Private vs Public Blockchain

Okay, so we are in the inaugural session for blockchain demystification and as we have discussed, we are going to talk about private versus public blockchains.

What I wanted to do was start at the beginning with giving a little bit of history of what blockchain technology is and where it came from, and all of that relates ultimately to the difference between public versus private blockchains, which recently as we've seen, has caused a lot of confusion with the clients that we talk to. One thing I want to point out is, although private and public blockchains all fall under the umbrella of blockchain technology, they really are kind of two completely different types of technology that use totally different types of underlying theory and the building blocks behind them are completely different, and they really solve different problems. It's almost unfortunate that you have one word that describes these two different classes of technology, since they're different types and they solve different problems, but at the same time, it's also starting a lot of conversations and has a lot of excitement.

Blockchain technology touches upon advances from a few different fields in computer science, including databases, distributed systems, computer networks, and cryptography. Blockchain technology sits at the intersection of these different fields.

Before we dive into the differences between private and public blockchains, I think we should start from the very beginning, just so you understand where this all comes from. It all started with bitcoin. Bitcoin is a distributed or decentralized peer to peer payments network. It was originally a paper that was created by this anonymous person, Satoshi Nakamoto, who posted this paper on email and web forms. It came out of a movement called the cypherpunk movement, which were a bunch of cryptographers that werereally interested in developing cryptography and how cryptography could affect society. Peer to peer electronic payments that was decentralized, and we'll get into what decentralized means in a minute, was sort of one of the ultimate visions of the cypherpunk movement, being able to send payments electronically and not have anyone know who you are, and be able to stop your transactions, and not have to pay huge fees.

This was something that the cypherpunk movement has always been interested in since the 80s. Satoshi Nakamoto submitted this paper and code, an open source to this code, and bitcoin was born. Bitcoin, that network solved several problems that people thought up until that point were impossible to solve for peer to peer electronic payments. Real quick, decentralization, what that means is that there's no single organization that controls or operates the entire system. There's plenty of technologies that are distributed, but not very many that are decentralized. Distributed just means more than one computer. Distributed means you have multiple computers that are working together to solve a problem, but more often than not, those computers are all owned, and maintained, and operated by a single organization.

There's many distributed databases. We run multiple computers to run a single database and it's distributed, so if one computer fails, so the power goes out at a location, you still have your database. That's been around for a very long time. You have one IT group that maintains that database, and typically it might be in an Oracle database, or what have you, but it's distributed. Decentralized is similar, but it's also very different. Decentralized means that more than one different group, or organization, or person owns and operates it. The most prominent decentralized technology that we use every day is the internet. Although there are groups of people that come together and decide standards for the internet, the internet does not have one governing entity that owns and controls it.

You can just go and buy a router from the store, and connect to the internet. I mean, you should know what your ISP is, but you can also create your own intranet, using the same technology, and create your own private network if you want. The important thing is there's no governing body. It's a bunch of different organizations that all run infrastructure that connects together and allows people to communicate digitally. That's probably the best example of a decentralized technology. Going back to bitcoin, bitcoin is decentralized. I mean, anyone can go out and run a bitcoin node and participate in that network, and the key invention behind bitcoin is the consensus algorithm. What consensus means is just, and we'll go in probably more detail in a separate session, but consensus just means how different people reach agreement on something.

Everyone is running software that executes a protocol, which is just this agreed upon series of steps. If this happens, then this other thing happens. It's just code that everyone's writing on their computers. The consensus that determines how the nodes reach agreement. The reason why that's tricky is because you don't know who the other people are and people misbehave.

To become a node, you would download software just like you would download any other computer program on your computer, then you would run that software.

There are different types of nodes, and that can get a little technical. You download software, you run it, and then you're participating in the network. Part of that is money. Before bitcoin, people didn't think doing electronic peer to peer payments was necessarily even possible, because of this consensus problem. The challenge is getting a bunch of people who you don't know who they are, reach agreement on, in this case how much bitcoin someone has, account balances. Bitcoin ultimately maintains a database where for each, they call it wallet, but you think of the amount of money each person has, like a bank account, they call them wallets, but how much money is in each wallet. At the end of the day, what the bitcoin network is doing is it's allowing a bunch of people who don't trust each other, reach agreement as to how much money everyone has.

