![](\"https:\/\/media.wired.com\/photos\/5c5a1f3145e0ae2c6bccfbe7\/master\/pass\/Blockchain-Cyrpto-LaTigre.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: BRUCE SCHNEIER| Date: Wed, 06 Feb 2019 14:00:00 +0000<\/strong><\/p>\n In his 2008 white paper<\/a> that first proposed bitcoin<\/a>, the anonymous Satoshi Nakamoto concluded with: \u201cWe have proposed a system for electronic transactions without relying on trust.\u201d He was referring to blockchain<\/a>, the system behind bitcoin cryptocurrency. The circumvention of trust is a great promise, but it\u2019s just not true. Yes, bitcoin eliminates certain trusted intermediaries that are inherent in other payment systems like credit cards. But you still have to trust bitcoin\u2014and everything about it.<\/p>\n Bruce Schneier<\/a> is a security technologist who teaches at the Harvard Kennedy School. He is the author, most recently, of Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World<\/a><\/em>.<\/p>\n Much has been written about blockchains<\/a> and how they displace, reshape, or eliminate trust. But when you analyze both blockchain and trust, you quickly realize that there is much more hype than value. Blockchain solutions are often much worse than what they replace.<\/p>\n First, a caveat. By blockchain, I mean something very specific: the data structures and protocols that make up a public<\/em> blockchain. These have three essential elements. The first is a distributed (as in multiple copies) but centralized (as in there\u2019s only one) ledger, which is a way of recording what happened and in what order. This ledger is public, meaning that anyone can read it, and immutable, meaning that no one can change what happened in the past.<\/p>\n The second element is the consensus algorithm, which is a way to ensure all the copies of the ledger are the same. This is generally called mining; a critical part of the system is that anyone can participate. It is also distributed, meaning that you don\u2019t have to trust any particular node in the consensus network. It can also be extremely expensive, both in data storage and in the energy required<\/a> to maintain it. Bitcoin has the most expensive consensus algorithm the world has ever seen, by far.<\/p>\n Finally, the third element is the currency. This is some sort of digital token that has value and is publicly traded. Currency is a necessary element of a blockchain to align the incentives of everyone involved. Transactions involving these tokens are stored on the ledger.<\/p>\n Private blockchains are completely uninteresting. (By this, I mean systems that use the blockchain data structure but don\u2019t have the above three elements.) In general, they have some external limitation on who can interact with the blockchain and its features. These are not anything new; they\u2019re distributed append-only data structures with a list of individuals authorized to add to it. Consensus protocols have been studied in distributed systems for more than 60 years. Append-only data structures have been similarly well covered. They\u2019re blockchains in name only, and\u2014as far as I can tell\u2014the only reason to operate one is to ride on the blockchain hype.<\/p>\n All three elements of a public blockchain fit together as a single network that offers new security properties. The question is: Is it actually good for anything? It's all a matter of trust.<\/p>\n https:\/\/twitter.com\/vgcerf\/status\/1019987651301081089<\/a><\/p>\n Trust is essential to society. As a species, humans are wired to trust one another. Society can\u2019t function without trust, and the fact that we mostly don\u2019t even think about it is a measure of how well trust works.<\/p>\n The word \u201ctrust\u201d is loaded with many meanings. There\u2019s personal and intimate trust. When we say we trust a friend, we mean that we trust their intentions and know that those intentions will inform their actions. There\u2019s also the less intimate, less personal trust\u2014we might not know someone personally, or know their motivations, but we can trust their future actions. Blockchain enables this sort of trust: We don\u2019t know any bitcoin miners, for example, but we trust that they will follow the mining protocol and make the whole system work.<\/p>\n Most blockchain enthusiasts have a unnaturally narrow definition of trust. They\u2019re fond of catchphrases like \u201cin code we trust<\/a>,\u201d \u201cin math we trust<\/a>,\u201d and \u201cin crypto we trust<\/a>.\u201d This is trust as verification. But verification isn\u2019t the same as trust.