Seth James Nielson on Blockchain Technology for Data Governance

Seth James Nielson recently hosted a training seminar at the 2018 Data Architecture Summit Summit on Blockchain technology and its impact on data architecture and data governance.

Nielson said that blockchain is an append-only immutable ledger where data, once "entered" can not be edited. Data can only be added at the end of the blockchain.

He spoke about the differences between public and private blockchains. Public blockchain can have any participant. The whole system is decentralized and only the consent makes it work. The private blockchain has control over who can participate. In a private blockchain, proof-of-stake or proof-of-authority can be used for consent. Microsoft Azure and Ethereum support this model.

Some of the use cases that can benefit from blockchain solutions are healthcare, supply chain and IoT devices.

Nielsen also discussed Smart Contracts in Blockchain technology. Smart Contract is a code that runs as part of the distributed ledger. It is a mini-program that is executed when a new block is extracted.

Blockchain is to eliminate verification and validation of trusted third parties. It can help with the following aspects of data governance.

• Transparency
• Data origin
• Incentives for interoperability

InfoQ spoke with Nielson about how Blockchain technologies influence data architecture and database professionals.

InfoQ: What is the impact of Blockchain technology on data architecture?

Seth James Nielson: Honestly, this remains to be seen. Some believe that we are at the beginning of a massive Blockchain revolution. Others think that technology is an excessive fashion, with little value really useful. The key idea behind technology is a fully distributed, append-only ledger. Since it is distributed, there is no central authority and, in theory, the parties can trust the authenticity of the data in the register without any third party proving it. For example, when you buy something in a shop with a credit card, both the buyer and the seller require a third party (the credit card company) to execute the transaction. The concept behind Blockchain is that a combination of massive replication, well-designed incentives and encryption allows unchanging data shared by all parties. Transactions, once entered in this ledger, can never be removed or altered. This allows the parties to conduct business with each other independently of other organizations.

The problem is that this too simple version is not the whole truth. A trusted third party has been mistaken for a trusted audience. Data in a blockchain can be changed if the majority accepts the changes. There are also numerous interesting problems on a scale.

In all honesty, the Blockchain community is aware of all these problems and is working on clean solutions right now. But problems must be solved if the revolution progresses.

InfoQ: What are some use cases in which Blockchain can help with data security, data integrity and data management in general?

Nielson: Blockchain is a great way to create a trusted record between untrusted parties. Public Blockchains allow anyone to join, and untrusted parties are people, organizations and even governments. As long as there is not a single coalition big enough to control the majority of the Blockchain resources, the integrity of the data is guaranteed.

Data security and data management are much more complicated. Each member of the Blockchain must preserve and protect a private key. If this key is compromised by an unauthorized party, little can be done to revoke the compromised key. Perhaps just as serious, if the key is lost (eg, deleted by mistake), even the user's access to the system is permanently lost. For example, it is estimated that 20% of all Bitcoins in the world are lost in this way.

Finally, Blockchain alone does not offer much for data management. Rather, it allows new forms of data management. The supply chain is a great example in which Blockchain seems to be very successful. When considering complex supply chains around the world, keeping track of data among hundreds or even thousands of inter-operational suppliers is extremely difficult. Creating a Blockchain to allow these participants to create their own data and track other people's data is a fantastic choice.

A final note on data management. One of the interesting effects of an addition-only registry is that data can not be deleted! This leads to some interesting problems. Many companies have data retention policies that require data destruction after certain periods of time or under certain circumstances. Data of this type should generally not be stored in Blockchains.

InfoQ: Can you talk about some Blockchain design models in terms of data management, data encryption, etc.?

Nielson: I think my answer to your previous question is a start. Interestingly, the data in public Blockchain is not encrypted by the same Blockchain. Insert whatever you give him. If you provide encrypted data, the encrypted data will always be stored in encrypted form forever (or for the life of the Blockchain, rather). If you store it in plain text, it will be stored for the whole world to be seen until the Blockchain is operational.

