By: Simon Brooke :: 19 April 2023
I've just been listening to a podcast by someone I very much respect, in which she's being sold snake oil by a crypto bro. It's in the nature of good people that they are trusting, and there's enough appearance of complexity around blockchain to bedazzle the credulous.
But essentially blockchain is a very simple idea, and once you understand it, you understand why it's a very bad idea.
Suppose Andrew, Belinda and Charles all store their goods in the same shed. The goods are all a commodity, each box the same as every other. They want to remember how many boxes are owned by each of them. So Andy takes a ledger, and writes down, in ink, how many boxes they've each put in; and he signs it (or perhaps they all sign it, but that's a detail which doesn't matter).
Some time later, Belinda sells some of her share to Andrew. So she adds a line on the bottom of the page, also in ink, detailing the transfer, and she signs it.
A bit after that, Charles becomes dissatisfied with his share, so he decides to alter the ledger. But he can't, because if he attempts to scribble out the numbers and substitute new ones, it will be obvious; and if he takes a new, identical ledger, and makes a fair copy (except with the numbers changed), he can't do that, either, because he can't forge Andrew and Belinda's signatures.
This is the basis of a blockchain: a sequence of statements (or blocks), each of which is signed, such that each signature verifies not only the information in the most recent statement, but also the chain of preceding statements.
This isn't very complicated, yet, is it?
Suppose we keep the ledger on a computer. Computer memory can be overwritten, changed. How do we guarantee that no-one can fraudulently modify the ledger? Suppose, in order to be used by different people in different places, we allow the ledger to be copied across the network, and, later, some of those copies are inconsistent with others, how do we know which one is correct?
This is where we introduce a little bit of complexity, some Hard Sums. But I'll explain it simply.
Asymmetric encryption
Asymmetric encryption is the basis both of public-key cryptography and of digital signatures, and consequently, also of computer implementations of blockchains. Essentially, asymmetric encryption is based on pairs of keys, such that an encryption made with one can be undone with the other, but that a person who knows one of the keys does not need to know the other.
Typically, people who use public key cryptography each have their own key pair. One of the keys they keep secret, and that is known as their 'secret key'. The other, they give to everyone with whom they want to exchange encrypted messages. This is known as their 'public key.' Here's mine:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFChZSEBCAD1JhdpjzOLU2Mw1cmX5IV3ou9usWkpNDObz1HyUNWAEbhA8LV6
CPgTJtfrwj/rZr2oJjVfHaf8M7j/qqwEqaXj+3DBnT4JD6wMyJ/ncIFNkF/nLeQ1
48gxNW4KIaFFpDIOl/n/IKIJvrXLjN4NpLAbbfNDSZe3CsSSp0EDGsQzywE957lx
i84hOSMmUWfMDZ1j6u7SFmQliUmIGjmvlCTYHktBHrRE1zyk2yOVjTGBtUiVSQbI
T6+DECbcj0z3rXA+6aL/Pv3XX/Esf4peyp1wuHsbGAe/7WggkYXf8XIMcZk7QnEo
AGyOIPvNZDHT2GM0d9xBr4S/y6hU7irH+7cxABEBAAG0NVNpbW9uIEJyb29rZSAo
U3R1bHR1cyBpbiBtb250ZSkgPHNpbW9uQGpvdXJuZXltYW4uY2M+iQE4BBMBAgAi
BQJQoWUhAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCnpPGNHU35hzSq
CACZTBgQ+pWmPd2ezFgS5WD5zwhrUGsV+RlIZaeqLjrLZcZRJCfboMINSAR4Rf+U
kL7JNpIQ1GXugYVJzABCZAlMYJr4U7KaQMuGtCntFLxuz/5gbVX0p19j/5yJvgIJ
