com/talks/don_tapscott_how_the_blockchain_is_changing_money_a
nd_business/transcript?language=en&source=post_page---------------------------

Tatar, J. (2019). How blockchain technology can change how we vote. The balance. https://
www.thebalance.com/how-the-blockchain-will-change-how-we-vote-4012008

Thake, M. (2018, December 2). Blockchain vs. dag technology: A brief comparison.
Nakamo.to — Medium. https://medium.com/nakamo-to/blockchain-vs-dag-technolog
y-1a406e6c6242

The Linux Foundation. (n.d.). About Hyperledger. Hyperledger. https://www.hyperledger.or

g/about

Thota, N. R. (2018, July 18). Developing blockchain application is no different from the cur-
rent software development. Innominds. https://www.innominds.com/blog/developing
-blockchain-application-is-no-different-from-the-current-software-development

221
 Tor (anonymity network). (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Tor_(anonymi
ty_network)

TradingView. (n.d.). Cryptocurrency market. https://www.tradingview.com/markets/crypto

currencies/global-charts/

Trauth, M. (2018). Neoliberalism and the rise of bitcoin: Is bitcoin a neo-liberal product? A
socio-economic analysis [extract]. Bournemouth University. https://m.grin.com/docu
ment/441772

Trust. (n.d.). In YourDictionary. Retrieved https://www.yourdictionary.com/TRUST

tutorialspoint. (n.d.). Public key encryption. https://www.tutorialspoint.com/cryptography/

public_key_encryption.htm

U.S. Securities and Exchange Commission. (n.d.). Spotlight on Initial Coin Offerings (ICO). ht
tps://www.sec.gov/ICO

Universa. (2017). Decentralized autonomous organization — What is a dao company?

Medium — UniversaBlockchain. https://medium.com/universablockchain/decentralize
d-autonomous-organization-what-is-a-dao-company-eb99e472f23e

Usenet. (n.d.). In Wikipedia. https://en.wikipedia.org/wiki/Usenet

Varshney, N. (2018, May 30). Here’s how much it costs to launch a 51% attack on PoW crypto-
currencies. TNW. https://thenextweb.com/hardfork/2018/05/30/heres-how-much-it-co
sts-to-launch-a-51-attack-on-pow-cryptocurrencies/

Vault. (n.d.). Real estate. https://www.vault.com/industries-professions/industries/real-est

ate

Vincent, J. (2019, July 4). Bitcoin consumes more energy than Switzerland, according to
new estimate. The Verge. https://www.theverge.com/2019/7/4/20682109/bitcoin-ener
gy-consumption-annual-calculation-cambridge-index-cbeci-country-comparison

Volkswagen. (n.d.). Putting blockchains on the road. https://www.volkswagenag.com/en/n

ews/stories/2018/08/putting-blockchains-on-the-road.html

Waldo, J. (2019). A hitchhiker’s guide to the blockchain universe. Communications of the

ACM, 62(3), 38—42. https://doi-org.pxz.iubh.de:8443/10.1145/3303868

Weaknesses (1.3) Sybil attack. (n.d.). In Bitcoin Wiki.https://en.bitcoin.it/wiki/Weaknesses#

Sybil_attack

Weaknesses (2.6) Attacker has a lot of computing power. (n.d.). In Bitcoin Wiki. https://en.bi
tcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power

222
Werbach, K. (2019, February 8). People don’t trust blockchain systems. Slate. https://slate.
com/technology/2019/02/blockchain-government-regulation-cryptocurrency-bitcoin.
html

White, M. (2018, January 16). Digitizing global trade with Maersk and IBM. IBM. https://ww
w.ibm.com/blogs/blockchain/2018/01/digitizing-global-trade-maersk-ibm/

Wilson, T. (2018, November 20). Bitcoin for payments a distant dream as usage dries up.
Reuters. https://www.reuters.com/article/us-crypto-currencies-payments-analysis/bit
coin-for-payments-a-distant-dream-as-usage-dries-up-idUSKCN1NP1D8

World Economic Forum. (2016). The future of financial infrastructure: An ambitious look at
how blockchain can reshape financial services. http://www3.weforum.org/docs/WEF_T
he_future_of_financial_infrastructure.pdf

World Health Organization. (2018). Substandard and falsified medical products. https://ww
w.who.int/news-room/fact-sheets/detail/substandard-and-falsified-medical-products

Xu, W., Weber, I., & Staples, M. (2019). Architecture for blockchain applications. Springer.

