The National Institute of Standards and Technology (NIST), part of the US Department of Commerce, recently published a white paper, in which they proposed blockchain as a solution to data breaches.

The authors focus on the pros and cons of top-down vs. bottom-up identity management systems (IDMSs), with the overall conclusion being that blockchain, a bottom-up approach, can provide unprecedented security for users of both commercial and government systems.

This is an official stamp of approval from a government agency, suggesting blockchain might be on the verge of wide-scale adoption, beyond its original use in Bitcoin and other cryptocurrencies.

Blockchain Basics

In 2008, Satoshi Nakamoto published the now famous paper, in which he (or they) detailed the creation of Bitcoin, the first cryptocurrency. Since then, numerous other cryptocurrencies have been developed, such as Ethereum, Ripple’s XRP, etc. All of these run on slightly different forms of blockchain, which offers the benefits of decentralization, immutability, pseudo-anonymity, inflation control, enhanced security, greater accessibility, and faster speed.

Imagine blockchain as a giant ledger that records the amount of transferable data chunks each person owns. These data chunks can be freely transferred to participating parties for goods and services in the same way as any other digital currency. As they are transferred, the ledger is updated to reflect the new balances in each person’s account. This is essentially how any cryptocurrency works. However, if this were just a standard ledger, the obvious problems are that the ledger must be stored somewhere, is hackable, can be manipulated, reveals personal information of the users, and cannot possibly be updated efficiently if used on a wide scale.

Blockchain gets around these problems by distributing copies of the ledger to each of the users. When a transaction is made, it gets broadcasted to the other users, where it is combined with other transactions into a block. When the block is full, its transactions are verified through one of many consensus mechanisms and then chained to previous blocks. These consensus mechanisms are the heart of blockchain, as they ensure that only valid transactions are admitted to the ledger.

The most popular consensus mechanism is proof-of-work, which is employed by Bitcoin’s blockchain. Without getting too much into the nitty-gritty, this works by requiring and rewarding the users of the blockchain to solve a computationally intensive puzzle known as SHA-256. As the name suggests there are 2^256 possible solutions, meaning no one person or group of people could ever feasibly complete it. A puzzle this difficult could only be solved by the immense computational power of a large community, in this case the community of Bitcoin users. Therefore, the transactions that are added to the blockchain must have the weight of the majority of the community’s computational power behind it.

For example, if Hacker X broadcasts a transaction which says he or she now owns half of the Bitcoins, which is, of course, nonsense, then this will conflict with other transactions, as the same Bitcoins or fractions or Bitcoins are already accounted for elsewhere. In a dispute like this, the system naturally defaults to the transactions that have the most work put into it, meaning the ones that have solved the SHA-256 hash puzzle. Therefore, it is near impossible to manipulate the Bitcoin blockchain. However, if Hacker X were able to match the computational power of over half the community’s power, then he or she would be able to control the network, which is known as a 51% attack. This has happened to smaller, less distributed blockchains, but one as large as Bitcoin’s could never feasibly fall victim to such an attack.

Furthermore, each user has complete control of their own account, as it is not stored on any organization’s infrastructure. By downloading a Bitcoin wallet, for example, a person’s sensitive data is not in a centralized database waiting to be hacked. This also means that accessing and transferring the contents of the wallet can be done without third party permission. For example, if Person A wants to buy a product from Person B, then this can be done entirely person to person, not through a financial institution. Likewise, this makes the process much faster and cheaper. In fact, transferring cryptocurrencies has little to no fees and can take only a few seconds or minutes, give or take, depending on the cryptocurrency, whereas an international money transfer can take days and incurs significant fees.

Lastly, the amount of cryptocurrency available cannot be changed to control inflation or deflation. That is, the central banks behind traditional currencies often tweak the economy by printing more money, making borrowing money more expensive, etc. However, the amount of cryptocurrencies in the world are predefined, as they are created when the solution to the SHA-256 hash puzzle is solved, a process known as mining. The person or group that finds the solution is rewarded with freshly created cryptocurrency, although this decreases geometrically overtime. Therefore, there is a predictable amount added to the world, and there is a theoretical maximum that could ever exist.

Smart Contracts

Bitcoin was the first use of blockchain, but since its creation more advanced versions have been created that allow for more versatility and more creativity. In particular, the Ethereum blockchain added smart contracts.

In a normal contract a third party is needed to execute it or enforce it. That is, lawyers are often needed and the government is needed to make sure both parties follow the stipulations or be punished. However, with blockchain, all third parties are removed, again putting all of the power into the hands of the parties directly involved.

For example, if person A wants to buy the login credentials for a website from person B, then both people can transfer the money and the data through a smart contract via blockchain. Only when both parties meet the preset requirements will the blockchain execute the contract. By doing it this way, there is no way to defraud the other person and the contract is irreversible. The NIST white paper states that “The power of smart contracts is that they can implement data processing logic while the blockchain network guarantees its execution.”

Your Identity on Blockchain

Using all of the above ideas, experts are seriously considering storing personal info on blockchain to prevent data breaches such as what happened to Equifax in 2017. The basic idea is that traditional identity management systems (IDMSs) are centralized and prone to attacks, while blockchain is virtually unhackable because of its decentralization. No longer would your data sit on a company’s massive servers, which are hacked far more often than the average person realizes.

Furthermore, your personal data can only be transferred with your express consent via a smart contract, which ensures that it stays confidential. That is, the other party can only see what you want them to, as spelled out in the smart contract.

Therefore, the NIST authors have successfully made a case for a bottom-up approach instead of a top-down one, in that people’s information should be in their own hands, not the hands of a third party.

From a bigger perspective, over a billion people across the globe do not have an official identity. According to the UN, this means that “they are without the protection of law, and are unable to access basic services, participate as a citizen or voter, or transact in the modern economy.” This means these unfortunate people have a far more difficult time prospering, are more likely to be exploited, are more likely to disappear into the world of human trafficking, etc.

The UN wants to use the Ethereum blockchain to protect everyone’s identity by 2030. This is happening under the ID2020 initiative which is a collaboration between several UN agencies, companies, national governments, and non-profits. While this may be ambitious, it is clear that they agree people’s identity should be solely under their control. Third parties have their own agendas, are hacking targets, are inefficient, etc. In some lesser developed countries, a hostile government may target a group of people by denying them an official identity and all of the benefits that come with it. However, with blockchain not just your identity but your basic human rights can be protected.

Therefore, it seems that blockchain is taking its first consequential steps outside of cryptocurrencies by protecting our most sensitive information. While it is already transforming the financial sector, blockchain’s many benefits will soon be employed to protect our identity.

If you enjoyed the article, please consider donating!