wQ32kdOSXPM3RiSW84rxLFR0yRJZi9b7adTEMXSe4bV8TASzN06qzcmpJm6Zrtfv
I8ATflqud4HSXeGmFjJeHUEwmyLIjZUtubnm68DfW5pPy7aVMQ+FsODm64b0+V+N
WJ9O1rfGq+h9Gl4B/MHWMGytpEhguIz0Se+6rw8cds7n9/vNJkUIfOJcVwLaqDC8
E1R0u/pukiUyJhqUT+KOkq/2uQENBFChZSEBCAC8EcrNiWW8scabow6ocP25n9Ui
N9wd+zsDjgCgAVcWOmdjIPHZzvGt/4h0N7uIFzIzFm10lltiP87B0uD3j3u9PnFJ
B4Hc0gaTBGInw0kuvQWvhfhIm2NihN0VO0yTFhpEmEF4jBoi9nfcsjgi6RTKlH6w
CfNTTVCXMDjkn01PP0TS27a7SiDPE7slLaqBiiHPQdvQuETMnM94EXMIDDuAoJ+f
ZD+39FRlTE33KzvkO5mVgAiYTa5hDsu7X7We2CdjyO+biovK1P0yuLSVmiQ0UFEF
mnsxGCK7aRKawmfGVTMNARRly5kuwn1Kw0T1CqFPkJfjJRkThgc+uTsVRWHXABEB
AAGJAR8EGAECAAkFAlChZSECGwwACgkQp6TxjR1N+YdBSwf/TjY+0WDTM2QOH3up
Zzdea05cGTvAaN/UQuv0q35hq894o/7SP0QXejvKJG+xYLrgb9o8rDW10spw0dNd
S6nxvXvTFEfNuAA+peUGph2CbA9DhXOmdGnfTETx9EfY31NQ65nUabq+0e0e5J7C
w4mOhohGsJybq0vZheWGL1Tq64D+pEdZEUGjTirswFYTAtLGehiy08JRsOhERvoU
FVIrJyUw0Uw9Z1BChlrgbhHkO7bZscaB1VEmdWEuR8tQZE3G/SgM46OhZqoehYBZ
V9pVCKTFrXsuMwe1BdfMFpe3/Zlfm6fSGvtUdjmJep01hg/XMsjHdDdUAkalEFm1
25V+1g==
=zzv2
-----END PGP PUBLIC KEY BLOCK-----
Because any message encrypted with my public key can be decrypted only with my private key, if you send a message encrypted with my public key (which you now have; it's there, above, and you are welcome to copy it and use it), only I can read it. Because any message that can be decrypted with my public key must have been encrypted with my private key, if you receive such a message you know that I sent it. That's public key encryption.
Digital signatures are similar: if I write a message, and then compute a hash of that message, and encrypt just the hash with my private key and add the encrypted hash to the message, then you can read the message whether you know my public key or not. But if you do know my public key, you can decrypt the hash, and compute your own hash of the message. If the hash you computed is the same as the hash I computed, you know that the message you have is identically the same as the message I signed: that it hasn't been tampered with.
So a computer implementation of a blockchain is a sequence of messages, such that each is signed with a hash of that message and at least the immediately preceding message. This means that each signed message verifies the one before it, right back to the start of the chain, so that anyone can verify the integrity of the chain, right back to the very first one, without having to know any of the private keys involved.
OK, this still isn't very complicated, is it? So, why is it a bad idea?
Why do we need signed ledgers anyway?
If Andrew, Belinda and Charles all trusted each other they wouldn't need to keep a signed ledger of what was in their shed in the first place. But, because they're actually pirates, they don't trust one another. They need the signed ledger because they're distrustful. But suppose they all trust Diana: then, they can ask Diana to keep the ledger for them, and when any of them wants to check what's in it, they can ask her.
The ledger in the age of the Internet
In introducing the idea of public key cryptography, I've skated over what it costs. Public key cryptography is based on quite complicated arithmetic, and so encrypting and decrypting a message are quite computationally intensive tasks. So to encrypt or decrypt a message burns a certain amount of electricity (this is before we talk about 'Proof of Work', which we will get on to, but the point I'm making here is that even without 'Proof of Work' any encryption has a real cost in energy which is contributing to burning the planet. This does not come free.)