It has to do that in a way, in an environment that's very hostile, meaning people don't trust each other, people are lying to each other, they're trying to cheat each other, they're trying to hack each other and steal each other's money. People are trying to print new money, make their own fake money, all of the above. The challenge that bitcoin solves was the consensus part. If you think of everyone, like you, you download your bitcoin software, you download it, it's creating this database of all the different account balances. Everyone else is doing the same, so they all have the software. It has a database of all the different account balances. We'll go into more detail later on that.

Everyone has their own database of all the account balances. The software is writing this consensus protocol, or consensus algorithm, just agreed upon set of steps coded in the software that determines how all these databases reach agreement and see the same thing. It's really important that what you see in your database, that says how much money I have, is the same that Hossein sees, because if there's a discrepancy between those two, then the coin isn't very useful. Right? It means that I can lie, I can say I have more money than I actually do, and I could double spend money, I could spend money I already spent, or take money away from people.

It's really important that everyone that participates and runs the node is seeing the same thing. They have the same database, the database says that everyone has the right amount. The way they reach agreement is through what's called the consensus protocol. It's just the algorithm or the steps that the software runs to make sure everyone is in agreement.

So ultimately in the bitcoin network, what ends up happening is once the transaction has been agreed upon, you end up updating your database of these account balances. Part of this agreement is verification of the transaction, you want to make sure, does Hossein have a thousand pounds to send, is Hossein the actual person that's sending the thousand pounds, is it actually his money or is he pretending to be someone else. Those are the types of validations that would happen with the transaction. Then once the transaction is executed, you'd say okay, deduct a thousand pounds from Hossein’s wallet and add a thousand pounds to Julia's wallet, so your end of the line database can update it.

Everyone is doing this in the network. I mean, not exactly at the same time, we can talk about that later, but pretty much at the same time, this money has been moved from this account to this other account. Now, the key innovation at bitcoin was Sitoshi developed a new type of consensus protocol that was unknown until that paper was released. That's this proof of work thing. Consensus is a problem that has been in computer science for a very long time and in other areas too. All the kind of traditional approaches to consensus typically were around the idea that we knew the identities of the participants.

You know that, okay, there's five or six people, you know who they are, some of them might be malicious, they might be lying to you, but you know who's who. You know the participants ahead of time. Most the consensus research was around that type of formulation. In bitcoin, it's what they call pseudo-anonymous, but the point is, you have no idea who the people are in the bitcoin network. Everyone is identified through, you can think of it as a random ID. They have some large random number and that's their ID. Someone can have multiple IDs, they can pretend to be a hundred different people, or a thousand different people. You have no idea.

Proof of work allows a group of people to reach consensus even when you don't know the identities of the people participating or whether they're pretending to be a bunch of different people. If you think of like a normal, like the algorithm that Hossein said, everyone votes, right?

On the internet, there's a famous joke that nobody knows you're a dog on the internet. On the internet, you can pretend to be whoever you want, right?

You can't really use a voting approach, because I can just pretend to be a thousand different people. Twitter's having this problem right now because, all like, Russia stuff where you have all these sock puppets, people pretending to be ... I mean, you have these profiles, there's people pretending to be thousands of different people and it's only like 200 people just creating a bunch of fake accounts. Right?

If you do the voting based approach, you can't just do a majority vote, because you don't know if someone's pretending to be other people. The internet doesn't have an identity layer. The internet is just IP addresses, just addresses, there's no way of knowing that the person you're talking to maps to some real world person. Satoshi introduced this concept called proof of work which allows groups of people to reach consensus and agreement even when you don't know the identities of the people and people are faking and pretending to be other people. This faking and pretending to be, that's called a Sybil attack, S-Y-B-I-L. It was named after a woman in the U.S. who had multiple personalities and pretended to be a bunch of people and stole money I guess from gangs or something by having this, pretending to be multiple people.

