Here we are in 2019, 10 years after the birth of the first Blockchain (Bitcoin). There are a number of identified use cases for blockchain being currently being investigated and implemented, and a number of these have even gained real traction and are now being used in Production environments. The most popular non cryptocurrency use case by far has been ‘track and trace’ type scenarios, where a blockchain provides a shared, immutable, single source of truth for some kind of data or entities that go through multiple steps or hops in their life cycle, with each step of the process being added to the distributed ledger potentially by multiple parties. And after attending the ADC Blockchain Forum recently here in Adelaide Australia, it became obvious that this was the most popular application of enterprise blockchain currently being explored.

Example of using a blockchain to monitor pharmaceutical goods from manufacturer to end user. Source: Software Strategies Blog

This is the most obvious use case to start off with blockchain technology when looking outside the realm of cryptocurrencies. It’s a great fit for an append only ledger, generally isn’t too data intensive, and is a suitable low complexity example for proving that the technology works. However it isn’t the end goal for realizing the full potential of blockchain technology, it’s only the beginning. The end goal for realizing the full potential of blockchain technology is ‘Blockchain as a Platform’ (BaaP). Let me explain what this means.

When it comes to Blockchain and Distributed Ledger Technology (DLT), the real beauty of it is in the decentralized consensus, and the immutability it provides when it comes to not only adding data to the ledger, but also running turing complete programs on what is essentially a decentralized computer….that’s right, Smart Contracts!

Even though Smart Contracts aren’t really that smart (and they aren’t really contracts either), when you combine them with a blockchain you have a new technological advancement that becomes as ground breaking as the internet itself. The ability for a trustworthy, self executing, tamper proof digital agreement to be deployed and executed on a distributed ledger is absolutely game changing. But it’s only game changing if its used in conjunction with other technology and processes. On it’s own its essentially just a program running on multiple computers.

While focusing on what a blockchain can be used for from a data perspective (ie track and trace) has certain use cases, having a tamper proof digital agreements executed on a distributed ledger has far more potential use cases. In fact, they have the potential to replace a large percentage of digital agreements in use today.

But how can Smart Contracts and blockchain technology be used to achieve this? The answer is that they can’t do it on its own. They need to be incorporated into a wider set of business processes and technologies, so that the whole process END TO END is superior to what is used today.

For this to happen, Smart Contracts need to be used in an end to end process that involves other systems and parties. This means it needs connectivity to external resources. They need to be able to have external data sent in, and they need to be able to push out data to external systems. In addition to this, the whole process end to end needs to be as secure and immutable as possible. Data Integrity is a subject often brought up at blockchain events as a crucial barrier to adoption, but its rarely discussed in detail. The focus is usually always on the blockchain itself, which already has a high level of security and integrity. But to mitigate risk and increase security, you need to look at data integrity from an end to end perspective, not from just within the blockchain.

Data Integrity - An end to end perspective

Data points

If you need to get external data into a Smart Contract on a blockchain, you need to ensure the integrity of the data remains. From a data point perspective, that data may be coming from another system, or it may be coming from a web service API, or maybe an IOT device. The point is, if you want to ensure the integrity of the data, you should try decentralize the data, and obtain it from multiple data points/sources. This way you can know if one of the data sources is potentially compromised, and can act accordingly. Whether you can do this depends on the scenario though. In the case of needing to know what the weather is, or the price of a stock, you can use multiple data points. But if you’re grabbing data from an enterprise ERP system, then this option isn’t really available, so you can only really use the 1 data point.

Oracles

Oracles are the means in which data is sent to/received from a Smart Contract on a blockchain. They are essentially a piece of software running on a machine, because Smart Contracts can only access data from within the blockchain itself.

Oracles are both a blessing and a curse. Apart from their obvious advantages of opening up the blockchain to a wider set of real world use cases, the disadvantage of using Oracles is that being a trusted third party between the data source and the Smart Contract, they add a new potential point of failure in what its meant to be a highly secure and tamper proof solution. Despite all the great properties that a blockchain has in regards to security and immutability, if an Oracle is compromised then the whole Smart Contract can be gamed to behave in a certain way. In this new incoming era of automated execution of digital agreements that cut out third parties and manual intervention, we need to do all that’s possible to prevent this from happening.

“ Trusted third parties are security holes, and whether they are ‘good guys’ or ‘bad guys’ is largely irrelevant to this fact” - Nick Szabo

A good way to remove or mitigate this extra possible point of failure is to also decentralize the Oracle layer, and to pass data from data points to the blockchain in a decentralized way. This means if you have 3 data points that are being used to pass data into a Smart Contract, you can have 3 or more Oracles that pass the data in. If there is only 1 data source for the data going into the blockchain, you can still use 3 Oracles to pass the data in, this way we will know if one of them was compromised, as they won’t reach a consensus on the data. Startup Smart Contract has built their Chainlink Blockchain Middleware platform which facilitates these features, and is set to go live soon on May 30.

Using the Chainlink platform to decentralize Data Points & Oracles. Source: Chainlink White Paper

Trusted Execution Environments

Another method for ensuring the integrity of the data passed into a Blockchain by an Oracle is via the use of Trusted Execution Environments. When it comes to cyber and web security, a defense in depth approach is often taken to minimize the risk of a security breach, and in the world of blockchain technology it should be no different. The decentralization of data feeds and Oracles can be used in conjunction with Trusted Execution Environments, should the security requirements of the end to end solution require this level of security.

A Trusted Execution Environment is a specialized piece of hardware that allows the software (in this case an Oracle) to run in a secure enclave, separate from the Operation System and other processes. This provides an extra layer of integrity and confidentiality, because the trusted computing base has been lowered, and there are less places in which people can attack the software (Oracle). One example of an Oracle running in a Trusted Execution Environment is the Town Crier project, which uses Intel SGX.

Example of a Trusted Execution Environment feeding data to a Flight Insurance Smart Contract. Source: Town Crier Blog post

Output

Output of a Smart Contract works in a similar fashion to its input, Oracles are required to capture data. This means the same solutions can be proposed here. If you have a specific output, whether it’s a payment or something else, you can use multiple Oracles to capture this, then they can reach a consensus on what is meant to happen. When/if they all agree, then the action can be performed, having a high degree of confidence that the actual output of the Smart Contract was not tampered with or modified at any time from when the output was reached in the Smart Contract, to when the intended action was triggered.

Bringing it all together

Data integrity is a rarely discussed but very important discussion point when it comes to blockchain technology and its adoption For it to be truly adopted the problem needs to be looked at from an end to end perspective, not just from within the blockchain itself.

When you bring everything together and combine Blockchain technology with externally connected and highly secure Smart Contracts that have the ability to be used in end to end processes that involve more than just the blockchain and adding data to the ledger…then you will see a whole new era of digital agreements come into fruition, from just about every industry and vertical that exists.

You will see companies using Smart Contracts to do business with eachother using this technology, where the Blockchain and Smart Contracts are used purely as a platform to execute digital agreements, as opposed to using the blockchain as a means to have a shared view of data that gets appended to the ledger. This is the real killer use case of Blockchain, Blockchain as a Platform! These businesses won’t be using the blockchain to ‘track and trace’ things, they will be using it as a platform to deploy and execute these superior digital agreements.

The fourth industrial revolution is coming. AI, big data, blockchain and machine learning are going to drastically change the way businesses operate. Smart Contracts running on a Distributed Ledger will play a big part in this, but for this to be realized we need to ensure high level of security and risk mitigation across the whole process, all the while maintaining the highest level of data integrity. Only then will the true potential of Blockchain & Smart Contracts technology be realized.