How to Implement a Blockchain based Solution with “An ABCD Approach"

We are standing on the cusp of a revolution with the advent of blockchain that will make us fundamentally rethink the mechanics of day to day transactions and providing a platform for digital transformation. As the business processes converge with technical implementations into platforms there is a plethora of technologies available and blockchain is one the key technologies that will revolutionize and touch every aspect of our life. The driving factor for all this is "TRUST" and how we can manage and enforce it in a distributed computing world.

 I feel It’s time to act vs sitting in the sidelines watching and waiting for clarity. Enterprises must be positioned in their sector to identify and pursue the opportunities as the landscape evolves. It might not be the perfect solution as the problem we define might itself change and technology we build on evolves but we must start somewhere. Again, blockchain is also not a fit for every business process so there is a need to evaluate its applicability.

 For a quick introduction on Blockchain please refer to my previous article "Demystifying Blockchain" - http://bit.ly/2KqsWxu

 STEP 1 - Identifying the right use case for Blockchain

Here are 3 simple questions to start with -

 a.    Do you track an asset through its lifecycle as part of your business process?

b.    Do you need audit history of the transactions leading to asset transitions?

c.     Do you have multiple 3rd parties involved in this process that require trust?

 If the answer is yes to all 3 questions, then blockchain can be a possible solution.

STEP 2 - Evaluate a blockchain solution

Here is simple framework to think about the different pieces of blockchain technology that need to be put together to build your blockchain based solution.

The essence of a blockchain solution is a Business value chain/process where there is Consensus among multiple parties involved in tracking ownership or state of an Asset over a Distributed network providing a trusted record of transactions among the parties— the ledger that is immutable and tamperproof. Blockchain's data structure ensures authenticity and data integrity through cryptographic mechanisms to arrive at a consensus.

 They 4 key components of this framework are

A Asset

B Business Value Chain

C Cryptographic Consensus

D Decentralized Peer to Peer Network

Lets take each of these components and understand what decisions have to be made

A Asset

An asset can be a physical or digital item within the business process that is being transacted across the value chain. This asset/credit/unit is cryptographically transferred from one user to another user from one wallet to another by using digital signatures with public/private key pairs. The asset itself is usually stored off the chain. 

In the case of cryptocurrency creation (such as the reward for mining), the system itself generates and distributes the currency via the same cryptographic mechanisms.

Asset Safety

Just because an asset is tracked on the blockchain doesn’t guarantee its safety. Remember blockchain is an immutable ledger of the transactions about the asset between multiple parties. It does not store the actual asset.

B Business Value Chain Process 

Your Business value chain Process is a set of activities that you are performing to deliver a valuable product or service for the market. For implementing it on blockchain you should be have multiple parties involved in this process with a need to manage trust and share transactions in a common data store (distributed ledger) . You will need to identify the various users involved, how you will be transacting on the blockchain. These business rules can then be encapsulated as smart contracts to enable the exchange/transfer of the asset on the blockchain. Certain functions can also exposed as an API to build Distributed Apps(Dapps) to deliver the overall capability.

Smart contracts

Smart contracts are self-executing programs running on top of a blockchain network and encapsulate the business logic to be executed based on the state transition events of the asset being tracked as part of the business process. They are designed to allow automation of execution and settlement of the transactions. The smart contract that’s defined between the different parties involved in which involves 2 key components

·       A data model that captures the current state of the ledger

·       Business Rules that changes the ledger state exposed as public api methods that contains the business logic.

Dapps

Decentralized applications (Dapps) are software applications that enable members of the business process to interact, collaborate and transact. They use an immutable shared ledger to cryptographically store their record of operations. They can have front-end code not resident on blockchain, but the back-end code is provisioned through the distributed ledger, primarily through smart contracts.

C Cryptographic Consensus

Consensus is the set of steps taken by all or most of the users on the network to agree on a proposed state or value.. This is also referred o to as the consensus protocol - A protocol used to build consensus among participants around which transactions will be accepted, and in what order, by the ledger. The nature of the consensus algorithm indicates the degree to which a blockchain system is actually decentralized.

This is a key decision and driver of security, scalability and reliability of the business process is also a key differentiator between the platforms and business process needs. Each of these protocols has its pros and cons and this is still an area of intense research currently and this is also the key capability that is holding back blockchain getting rolled out faster

Key consensus protocols being used today are

• Proof of Work (POW) -In the proof of work model, a user gets the right to publish the next block by solving a computationally intensive puzzle. The solution to this puzzle is the “proof” they have performed work leads to 2 states - Agreement or Termination. These computational puzzles are cpu intensive leveraging cryptographic hashing algorithms with designs such that solving the puzzle is difficult but checking that a solution is valid is easy. . . This is major implementation out there today with bitcoin and Ethereum with bitcoin using hashcash along with public key cryptography. This is high cpu and time intensive thus limiting the number of transactions that can performed per sec.
• Proof of Stake –  The proof of stake model is based on the idea that the more stake a user has in the system, the more likely it will want the system to succeed, and the less likely it will want to subvert it. Proof of stake blockchain systems use the amount of stake a user has as a determining factor for new block creation. The methods for how the blockchain system uses the stakes can vary – from random selection of staked users, to multi-round voting, to a coin aging system.
• Proof of Time Elapsed(PoEt) - At a high level, proof-of-elapsed-time follows this strategy:

i) Each participant in the blockchain network waits a random amount of time.

ii) The first participant to finish waiting gets to be leader for the new block

• Byzantine Fault Tolerance this is Proof of stake model When the choice of block creator is a multi-round voting system. This is used by Hyperledger.

