What is Blockchain Technology?
Blockchain is a record-keeping technology designed to make it impossible to hack the system or forge the data stored on it, thereby making it secure and immutable.
Blockchain technology produces a structure of data with inherent security qualities. It’s based on principles of cryptography, decentralization and consensus, which ensure trust in transactions.
Blockchain Simply Explained
A simple analogy for understanding blockchain technology is a Google Doc. When we create a document and share it with a group of people, the document is distributed instead of copied or transferred. This creates a decentralized distribution chain that gives everyone access to the document at the same time. No one is locked out awaiting changes from another party, while all modifications to the doc are being recorded in real-time, making changes completely transparent.
Blockchain is an especially promising and revolutionary technology because it helps reduce risk, stamps out fraud and brings transparency in a scalable way for myriad uses.
How Does Blockchain Work?
Blockchain consists of three important concepts: blocks, nodes and miners.
Blocks
Every chain consists of multiple blocks and each block has three basic elements:
- Data: The data in the block.
- Nonce: A 32-bit whole number called a nonce. The nonce is randomly generated when a block is created, which then generates a block header hash.
- Hash: The hash is a 256-bit number wedded to the nonce. It must start with a huge number of zeroes (i.e., be extremely small).
When the first block of a chain is created, a nonce generates the cryptographic hash. The data in the block is considered signed and forever tied to the nonce and hash unless it is mined.
Miners
Miners create new blocks on the chain through a process called mining.
In a blockchain every block has its own unique nonce and hash, but also references the hash of the previous block in the chain, so mining a block isn’t easy, especially on large chains.
Miners use special software to solve the incredibly complex math problem of finding a nonce that generates an accepted hash. Because the nonce is only 32 bits and the hash is 256, there are roughly four billion possible nonce-hash combinations that must be mined before the right one is found. When that happens miners are said to have found the “golden nonce” and their block is added to the chain.
Nodes
One of the most important concepts in blockchain technology is decentralization. No one computer or organization can own the chain. Nodes can be any kind of electronic device that maintains copies of the blockchain and keeps the network functioning.
Types of Blockchain Networks
There are several ways to build a blockchain network. They can be public, private, permissioned or built by a consortium.
Public blockchain networks
A public blockchain is one that anyone can join and participate in.
Private blockchain networks
A private blockchain network, similar to a public blockchain network, is a decentralized peer-to-peer network. However, one organization governs the network, controlling who is allowed to participate, executing a consensus protocol and maintaining the shared documents. Depending on the use case, this can significantly boost trust and confidence between participants. A private blockchain can be run behind a corporate firewall and even be hosted on-premises.
Permissioned blockchain networks
Businesses who set up a private blockchain will generally set up a permissioned blockchain network. It is important to note that public blockchain networks can also be permissioned. This places restrictions on who is allowed to participate in the network. Participants need to obtain an invitation or permission to join.
Consortium blockchains
Multiple organizations can share the responsibilities of maintaining a blockchain. These pre-selected organizations determine who may access the data. A consortium blockchain is ideal for business when all participants need to be permissioned and have a shared responsibility for the blockchain.
Blockchain Security
Blockchain technology produces a structure of data with inherent security qualities. It’s based on principles of cryptography, decentralization and consensus, which ensure trust in transactions.
When building an enterprise blockchain application, it’s important to have a comprehensive security strategy that uses cybersecurity frameworks, assurance services and best practices to reduce risks against attacks and fraud.
Blockchain technology enables decentralization through the participation of members across a distributed network.
How security differs by blockchain types
Blockchain networks can differ in who can participate and who has access to the data. Networks are typically labeled as either public or private, which describes who is allowed to participate, and permissioned or permissionless, which describes how participants gain access to the network.
Public and private blockchains
Public blockchain networks typically allow anyone to join and for participants to remain anonymous. A public blockchain uses internet-connected computers to validate and achieve data.
Private blockchains use identity to confirm membership and access privileges and typically only permit known organizations to join.
When building a blockchain application, it’s critical to assess which type of network will best suit your business goals. Private and permissioned networks can be tightly controlled and preferable for compliance and regulatory reasons. However, public and permissionless networks can achieve greater decentralization and distribution.
Blockchain security tips and best practices
When designing a blockchain solution, consider these key questions:
- What is the governance model for participating organizations or members?
- What data will be captured in each block?
- What are the relevant regulatory requirements, and how can they be met?
- How are the details of identity managed? Are block payloads encrypted? How are the keys managed and revoked?
- What is the disaster recovery plan for the blockchain participants?
- What is the minimal security posture for blockchain clients for participation?
- What is the logic for resolving blockchain block collisions?
When establishing a private blockchain, ensure that it’s deployed in a secure, resilient infrastructure. Poor underlying technology choices for business needs and processes can lead to data security risks through their vulnerabilities.
Consider business and governance risks. Business risks include financial implications, reputational factors and compliance risks. Governance risks emanate primarily from blockchain solutions’ decentralized nature, and they require strong controls on decision criteria, governing policies, identity and access management.
Blockchain security is about understanding blockchain network risks and managing them. The plan to implement security to these controls makes up a blockchain security model. Create a blockchain security model to ensure that all measures are in place to adequately secure your blockchain solutions.
To implement a blockchain solution security model, administrators must develop a risk model that can address all business, governance, technology and process risks. Next, they must evaluate the threats to the blockchain solution and create a threat model. Then, administrators must define the security controls that mitigate the risks and threats based on the following three categories:
- Enforce security controls that are unique to blockchain
- Apply conventional security controls
- Enforce business controls for blockchain
Blockchain services and consulting can help you design and activate a blockchain network that addresses governance, business value and technology needs while assuring privacy, trust and security.
Blockchain projects we have delivered
In PSAG, we have delivered multiple blockchain projects across multiple L1s (Ethereum, Avalanche, Polkadot/Moonbeam, EOS and Solana) and L2s (Polygon, Optimism) etc.
The following is a brief synopsis of some projects we have delivered:
Utility Token launch (ERC-20)
Deliverables included:
- Responsible for end-to-end crypto lifecycle including token design, Tokenomics, IDO and IEO listing.
- Built functionality (solidity smart contracts and MERN stack) for token sale (private, launchpad and public), swap, wallet integration (over 60 wallets including Metamask, Walletconnect, Coinbase etc.), KYC/AML (Jumio), fiat-to-crypto onramp (integration with Moonpay and Now Payments), swap (ChangeNow), payment infrastructure including credit card gateways (Stripe), ACH (plaid) etc.
A DAO-based stablecoin
A crypto-backed, decentralized and self-regulating stable coin built on the multichain architecture (Polygon, Ethereum, Avalanche)
Deliverables included:
- Dual Token structure – stablecoin and asset coin
- Technology – MERN dapp, admin console and deployment on Ethereum
- Tools – Multi-sig wallet, Biconomy, Infura, IPFS, MythX, Mythril
Security Token launch (ERC-1404)
Developed an Ethereum-based security token and listed it on an Alternate Trading Systems (ATS).
Deliverables included:
- Technology – MERN dapp, Issuance Portal, ATS integration, Custody service integration
- Tools – Biconomy, IPFS, Slither and Mythril
- Exchange & ATS
Fully decentralized Launchpad
Developed a fully decentralized Launchpad that enables Projects looking to raise funds be on-boarded, voted on and raise funds. All this functionality is driven by the community with no centralized control.
Deliverables included:
- Dual token structure
- Technology – MERN dapp, admin console and deployment on Ethereum
- Tools – Multi-sig wallet, Biconomy, Infura, IPFS, MythX, Mythril