With Bitcoin you don’t check that one person is pretending to be someone else. So bitcoin, Satoshi, he didn't try to do that because at the end of the day, you really can't check if someone is who they say they are, when you don't know the identity of these people. The way proof of work, the way that works is people ... okay, so this is going to start getting a little technical, but in the bitcoin network, people create transactions. Transactions, anyone can. You download bitcoin and now you've created a transaction. What the transaction says, I mean the simplest type, it just says send this many coins to this person. You submit that transaction to the network. All that means is when you joined the network, you have a number of peers. These are other nodes on the network that you connect to. Typically it's between eight to ten peers, like a handful of peers that you connect to.

When you first download your software, you connect to these eight, this dozen, let's say dozen peers. You create a transaction and you send that transaction. You broadcast it to your peers, right?

Now that doesn't mean your transaction has been verified or executed yet. You just sent it out to the network. Now what happens is there are special nodes called miners that bundle up, that collect these transactions. They do some quick verification, make sure, okay, does this person actually have the coins, is the amount they're sending greater than zero, they're not trying to sell like a negative amount or something weird like that. There's some basic validation rules. The miners, these special nodes, you can think of them just as special nodes in the network, they collect a set of transactions, and then they create a bundle of transactions that's called a block. So they collect all these transactions together, they group them together, and now they have something called a block.

Now before they can propagate the block, and before the block is valid, they have to to through this energy intensive task of basically finding a random number that has special properties. I realize this is getting really complex, but you can think of the miner has to do a bunch of work, okay, they have to spend a lot of money, use a lot of energy to find this special random number. Okay? This is where you hear about these mining farms and there's articles about bitcoin mining using more energy than Iceland.

Right. What these miners are are special nodes on the network that take in a bundle of transactions, and now are trying to find a special random number. Now once they've found that special random number, by the way, it changes every time, so you can think of it as a race. They're all trying to find the next block. All these different miners are competing against each other, using all this energy to try to find this next block or bundle of transactions. Once a miner has found that random number, they will propagate, they will attach it to their block.

There is a hash for a block and this includes that random number.

So block has all these transactions, it has this nonce, so this random number that they're trying to find, and the block has a hash, which is just ... So a hash is a function over a bunch of data and it generates a number. It says, you can think of it as a random number that you take a bunch of data, a bunch of files, or in this case a bunch of transactions in the dos, you run it, you apply this hash function and it spits out another random number. Anyway, so you, yeah, so the blocks have a hash. They find a special number, they mine, they find a special number, they generate a valid block and then they send that block to all their peers, and there's a competition to find this block.

All their peers take a look at the block, they look at the transactions, they look at that nonce, that random number, they validate it. If it looks good, then they take all the transactions in that block and update the local database and say okay. So Hossein deduct a thousand pounds, Julia add a thousand pounds, and they execute those transactions one by one locally and send the block to all their neighbors, to all their peers. Then the block propagates throughout the entire network using this broadcast, and they all update their local databases. Then there's a new competition to find the next block. The blocks are linked together, because when you create a block you specify the hash of the previous block.

That forms a chain of blocks, which is where you hear this, you know, the term of blockchain.

So mining has now become a very expensive computationally difficult task, so it takes a lot of money to mine a block. Only a few organizations, well, I mean, realistically in bitcoin, there's probably a dozen organizations that do like, that mine like 99% of the blocks. A few groups of people actually run mining pools and actually mine to find blocks. Now that doesn't mean everyone else ... I mean, everyone else validates every transaction, so they can get a block ... So, Julia, suppose you download bitcoin, you're running your node and you're not mining, because it's too expensive. It would just sort of waste power. You still want to be able to create bitcoin transactions and validate bitcoin transactions.

Your node will validate, when it receives a block or receives a transaction, it will validate it immediately and you won't update your local database, unless it's valid. Right?

So you still perform, it's called a fully validated note. You still perform validation but you're not entering this competition to find a block.

Okay, yeah, so the consensus protocol in bitcoin's called proof of work, and that's where you're trying to find, it's this race to find this random number, this nonce, that is mathematically difficult to compute, meaning in order to find the block, you have to spend a lot of resources. Your node, anyone's node, not just miners, they only accept blocks that have done that mining, that have gone through that hard work of spending energy to find block. If you, sit back and think about this, like you create this economic system where people who do the work to find a block, end up having to spend resources and then are incentivized to protect the network. So as part of the genius behind bitcoin, is that it's the first time that someone proposed a consensus algorithm, a rule for reaching agreement that was based on economic and financial incentives, where you have a financial incentive to maintain and to do the right thing, and not create fake blocks.