Transaction throughput and Latency - Blockchains' consensus protocols sacrifice speed of transaction processing in favor of technical consensus between external parties. Because of this performance sacrifice, it does not make sense to use blockchain in centralized business processes.

D Decentralized Peer to Peer Network

This includes identifying the right security and blockchain platform to build on. There are almost 70+ and growing number of platforms to pick from and some organizations are considering their own proprietary platforms because of privacy, security, legal, audit and compliance and governance needs. As part of identifying the right platform for your needs you need to consider

 Setting up the right Network Security and Access Management Strategy -

1.    Privacy and Trust

Identify the Privacy of the transaction and access to the network and handling permissions (who can read, or write to, the chain in a private blockchain deployment);

a.    Public / Permissionless

Any node can participate in the network as either a reader writer at any time or full node or a wallet. There is no external control or central entity to govern participation or to limit access. The blockchain's distributed consensus protocol provides algorithmic trust control that drives the system behavior. The domain of a permissionless blockchain network is usually public, with no boundary.

b.     Private / Permissioned

Only authorized nodes can participate in the network as a full-node or a wallet. Wallet access can be limited to read only, or it can be left open to both write and read data. The domain of a permissioned blockchain network is usually a consortium (private) with strict boundaries.

2.  Key Management and Wallets

This involves identity management related activities leveraging PKI certificates , public and private involving creating, issuing, managing and revoking credentials, credential replacement, identity confirmation and vetting, fraud, and so on.

Along with that there is a need for a digital wallet to store the assets that are owner by this user/identity.

All these are stored in off chain offline storage for security reasons.

3. Accounts and memberships / Nodes Roles and Functions

This involves identifying the user roles and functions that can be performed on the network by any of the parties involves in the process 

a.    Transaction validators aka Miners

This role is applicable for the proof of work cryptographic algorithm and is the heart of the blockchain as they add the validated block of transactions onto the blockchain. The miners usually charge a fee / cost on for each transaction for performing this job. As part of the process they perform these key functions

•  Detecting transaction requests
•  Aggregating the transactions into blocks
• Validate transaction and add the proof of work

 b.    Transaction Creators aka Wallet Nodes

 These are the Asset owners /client nodes with a digital identity which can initiate a transaction between two or more accounts or send messages to other nodes. The wallet node usually maintains a full or partial (read-only) copy of the blockchain data.

c.     Transactions observers and enablers as Full Node Operators -

•  They provide the infrastructure to run the blockchain and manage the platform to roll out new features and capabilities
• They store a full copy of the blockchain and key enablers responsible for keeping the platform up and available.
• They usually charge a fee per transaction to allow users to interact with the platform.
• They provide these key functions - Accounts and memberships , Key Management, Transaction enablement.

Understanding Underlying Network Protocols and Capabilities

Underlying Peer to Peer network technologies and usually ingrained in the blockchain platform

• Messaging services enable passing messages between nodes and accounts to enable discovery, transactions, synchronization and consensus.to allow the different nodes to discover and communicate with each other.
• Event Mgmt Services - Event services provide the means to declare events and call events as a member of an object when certain conditions are met.
• Address Mgmt - Node Addresses are a unique identifier that is used by the node to identify itself on the network. Transaction Address - to uniquely identify every transaction. For security purposes this is generated uniquely every time to protect the anonymity of the user and should be traced to the digital identify blockchain
• Data Replication and Storage - This defines how the data is replicated and kept in sync across the network between the various nodes / users.

Other Key Considerations to keep in mind

•  Technology Evolution - Blockchain technology is evolving fast and reshaping the exponential pace of innovation. This will require adopters to tolerate significant levels of development and operational risk over the next five to seven years
• Governance- you need appropriate governance process for access management / security violations, business process changes, platforms upgrades etc with appropriate logging, data and transaction analysis, monitoring and alerting
• Legal, Compliance, Audit and Regulatory Requirements - This depends on the industry and process so has be evaluated on a case by case basis.
• Need for a separate Digital Identity Blockchain - To provide safety, security its probably best to leverage a digital identity blockchain separate from the transaction blockchain, to identify the parties involved in the transaction / state change of the asset The Digital identity blockchain can also store the public and private keys and digital wallets with the actual location and final value of the asset being tracked.