Category Whitepapers and Guides
This blog discusses technical details of what a blockchain is, how it works, and what aspects of the technology make it useful, as well as comparing it to other technologies in a similar space. Then a discussion over its suitability for payment rails and supply chain audits, going over what current problems it solves and any new problems it introduces.
Bear with us, the first bit gets a little technical – but then again, we are talking about tech so this shouldn’t be a surprise! Once you understand the fundamentals, you’re on to the home straight and it won’t be long until it becomes clear why blockchain is such a big topic in the industry.
A blockchain is a distributed and decentralised ledger, normally spread across a peer to peer (P2P) network. Every node in the network has a copy of the ledger. Each block in a blockchain contains a hash pointer, a hash of the data in the previous block and its address, and a list of transactions. These blocks are linked together in a sequential chain, with each block being linked to the previous block by a hash pointer.
Transactions for a block are stored in a Merkle Tree, with the key idea being that the transactions themselves are hashed to generate the leaf nodes. From here they are paired up and hashed again to produce a parent node, creating the second layer of the tree with half as many nodes. Each node contains the hashed information for all of its child nodes, all the way up to the root node, which contains the hashed information for the entire tree. 
Figure 1 : Example of the structure of a merkle tree
Blocks are made up of transactions, these transactions are done between nodes in the network. When a transaction is made it is broadcast to the whole network and added to a pool of unconfirmed transactions. When new blocks are being made, they pull transactions from this pool and include them as part of the new block. Once a block reaches a given size it is broadcast to all other nodes to be validated, depending on the type of blockchain there may be extra steps involved such as a proof of work stage.
Merkle Trees allow every transaction to be scrutinized in an efficient manner. By working through the tree, it is possible to use a Merkle proof to verify that a transaction’s data and position in the tree are correct . This is done by comparing the parent node’s hash to the hash generated from the transaction and any of the other children the parent has. This can be done all the way up to the root node to verify an entire block’s transactions.
The most recent hash pointer represents the state of the entire blockchain. Each block’s hash pointer takes as input the hashed data from the previous block. If we follow this back far enough, we will reach the original “Genesis block” which started the chain. Effectively taking the hashed data from all previous blocks as input for the newest hash, so all previous blocks have an impact on the hash produced. Because of this we only need to look to the most recent block to verify the entire blockchain.
Figure 2 : Simplified bitcoin blockchain
In a public blockchain, which is fully decentralised, there needs to be a majority approval before a change is accepted to the chain – this is known as a “Consensus”. Every node has the same influence on this vote and does its own verification of the change. Once a majority has been reached the change is adopted by everyone and the process of adding new blocks can begin again.
The integrity of all blocks should be ensured as any modification to previous transactions would alter the resulting hash for the whole chain, it would no longer match the results calculated by any of the other nodes in the network. This change would be rejected.
This solves the problem of integrity as it is in everyone’s self-interest to ensure the new chain matches up with their copy, as it is assumed that individuals have a stake in the chain remaining correct. This stake could take the form of currency, so fraudulent changes to the chain could result in an individual losing money. So, every node has an incentive to only approve correct additions.
In a public blockchain, the majority decision has a type of attack called the “51% attack” whereby an attacker seeks to have control over the majority of nodes in the system, allowing them to make changes to the blockchain without the need for anyone else’s approval.  This type of attack is only feasible on smaller public blockchains where attackers may have sufficient sway to gain a majority. For larger networks, it becomes effectively impossible to do this.
It is also possible to have a blockchain with a central authority, which approves changes. This is a system often used for private blockchains whereby members need to be approved before they are allowed to join the system.  In this case, no majority is required. If the central authority is compromised by an attacker, the entire chain can be altered. These networks contain a single point of failure and are more prone to tampering.
The two main technologies that compete with blockchain are public key infrastructure and cloud-based backups.
One advantage that public key infrastructure has over blockchain is privacy for transactions. Everyone in a blockchain has a copy of all transactions on the network. In the worst case, you know exactly who the participants are, and in the best case where everyone is anonymized you can gain metadata about the whole network. There is always some leak of information. Public key infrastructure has no ledger so the transaction is only known to the parties involved, a malicious actor would need to be actively eavesdropping to even know it had taken place.