If you do all the work to mine the block and it's invalid, like to double spend, the other nodes in the network will just reject it. Right?

It's not a leader, election based thing. It's this other thing where you have to mine and spend energy to find the block that costs money. In order, if you were to actually attack the network, you have to spend a lot of money to attack and create each fake block, and they might not even be validated. They might just be rejected by everyone else on that network.

Okay, so basically the good thing about it is not only the fact that when people want to kind of hack or fraudulently use the system, that others would reject it, but additionally to that, you're kind of incentivized not to do it, because you would additionally use all this energy and yet money, basically, to go through all that work that in the end, is going to be rejected anyways.

Everyone's financially incentivized to behave correctly and maintain this database that's correct, so the proof ... So really, the proof of work, taking a step back, just going back to the beginning, it was needed because you don't know the identities of the people participating, so you can't use some kind of election based system. That's why bitcoin has this what they call pseudo-anonymous guarantee. What that means is in bitcoin, in the bitcoin network, you can see all the transactions. Anyone can see all the transactions and that means you can see the transaction amount, you can see the time stamp, you can see the sender wallet and the receiver wallet, you can see all of that. The wallets are just these random numbers, so you don't know which real world identity owns that wallet, has the private keys, or can spend those coins for that random number.

You have the entire transaction history available to you. All the nodes do. They call it pseudo-anonymous, it's not fully anonymous, because if fully anonymous is done, you wouldn't be able to see any transaction details, right?

It's pseudo-anonymous because you see transaction amounts, you see the time stamps, when they happen, you see these wallet identifiers, but it's pseudo-anonymous 'cause you don't know who belongs to that random number. Bitcoin, because of the pseudo-anonymous, people say, we hear this a lot, it has these censorship resistant properties. Basically what that means is that someone with, I don't know ... I saw this a few years ago on the news. It was during some of these protests that were happening in Ukraine, people could just put up a bitcoin QR code, like their hash, on the news and someone on the opposite side of the world in the U.S., in the comfort of their own home, can send that person money, instantaneously. That's a pretty powerful thing. Up until bitcoin, you couldn't do that.

You try to do it through PayPal, or a similar system, PayPal could just reject the transaction. If you went through the regular or whatever, they're not going to let you send transactions to random people in the Ukraine anyway.

So banks, the traditional banking system, only going to let you send money to people who they know, who's sending it to, who's sending it, who's receiving it. There's a lot of laws, anti-terrorism and etc, to prevent money laundering, or terrorist activities, and funding, that kind of stuff. But bitcoin, it's censorship resistant, there's no government entity that can stop you from ... they can prevent your transaction from getting validated and placed in the blockchain. That's a whole, that's really the core part of bitcoin and why we have proof of work, is so you can have this kind of censorship resistant transactions.

It's a very powerful thing, both for good reasons and for bad reasons. Like our service security paper talks about this. It can cause a lot of problems, right, too. It's powerful in the sense of, you know, you see transactions where people are sending 30, 40 million dollars, 10 minutes, round the world, who knows where it's going, right?

That's super powerful. It can be bad, it's pseudo-anonymous, so you see new types of crime where you have ransom ware. Ransom ware could not exist before bitcoin. It just could not exist, because if you're going to ransom someone, you have to receive money. You go through the traditional systems, that means they know your identity, so you're subject to local laws and law enforcement. Ransom ware is ... you can think of it as a computer virus. It takes away your files and you can only get your files back if you send bitcoin somewhere or some other cryptocurrency.

Yeah, it's all these law firms, and banks, and they're all ... the shipping? The shipping, it's like, is it COSCO? COSCO? Not Costco, but COSCO, the shipping, the large logistics shipping company? They were down, like two weeks ago, they were down for like, all their systems were down for like 10 days because of ransomware. They had all their files encrypted and they couldn't get access to their files unless they sent payment to these bitcoin addresses. That's the censorship resistance thing. That was bitcoin gives you and it's core innovation, proof of work, that was the huge innovation behind bitcoin.