Typically, Blockchain is used less for confidentiality and more for authenticity and integrity. That said, you can use Blockchain to attest all types of cryptographic operations. For example, you can enter encrypted data on Blockchain and then also enter the decryption key. This is a way to "prove" to the world that you had data at a given time, without revealing what the data actually say until a later time. Perhaps encrypted data is the solution to an exam question. By adding it to the Blockchain, you have proof that you had those answers on a certain date even if you did not reveal the answers until late.

I know some great cryptographers of Johns Hopkins who are doing all sorts of interesting things with this type of algorithm. But it's still in its infancy, so we're still learning all the patterns.

InfoQ: What is a "smart contract"? How can "smart contracts" be used in the development of applications based on Blockchain technology?

Nielson: Conceptually, smart contracts are mini programs that run automatically on certain triggers or conditions. In the Blockchain world, some Blockchain technologies, in particular Ethereum, support the code that is executed as part of the insertion of a new transaction.

But it is important to remember that Blockchain is a distributed master book. There are some limitations with Blockchain smart contracts because every machine in the entire network has to execute the same code and get the same answer. Otherwise, the distributed ledger would have no consensus and integrity. Unfortunately, sometimes people advertise their explanations about what a Blockchain-based smart contract can do.

To circumvent the limits of an intelligent contract, a certain part of the processing must be carried out "off-line" (outside the contract itself). For example, one of the suggested uses of a smart contract is to automatically pay agricultural insurance money if there is a drought. It's a good idea, but how does the smart contract determine the weather? It can not directly use sensors, websites or other meteorological sources because each node in the network should achieve the same result during the execution of the distributed code. This simply does not scale. So instead, a kind of trusted third party must push the temperature to the Blockchain as a piece of data. Once the smart contract is able to see this data inside the ledger, it is easy to process.

But some people point out that going "out of the chain", you have canceled many of the benefits for which the smart contracts were created. Decentralization, for example.

InfoQ: what online resources can you recommend to database developers who want to know more about Blockchain?

Nielson: Unfortunately, I think there is so much clamor right now that the only good advice is to look for absolutely every "point of view" you can find. Be sure to look for the critical ones to balance the too much positive. I found that Coindesk is a good source for much information.

InfoQ: what development tools are available for database developers?

Nielson: I would actually recommend looking at some of the big players like Microsoft and IBM. Microsoft Azure, for example, is really trying to build a Blockchain story. They have case studies, including examples related to the supply chain, insurance and others. Although it is Microsoft, they can connect to multiple back-end blockchains.

In the interest of full disclosure, my experience is more in the field of applied cryptography and data security. I have not created products with these tools, so take my recommendations with different grains of salt.

One last thing. In my list of things to do, try to create smart contracts using an Ethereum simulator. This is the easiest way to try out an intelligent contract code without actually implementing the current Blockchain.

He also talked about the potential of Blockchain technologies in organizations in their current projects and initiatives.

Blockchain is really exciting, and I say this despite all the noise. This technology really has interesting potential and it will be interesting to see how it evolves and develops. This year is the tenth anniversary of the white paper that introduced Bitcoin blockchain technology and catapulted forward. Although it's only in the last two years that research and development efforts have really exploded. I imagine there is a lot of progress yet to come and we are really seeing the prototypes of what this technology will eventually become.

But it's nice to come in early and see how it works now! You're just in time for a front row seat for some innovations that change paradigm. Do not wait!

Information on the interviewee

Dr. Seth James Nielson is the founder and chief scientist of Crimson Vista, Inc., a computer security consulting firm. Dr. Nielson has consulted everyone from small technology companies to large medical device manufacturers on cryptography, cyber security and computer networks. He has also served as expert witnesses in various high-tech disputes. Dr. Nielson is also director of advanced research projects at the Johns Hopkins University Information Security Institute (JHUISI). She teaches network security and advanced network security courses with her own personalized curriculum and lab activities and mentors Master students in capstone projects. With a grant from Cisco, it is currently leading the development of a cryptographic knowledge base designed to help non-experts know how to properly use cryptography in their organizations.