Yaga, M., Mell, P., Roby, N., & Scarfone, K. (2018). Blockchain technology overview. National
Institute of Standards and Technology: U.S. Department of Commerce. https://doi.org/1
0.6028/NIST.IR.8202

Yates, B. & Chan, R. (2018). Blockchain and the future of data protection. Hong Kong Law-
yer. http://www.hk-lawyer.org/content/blockchain-and-future-data-protection

Yusuf, S. (2018). Blockchain/distributed ledger technologies: Where they came from, where
they are heading. Economy, Culture & History Japan Spotlight Bimonthly, 37(6), 18—22.

Zuluaga, D. (2018, June 25). Should cryptocurrencies be regulated like securities? CATO
Institute. https://www.cato.org/publications/cmfa-briefing-paper/should-cryptocurre
ncies-be-regulated-securities

223
 LIST OF TABLES AND
FIGURES
Figure 1: Distributed Databases and Distributed Ledgers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Figure 2: Distributed Ledgers and Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Table 1: Comparison of Blockchain Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Figure 3: Network Comparison Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 4: Blockchain Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Figure 5: Merkle Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Figure 6: Bitcoin Price in USD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Figure 7: Historic Daily Bitcoin Transaction Fees (In Dollars Per Transaction) . . . . . . . . . . . 43

Figure 8: Block Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Figure 9: Remainder of Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Figure 10: Transaction: View Information About a Bitcoin Transaction . . . . . . . . . . . . . . . . . 47

Table 2: Bitcoin Security Breaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Table 3: Hyperledger Umbrella . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 4: Comparison of Hyperledger Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Figure 11: Symmetric Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Figure 12: Public Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Figure 13: Encrypted Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Figure 14: Annotated Merkle Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Figure 15: Blockchain Industry Leaders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Figure 16: Blockchain Country Growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

224
Figure 17: Global Payments: Current-State Process Depiction . . . . . . . . . . . . . . . . . . . . . . . 108

Figure 18: Global Payments: Current-State Pain Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Figure 19: Global Payments: Future-State Process Description . . . . . . . . . . . . . . . . . . . . . . 110

Figure 20: Global Payments: Future-State Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Figure 21: Supply Chain - Current . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Figure 22: Supply Chain - Future . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Figure 23: GTD Improvements to Supply Chain Processing . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Figure 24: Blockchain in Government . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Figure 25: Initial Assessment of Blockchain as Technology . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Figure 26: Detailed Assessment of Blockchain as Technology . . . . . . . . . . . . . . . . . . . . . . . 139

Figure 27: Public, Private, Permissioned Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Table 5: Characteristics of Money . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Table 6: Functions of Money . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Figure 28: Hash Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Figure 29: Bitcoin Energy Consumption Index Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Figure 30: Bitcoin Annualized Total Footprints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Figure 31: Bitcoin Transaction Footprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Table 7: Bitcoin Network Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Table 8: Ethereum Network Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Figure 32: Size of Bitcoin Blockchain from 2010 to 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Figure 33: Fraction of Sales Per Item Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Figure 34: Worldwide Legal Status of Cryptocurrencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Figure 35: Regulatory Framework for Cryptocurrencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

225
 Figure 36: Countries Issuing National/ Regional Cryptocurrencies . . . . . . . . . . . . . . . . . . . 191

Table 9: Summary of Regulations by Country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

226
IU Internationale Hochschule GmbH
IU International University of Applied Sciences
Juri-Gagarin-Ring 152
D-99084 Erfurt

Mailing Address
Albert-Proeller-Straße 15-19
D-86675 Buchdorf

media@iu.org
www.iu.org

Help & Contacts (FAQ)

On myCampus you can always find answers
to questions concerning your studies.