So anyway, permission lists, what does permission list mean? Actually that means censorship resistant. It means anyone can download the software, run a node, participate in the network, create transactions, mine if you want. Like, Hossein and I, we could get a bunch of money from investors and just create a mining pool if we wanted to. There's no one stopping us from doing that. It's permissionless. You don't need permission to do anything on the bitcoin network.

Yeah, so permissionless, you need proof of work. Now, okay, blockchain, right? So we talked about the mining in the blocks. Blocks are just bundles of transactions that get sent out and then all executed at the same time, and validated at the same time, and they have to go through this consensus where you generate this random number that's really hard to generate, in order for it to be valid. The block has a reference to the previous block, so you end up with this chain of blocks. Interestingly, blockchain, the word blockchain never shows up in the Satoshi paper, in the bitcoin paper. Wasn't the same.

Yeah, okay. What happened was people took that idea, the overall architecture, the concepts, so the data structure, this idea of having transactions, bundling them in blocks, reaching consensus on the block, connecting the blocks to form a chain, those overarching ideas and concepts, people started to create other systems to solve other problems, not just payments, not just peer to peer payments, to build new systems. Take some of those same ideas and build new types of systems and solve different problems. After bitcoin you had a number of what are called alt coins, which are just, you can think of them as copies of bitcoin with slight differences. They changed the way the mining works, or they changed the types of transactions. Some of them have more transaction confidentiality, so you don't see the payment amounts and the transactions even. Those are sort of hidden.

Alt coins, alt, like alternative. There are a bunch of copy cats that have slight adjustments and all for public permission list block chains.

This is a similar concept to a fork which you can almost view as an alt coin. It's an alt coin where the new coin shares the same exact block chain up until a certain point. Suppose there's a fork tomorrow, or a fork today at bitcoin, it's kind of like on ... So there's a new version of bitcoin that gets created through the fork. The old version still exists, there's a new version. The two of them share the same exact transactions, the same exact history up until today, but for tomorrow and beyond, we have different transactions and different histories. That's all a fork is. I mean, technically it means that the consensus algorithm's broke. In the fork version, the people who are participating in the fork, the new version, have to download new software. The old software doesn't work anymore, they have to use new software.

We can do another session on the difference between soft forks and hard forks, and that kind of thing. You can think of it as like an alt coin, it's just a new type. It's a new network that has the same history up to a certain point as the old network.

Then you have, so the Ethereum came on the scene which expanded the concept of bitcoin, and not just be payments. Now you can run arbitrary business logic in what are called smart contracts. We're do another session on smart contracts and all that, but you can think of it as like a bitcoin, a public network, a permissionless blockchain, where instead of just doing payments, you can do arbitrary computations that people agree on. The inertia of smart contracts, that terminology and the idea behind it, it kind of goes back to Nick Szabo, this professor of law and computer scientists, who was writing about some part of this whole cypherpunk movement, who was writing about digitizing contracts in the 80s and 90s.

Nick Szabo is kind of, he is probably one of ... He along with Hal Finney are sort of like what most reasonable people would think are possibly a candidate for being the inventor of bitcoin. Yeah, he had a lot of influence in the design and the thinking of this, and had thought a lot about smart contracts and digital contracts in general, but he had done that way before the concept of blockchain or proof of work, any of that stuff came on the scene. What Ethereum did was, it was the first system to combine raw chain with smart contracts, and show that it's a good combination and useful combination. We'll do another session on smart contracts, but you can think of it is, okay, yeah, it's the first blockchain you use, smart contracts, yes.

'Cause smart contracts itself is a concept that predates blockchain and proof of work by a long time. Anyway, that's public blockchains. What happened was, so you have bitcoin, Ethereum, there's alt coins, people started realizing, hey, we can take some of these same concepts and apply them in a private setting where you do know the identities of the participants. You can think of a consortium of banks, let's say, or it's like a group of insurance companies. You know the identities, but they don't trust each other, and you can take some of the same concepts, like the idea of transactions, of blocks, and reaching a consensus, so the blocks can synchronize in the different databases, all of that. You can apply the same concepts in a private setting. That's where the concept of permission blockchains were born.