So, can we keep a ledger on computer without encryption? The answer is yes, easily. Any conventional database engine, for example, allows you to create tables on which users can have any combination of four basic permissions:
Select: the user can select (read) data from the table;
Insert: the user can add new records into the table;
Update: the user can alter existing records in the table;
Delete: the user can permanently delete records from the table.
A ledger is simply a table which everyone can read, everyone or some selected users can insert into, but no one at all can either update or delete from. Diana's job, as the trusted database administrator, is simply to not authorise anyone to have either update or delete permissions. If people want to take copies of the ledger to keep on their own machines, Diana can give them a copy; if anyone wants to verify that the copy they have been given has not been tampered with, they can take a hash of their copy and ask Diana for a hash of the master table up to the date at which their copy was made. If the hashes are the same, all's good.
Databases are simple, well understood, proven technology. The energy cost — the electricity burned — in maintaining a simple database table is orders of magnitude less than that of a cryptographically signed blockchain.
But wait: it gets worse. It gets much, much worse.
Proof of Work
You create Bitcoins with 'Proof of Work'. What is 'Proof of Work'? It is, literally, proof that work has been done. Not 'useful work'. Just verifiable work. And the work which requires to be done to create a new Bitcoin is to find a number, called a 'nonce', which has never before been used as a nonce in the Bitcoin blockchain and which is also a valid cryptographic hash of the current state of the chain; and these criteria are especially chosen to make nonces hard to find. Otherwise it wouldn't be work, would it?
The consequence is that the process of 'mining' Bitcoins is phenomenally expensive in energy: the University of Cambridge's Bitcoin Electricity Consumption Index estimates the total cost of Bitcoin mining this year alone at 147.82 Terawatt hours. That's the energy equivalent of making 40 million tons of steel.
And that's for only 825,000,000 transactions, world wide, per year; it's 179 kWh per transaction. The average UK household consumes 242 kWh of electricity per month. There are 2.1 billion debit card transactions per month, in the UK alone. To move all those transactions onto Blockchain would increase UK electricity consumption per household by two hundred and twenty-one thousand times. That is six orders of magnitude.
Furthermore the theoretical maximum number of nonces is finite, and the cost of finding them is deliberately designed to continue rising over time, making them increasingly expensive in real resources — in real carbon burned — to find.
Not all cryptocurrencies depend on the same proof of work algorithm as Bitcoin, of course. 'Fiat' crytocurrencies — cryptocurrencies issued by a 'central bank' — would not. Simply, any coin not signed with the central bank's secret key would not be a valid coin, just the same as any metal coin not struck in the central bank's mint is not now a valid coin. But there are two objections to this: one is that most of the crypto-bros are soi-disant 'libertarians' (who still believe in laws protecting property, which seems an odd sort of libertarian to me), and so object to the idea of a central neutral institution running anything at all; and the other is that, even if you do away with Proof of Work, the cryptography necessary to blockchains is still an added cost (although a much smaller added cost) that adds no benefit.
That leaves all the other cryptocurrencies which are not backed by a central bank, however — which is almost all of them. Unless they have some equivalent of a proof of work algorithm, then anyone can produce large numbers of coins easily and instantly, and the currency collapses in runaway hyperinflation.
There are various schemes about 'Proof of Useful Work', under which units of currency would be created by proving that work has been done on problems of real-world utility, by frankly none of these is convincing; all I've seen are pretty thin and most certainly all could be gamed.
Summary
In summary, a blockchain does nothing at all which cannot be done many orders of magnitude more cheaply by a database with a trusted administrator; and the problem of creating a cryptocurrency which is not absolutely ruinously expensive in terms of cost to the planet has not been solved. And that's before you get into all the speculation and fraud and dishonesty and Ponzi schemes that swirl around the cryptocurrency industry.
Whatever your problem, blockchain — and cryptocurrency in particular — is not a solution.
« Out, brief candle? | | The properties of the system, and their values »