Blockchain is also very slow, for a change to be made it needs to be agreed by at least half of the network, for large networks this could take a considerable amount of time. As well as this every member needs to have a copy of the entire chain, the storage requirements are astronomical. In comparison, just having properly encrypted backups on cloud servers would be cheaper and faster, using just a single hash for verifying that the latest version has not been modified would be sufficient for most use cases. Using multiple cloud storage systems would also help to prevent a single point of failure.
However, an advantage that blockchain has over any of its competitors is that modifications cannot be made to previous transactions. In terms of security, there is no existing technology which even comes close to large blockchain networks.
A payment rail is a platform which allows money to be transferred between a payer and payee. They have existed for a long time; in eCommerce, we see things like PayPal and Venmo as well as banks offering their own services. Payment rails need to be secure, consumers put a lot of trust into these services handling their money.
For a cryptocurrency like Bitcoin, individuals have a wallet that acts as their identity in the network. A wallet contains a public key and a private key. Wallets don’t contain money, they are an identifier, all associated transactions are used to calculate a balance. Transactions are signed with a private key and then can be verified by using a public key to prove who signed the transaction, this is a digital signature common to public key infrastructure. 
A problem which cryptocurrencies have faced is that of the double spending problem: how do we prevent a digital unit of currency from being duplicated and spent more than once? If money can be copied and reused endlessly it becomes worthless. The issue is crucially between the point that a transaction is made and confirmed by a majority of nodes in the system, if a transaction has not been confirmed then the same token could be used in another transaction with a node who is unaware the token has already been spent.
For example, Bitcoin solved the problem of double spending where its predecessor BitGold did not. A bitcoin is a “chain of digital signatures”, every transfer is logged on the coin itself. This means that when a transaction is made the owner signs a hash of the previous transaction and the new owners public key. This means that from the point the coin was generated we can know every wallet that it has visited up to its current state.
In the context of a blockchain this means that if double-spending were to ever occur, the majority of nodes in the network would agree which transaction actually happened and all other transactions are discarded. As there is only one history that everyone agrees on, and a coin can only have one owner, double spending can’t occur. 
One issue that financial institutions have struggled with is transparency. It is difficult to allow transactions to be viewed and scrutinized whilst also remaining secure. This is because the current system relies upon central nodes having databases of what transactions have occurred and the state of everyone’s accounts. To allow access to these systems creates an attack vector for malicious actors who, if given access to the system, may attempt to alter records. This lack of transparency is bad for trust as well as audits. A financial institution and governing bodies would want to ensure that account books are correctly balanced in the interest of profits and safeguarding consumers. 
As blockchain transactions are practically immutable and everyone in the network already has a copy of all previous transactions, it presents something which has never been feasible before – total transparency in how and when transactions occur. So long as users’ data is properly anonymized, such that only privileged individuals are able to see the mapping of accounts to individuals, it can be shown that all of the actions performed in a network are accounted for.
Additionally, this allows for the prevention of fraud. Money has a full transaction history in the blockchain, therefore crimes such as money laundering become far more difficult. Currently, money is hard to trace – it can be split up and bounced around accounts making it impossible to track where money has originated. This is because money in its current form is homogenous, there is nothing to differentiate any single pound (£) for any other pound. In a blockchain, everything has a history, making the job of finding a common source trivial. One would just need to look through a list of previous owners until a matching one is found.  This directly benefits consumers, as they would no longer be required to verify when they obtained their cash, for instance housing deposits or investments in business.
In the case of Bitcoin or Ethereum the barrier to creating a new wallet is low, which means that although fraud accounts can be blacklisted it doesn’t stop criminals from simply creating a fresh wallet to move money through. That way, a number of clean accounts can be used and disposed of. The Bitcoin may never need to touch a tainted account. Fraud is still present and potentially made even worse. These accounts are also entirely anonymous, so it becomes impossible to know what money is being used for. As a result, Bitcoin is highly prevalent among dark web communities, particularly those selling contraband such as drugs, weapons, and trafficked individuals.
