To support enterprise-class blockchain applications, there’s a need for frameworks and methods that can guarantee dependability and trust at all times without sacrificing the distributed nature of the blockchain idea. That’s why ETSI created an industry specification group on permissioned distributed ledger (PDL) technologies.
In the decade since its creation, Bitcoin has demonstrated the potential for a technology that makes it possible to develop reliable distributed applications with no single controlling entity from components that are not required to be trusted a priori. The rapid pace of development in other blockchain and distributed-ledger implementations such as Ethereum have begun to show how new business models and applications can be built on top of the technology.
At the same time, this expansion in blockchain adoption has also demonstrated how subtle flaws in concepts and implementation can disrupt the trust and reliability on which blockchain applications depend. A number of smart-contract implementations on various public blockchains have succumbed to hacking attempts and even simple mistakes that have lost stakeholders millions of dollars.
Rapid evolution and the mistakes that result from overeager implementation can provide lessons to other developers. Enterprises are wary of the possible pitfalls of blockchains, but they are also keen to build systems that let them cooperate and compete in increasingly interconnected markets without being reliant on a single technology or service provider.
Later this year, the ETSI PDL group expects to deliver the first results of its work, a landscaping document that explores the technologies that are available to support PDLs, and another describing the operating scenarios for these systems. The second phase of the work aims to deliver the detailed specifications groups of enterprises will need to implement and manage PDLs in an open and trustworthy manner. The flow of specifications and frameworks for proof-of-concept implementations will help underpin the development of PDLs.
Work in the PDL group focuses on permissioned blockchains in contrast to the permission-less schemes exemplified by Bitcoin. This is because permissioned schemas supporting distributed ledgers provide the greatest scope for enterprise-level implementation with systems that can function by the cooperation of participants and cloud service providers. However, it is clear that industry needs guidance on how to deploy and run such infrastructures in an open way.
Under permissioned systems, only participants that are trusted are able to record and view changes to the blockchain, ensuring confidentiality for transactions. Such permissioned systems are potentially more scalable and easier to operate because they can use alternatives to the computationally intensive proof-of-work protocols that typify most existing public blockchains. Their use of access controls also increases security.
However, as with any other networked system, the permissioned nature of the blockchain is not a complete solution for guaranteeing protection against attacks. So, the PDL group is exploring how to address end-to-end security requirements.
Not only does the blockchain need to guard against updates being subverted, the systems that underpin it must protect data at every point. Users want to be sure that plaintext is not used for a transaction at any point, from the moment it is created by an edge device to the final record that appears in the blockchain. Often, there will be a mixture of private data and records that can be examined by other PDL participants, which in turn calls for different levels of encryption and key management.
The distributed nature of PDLs means successful implementations will require more advanced methods for authenticating transactions that can operate in a peer-to-peer environment, a factor that increases complexity. The specifications also need to take into account the likely need for different PDL implementations to interoperate and share data securely.
To ensure the adoption and growth of practical PDLs, the specifications and standards produced by the group will be open. But an equally vital aspect of the process is to ensure that industry’s needs are reflected through a wide and varied membership that is being assembled within the PDL specification group. Already members involved include participants from telecom, IT, agriculture, industrial manufacturing, national governments and others.