<\/p>\n In 2012, I wrote a book about trust and security, Liars and Outliers<\/em><\/a>. In it, I listed four very general systems our species uses to incentivize trustworthy behavior. The first two are morals and reputation. The problem is that they scale only to a certain population size. Primitive systems were good enough for small communities, but larger communities required delegation, and more formalism.<\/p>\n The third is institutions. Institutions have rules and laws that induce people to behave according to the group norm, imposing sanctions on those who do not. In a sense, laws formalize reputation. Finally, the fourth is security systems. These are the wide varieties of security technologies we employ: door locks and tall fences, alarm systems and guards, forensics and audit systems, and so on.<\/p>\n These four elements work together to enable trust. Take banking, for example. Financial institutions, merchants, and individuals are all concerned with their reputations, which prevents theft and fraud. The laws and regulations surrounding every aspect of banking keep everyone in line, including backstops that limit risks in the case of fraud. And there are lots of security systems in place, from anti-counterfeiting technologies to internet-security technologies.<\/p>\n In his 2018 book, Blockchain and the New Architecture of Trust<\/a><\/em>, Kevin Werbach outlines four different \u201ctrust architectures.\u201d The first is peer-to-peer trust. This basically corresponds to my morals and reputational systems: pairs of people who come to trust each other. His second is leviathan trust, which corresponds to institutional trust. You can see this working in our system of contracts, which allows parties that don\u2019t trust each other to enter into an agreement because they both trust that a government system will help resolve disputes. His third is intermediary trust. A good example is the credit card system, which allows untrusting buyers and sellers to engage in commerce. His fourth trust architecture is distributed trust. This is emergent trust in the particular security system that is blockchain.<\/p>\n What blockchain does is shift some of the trust<\/a> in people and institutions to trust in technology. You need to trust the cryptography, the protocols, the software, the computers and the network. And you need to trust them absolutely, because they\u2019re often single points of failure.<\/p>\n When that trust turns out to be misplaced, there is no recourse. If your bitcoin exchange gets hacked<\/a>, you lose all of your money. If your bitcoin wallet gets hacked<\/a>, you lose all of your money. If you forget your login credentials, you lose all of your money. If there\u2019s a bug in the code<\/a> of your smart contract, you lose all of your money. If someone successfully hacks the blockchain security<\/a>, you lose all of your money. In many ways, trusting technology is harder than trusting people. Would you rather trust a human legal system or the details of some computer code you don\u2019t have the expertise to audit?<\/p>\n Blockchain enthusiasts point to more traditional forms of trust\u2014bank processing fees, for example\u2014as expensive. But blockchain trust is also costly; the cost is just hidden<\/a>. For bitcoin, that's the cost of the additional bitcoin mined, the transaction fees, and the enormous environmental waste.<\/p>\n Blockchain doesn\u2019t eliminate the need to trust human institutions. There will always be a big gap that can\u2019t be addressed by technology alone. People still need to be in charge, and there is always a need for governance outside the system. This is obvious in the ongoing debate about changing the bitcoin block size<\/a>, or in fixing the DAO attack<\/a> against Etherium<\/a>. There\u2019s always a need to override the rules, and there\u2019s always a need for the ability to make permanent rules changes. As long as hard forks are a possibility\u2014that\u2019s when the people in charge of a blockchain step outside the system to change it\u2014people will need to be in charge.<\/p>\n Any blockchain system will have to coexist with other, more conventional systems. Modern banking, for example is designed to be reversible. Bitcoin is not. That makes it hard to make the two compatible, and the result is often an insecurity. Steve Wozniak was scammed out of $70K<\/a> in bitcoin because he forgot this.