Despite this, for a banking system, it would be possible to tie accounts to an identity, which would make setting up fake accounts much more difficult. Thus, whilst this is in no way a perfect solution to the issue of fraud, it makes fraud more expensive and time-consuming for criminals to commit.
There is an argument to be made that having a central database mapping accounts to individuals is a security risk, once someone has that information, they would be able to see all the transactions that you have performed. But given this is already a problem in the status quo, this seems like a reasonable trade-off. Since the identity tied to accounts isn’t needed for transactions to occur, only for tasks such as fraud prevention, it may be possible to air gap the system holding this data and have it only for internal usage. This would be an improvement over the current situation.
A supply chain audit deals with all the steps involved in getting products from suppliers to businesses that wish to sell them. It considers the cost of products, cost of shipment, quality of products, contracts, and inventory.
The supply chain for large companies can be hundreds of steps long, tracking back to where the raw materials were sourced. This means that audits are often performed over small sections of the chain and then combined at a later stage. The issue here is twofold: a lack of perspective and a lack of specialisation. 
Firstly, it’s hard to see how the steps relate to each other without seeing how the entire chain operates. Each auditor only gets to see a sliver of the full chain; therefore, they can’t form a full understanding of how one step affects the others. This leads to increased audit costs in the long term as problems in the supply chain become difficult to find and require multiple audits to root out. 
Secondly, auditors are required to understand many disciplines, such as regulatory requirements, geopolitical risks, and data security. Each stage of the supply chain may have multiple considerations, but a single auditor can’t have in-depth knowledge about all areas. Stages would either require multiple auditors to do comprehensively, which would increase costs, or each auditor will need to have knowledge of many subject areas, which prevents specialisation.
Each order can be treated as a series of transactions added to the chain, much like how a bitcoin is just a history of transactions. This means that when viewing an order, the entire supply chain can be transparently seen up to its current stage. For an auditor, it reduces the workload of finding this history for themselves as companies can be identified by their public keys and therefore held accountable for their stage in the supply chain.
Furthermore, blockchain helps with contract disputes by using “Smart Contracts” without the need for an intermediary, which contributes to the cost of the supply chain. A smart contract is written as code, with conditions and penalties, and added to the blockchain with a digital signature from both parties involved. This is now publicly viewable and cannot be later disputed. Once some condition of the contract is met the code automatically executes. In practice, this would be a delivery being confirmed and added to the blockchain as a transaction, which would trigger payment being made for the delivery.
This doesn’t prevent companies further down the supply chain colluding and collectively lying about how materials were obtained. It may be the case that products are swapped out for cheaper or illegally sourced without it appearing in the blockchain. Without a mechanism to identify products, such as the unique cut and quality of stones recorded by the diamond industry , it becomes possible for bad practices to sneak into the system. That said it does make it more difficult to do so and easier to catch when compared to the current system.
Blockchain is not commonly used in the supply chain, for it to be of use wide scale adoption is necessary. The chain loses its advantages if there are missing sections. The entire industry would need to have a flag day, all switching to the new system overnight. This type of coordination would be difficult, likely leading to bugs which could be exploited.
In summary, blockchain is a useful technology providing security through immutable transactions, allowing all members of the chain to be confident that its integrity is ensured. We are likely to see it being used in a variety of ways, but due to its lack of speed and high storage costs, it should only be used in specific areas it is best suited to.
It is probable that it will be adopted by payment rails soon as examples of cryptocurrency are well known and researched. A strong implementation here would not be a huge shift from current technology already in use.
Supply chains would benefit from further research as it has not had time to mature. The best outcome would come from developing blockchain usage alongside current systems and switching over after significant progress can be demonstrated.
Fraser Brown has been working at ECS for the past two weeks as a recent hire. Before this he worked for a year as a software developer specialising in cloud delivery and security. He is looking forward to getting involved in project work and delivery quality for ECS’s clients.