That happened many years after, like, if you think of like, bitcoin being blockchain version one, Ethereum being version two, permission blockchains is sort of like version three I guess.

In a private blockchain, it's private, meaning only certain people have access to it, which means in order to gain access, they have to go through an authentication process. Right?

So that means you know the identities of the people that are participating. If you know the identities and they're participating, what that boils down to is now you no longer need the proof of work. You can use other consensus protocols. The whole idea with the proof of work and all that stuff, was to support people, the censorship resistant thing, being able to support a network where you don't know the identities of anyone else. Right?

But private blockchain, you know the identities. Only people who authenticate with the network should have access. If you had a group of banks that were executing interest rate swaps let’s say, you would want to make sure that only authorized banks or regulators have access to the network. You wouldn't want to be able to have anyone have access to your network in most cases. That would just, the CSOs at the bank, it would just be a non starter. We're not going to open up our network to allow anyone to participate. That would be a non starter. They were interested in having private networks, or permissioned, it’s a synonym, where you know the identities of the players, and they authenticate, and then once you're on the network, you still don't trust your competitors, let's say, they're competing banks. They still don't trust each other.

You still want to execute consensus protocol to make sure everyone is in agreement and to detect malicious people, so if Alice starts lying, starts telling you something different than she tells me, the consensus protocol should be able to detect that and kick Alice off the network and say hey look, Alice is lying. She is pretending to be two different people or whatever. You should be able, the network should be able to detect malicious activity and isolate it, and kick misbehaving participants out of the network. This is the idea of private or permissioned blockchains, this is where this idea was born. Let's take some of the excitement and some of the concepts that came out of a public case, and apply it in a private, locked down setting among only a handful of participants.

Whilst we often read about public blockchain and the advantages of not having a central authority, there is also an advantage from not having a central authority in private blockchain. In these consortiums, there's still no central administrator that's responsible for the whole process. Each participant is kind of like bitcoin, but each participant is coming to the table on equal footing. There's no administrator or authority that owns all the nodes, and it's still decentralized, but instead of being decentralized across 20 thousand people around the world, it's decentralized across five different banks, each running their own nodes, that are theirs, that they operate. It's a different type of, it's like, you can think of it as like smaller-

-if you have like fully decentralized on the far left, and fully centralized on the far right, where the far right is a traditional Oracle database, and the far left is bitcoin. It's sort of like further to the right. It's not in the middle, it's further to the right.

You still have the benefits of not having a single organization operate the entire network. If you took a set of banks, they don't trade spots, they all hate each other, they're not going to agree on one back being the administrator of this process, 'cause they wouldn't trust a single third party. I mean, they do, they have these swap execution facilities so I mean, practically speaking today, they will trust some, trust that their part into mediary to do. They don't like it, because they're putting a lot of trust in them and that person is slowing down the process, and extracting high fees. They can see a lot. They have a lot of information of symmetry. They're seeing the information everywhere, right?

Even when there is just a single, large organisation using the blockchain there are advantages. It depends on a case by case basis, but what you can see is if you have a really large company, you might have multiple teams or multiple divisions each having their own IT department, their own IT systems, each having their own bit, their own part of the process. In that case probably they don't trust their neighbors in their company, or other groups or teams within the company, it's just they want ownership over their part of the process, and there's no one team that can just take over the entire process for everyone.

In this case, it's not so much of a trust thing. It's more a decentralization piece. Not having one group responsible for the whole thing and yet keeping everyone up to date and in sync.

Everyone on a standardised technology, what you see is that you have all these different groups, they're all on different teams, there are different IT departments, their own different database technologies, each person has their own thing and then you ha ve point to point custom integrations between these different systems. Because there is no team that's responsible for the whole process, there's no visibility to the entire ... No one has visibility to the entire process. What a decentralized can give you in that situation, is it can make it more on the same page, so everyone can have visibility into the entire process, but they don't have to give up control. They can still operate there on nodes and have their own IT infrastructure, without having to have the separate centralized team that managed the whole thing.

That's starts to get into smart contracts too, which we'll, whenever the next session, we'll do.