<\/p>\n Blockchain technology is often centralized. Bitcoin might theoretically be based on distributed trust, but in practice, that\u2019s just not true. Just about everyone using bitcoin has to trust one of the few available wallets, and use one of the few available exchanges. People have to trust the software and the operating systems and the computers everything is running on. And we've seen attacks against wallets and exchanges. We\u2019ve seen Trojans and phishing and password guessing. Criminals have even used flaws in the system that people use to repair their cell phones to steal bitcoin.<\/p>\n Moreover, in any distributed trust system, there are backdoor methods for centralization to creep back in. With bitcoin, there are only a few miners of consequence. There\u2019s one company that provides most of the mining hardware<\/a>. There are only a few dominant exchanges. To the extent that most people interact with bitcoin, it is through these centralized systems. This also allows for attacks against blockchain-based systems.<\/p>\n These issues are not bugs in current blockchain applications, they\u2019re inherent in how blockchain works. Any evaluation of the security of the system has to take the whole socio-technical system into account. Too many blockchain enthusiasts focus on the technology and ignore the rest.<\/p>\n To the extent that people don\u2019t use bitcoin, it\u2019s because they don\u2019t trust bitcoin. That has nothing to do with the cryptography or the protocols. In fact, a system where you can lose your life savings if you forget your key or download a piece of malware is not particularly trustworthy. No amount of explaining how SHA-256 works to prevent double-spending<\/a> will fix that.<\/p>\n Similarly, to the extent that people do use blockchains, it is because they trust them. People either own bitcoin or not based on reputation; that\u2019s true even for speculators who own bitcoin simply because they think it will make them rich quickly. People choose a wallet for their cryptocurrency, and an exchange for their transactions, based on reputation. We even evaluate and trust the cryptography that underpins blockchains based on the algorithms\u2019 reputation.<\/p>\n To see how this can fail, look at the various supply-chain security systems<\/a> that are using blockchain. A blockchain isn\u2019t a necessary feature of any of them. The reasons they\u2019re successful is that everyone has a single software platform to enter their data in. Even though the blockchain systems are built on distributed trust, people don\u2019t necessarily accept that. For example, some companies don\u2019t trust the IBM\/Mersk system<\/a> because it\u2019s not their<\/em> blockchain.<\/p>\n Irrational? Maybe, but that\u2019s how trust works. It can\u2019t be replaced by algorithms and protocols. It\u2019s much more social than that.<\/p>\n Still, the idea that blockchains can somehow eliminate the need for trust persists. Recently, I received an email from a company that implemented secure messaging using blockchain. It said, in part: \u201cUsing the blockchain, as we have done, has eliminated the need for Trust.\u201d This sentiment suggests the writer misunderstands both what blockchain does and how trust works.<\/p>\n Do you need a public blockchain? The answer is almost certainly no<\/a>. A blockchain probably doesn\u2019t solve the security problems you think it solves. The security problems it solves are probably not the ones you have. (Manipulating audit data is probably not your major security risk.) A false trust in blockchain can itself be a security risk. The inefficiencies, especially in scaling, are probably not worth it. I have looked at many blockchain applications<\/a>, and all of them could achieve the same security properties without using a blockchain\u2014of course, then they wouldn\u2019t have the cool name.<\/p>\n Honestly, cryptocurrencies are useless. They're only used by speculators looking for quick riches,\u00a0people who don't like government backed currencies, and criminals who want a black-market way to exchange money.<\/p>\n To answer the question of whether the blockchain is needed, ask yourself: Does the blockchain change the system of trust in any meaningful way, or just shift it around? Does it just try to replace trust with verification? Does it strengthen existing trust relationships, or try to go against them? How can trust be abused in the new system, and is this better or worse than the potential abuses in the old system? And lastly: What would your system look like if you didn\u2019t use blockchain at all?<\/p>\n If you ask yourself those questions, it's likely you'll choose solutions that don't use public blockchain. And that'll be a good thing\u2014especially when the hype dissipates.<\/p>\n WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here<\/a>. Submit an op-ed at opinion@wired.com<\/em><\/p>\n