Advances in cryptography are converging to help developers bring blockchain applications closer to the core decentralizing principles on which this technology is founded.
Inventions such as atomic swaps, zk-SNARKS and Lightning-based smart contracts are allowing developers to realize the dream of true peer-to-peer transactions in which neither party, nor an outside intermediary, can act maliciously. Witness the rising number of non-custodial and decentralized exchange (DEX) services for trading crypto assets.
This is exciting. But it also shines a light on another big problem that has curtailed the widespread adoption of cryptocurrency and blockchain technology: secure key management.
For too long, the most reliable means of protecting the private keys that afford the holder control over an underlying crypto asset have been too clunky, insufficiently versatile, or difficult to implement on scale. User experience has been sacrificed in return for security.
Now, some big strides in another hugely important field of cryptography – secure multiparty computation, or MPC – point to a potential Holy Grail situation of both usability and security in a decentralized system.
A keyless wallet
Progress in this field was marked last week by Tel Aviv-based KZen’s public announcement of the specs for its new ZenGo wallet. ZenGo uses MPC, along with other sophisticated cryptographic tools such as zero-knowledge proofs and threshold cryptography, to share signing responsibility for a particular cryptocurrency address among a group of otherwise non-trusting entities.
The beauty of the KZen model is that security is no longer a function of one or more entities maintaining total control over a distinct private key of their own – the core point of vulnerability in cryptocurrency management until now. Instead the key is collectively derived from individual fragments which are separately generated by multiple, non-trusting computers.
The model draws on the genius of MPC cryptography.
With this approach, multiple non-trusting computers can each conduct computation on their own unique fragments of a larger data set to collectively produce a desired common outcome without any one node knowing the details of the others’ fragments.
The private key that executes the transaction is thus a collectively generated value; at no point is a single, vulnerable computer responsible for an actual key. (KZen’s site includes a useful explainer on how it all works.)
KZen is not the only provider of MPC solutions for blockchain key management. Unbound, another Israeli company, is going after the enterprise marketplace with its MPC solutions for crypto security.
Unbound’s prolific (if blatantly pro-MPC) blog offers different angles on the same argument.
It makes a repeated case for why MPC is superior to the two preferred approaches to crypto security of the moment: hardware security modules (HSM), on which hardware wallets like Ledger and Trezor are built, and multi-signature (multisig) technologies, which are favored by exchanges.
Attacking the trade-offs
If KZen and Unbound are to be believed, MPC solutions resolve both the hot-versus-cold trade-off in key management and the dilemma of self-versus-managed custody.
Cold wallets, in which keys are stored in an entirely offline environment out of attackers’ reach, are quite secure so long as they remain in that offline state. (Though you really don’t want to lose that piece of paper on which you printed out your private key.)
But bringing them into a transactable, online environment poses an overly cumbersome challenge when you want to use those keys to send money. That’s perhaps not a problem if you’re just a HODLer who transacts rarely but it’s a serious limitation to blockchain technology’s prospects for transforming overall global commerce.
On the other hand, hot wallets have, until now, been notoriously vulnerable.
Whether it’s the relentless “SIM jack” attacks on people’s phones that are emptying out both hosted (third-party custodial) wallets and on-phone self-custody holdings, retail participants’ horror stories are legion. And, of course, we all know the stories of custodial exchanges being hacked – from Japan, to Hong Kong, to Canada, to Malta.
At the same time, the solution that regulated institutional investors are currently seeking – that custodians and exchanges build Fort Knox-like “military-grade” custody solutions – inherently contain a compromise.
Not only does this approach fail to resolve the dependence on a third-party, but there are serious doubts about whether any such solution can be forever safe from hackers, who are constantly improving their methods for getting over firewalls. In best-case scenarios, the constant IT upgrades becomes a massive money suck.
Alternative to HSMs and multisig
None of this is not to say that existing security technologies are useless.
Ledger and Trezor’s hardware devices – a more nimble form of cold wallet – are widely used by individuals who are uncomfortable with both external third-party custody and online, on-device self-custody wallets. And, separately, multi-signature (multisig) solutions, in which an m-of-n quorum of keys are required to execute a transaction, have proven robust enough to be used by most exchanges.
But in both cases, vulnerabilities have been exposed. And to a large extent those risks come down to the fact that, regardless of the surrounding security model’s sophistication, the all-important keys are always sitting at single points of failure.
Just last week, researchers demonstrated how they could hack into a remote hardware security module. The irony: the researchers were from Ledger, which relies on HSM to secure its customers’ keys.
Multisig models arguably offer protections across such attacks, because a breach requires simultaneous control of more than one key held in separate locations, but the fact is that multisig solutions have also failed because of both technical and human vulnerabilities (inside jobs).
What’s more, both solutions are inherently limited by the need to customize them to particular specifications or ledgers. Crypto developer Christopher Allen pointed out last week , for example, that HSMs are particularly constrained by the fact that they are defined by government standards.
And in each case, the ledger-specific design of the underlying cryptography means there is no support for the kind of multi-asset wallets that will be needed in a decentralized interoperable world of cross-chain transactions.
By contrast, KZen is boasting that its key-less wallet will be a multi-ledger application from day one.
Challenges and opportunities
To be sure, MPC remains unproven in a practical sense.
For some time, the heavy resources needed to carry out these network computing functions made it a challenging, costly concept to bring into real-world environments. But rapid technical improvements in recent years have made this sophisticated technology a viable option for all kinds of distributed computing environments where trust is an issue.
And key management isn’t its only application for blockchains, either. MPC technology plays a vital role in MIT-founded startup Enigma’s work on “secret contracts” as part of its sweeping plan to build the “privacy layer for the decentralized web.”
(An aside: Enigma CEO and founder, Guy Zyskind, is also an Israeli. Israel has fostered a remarkable concentration of cryptographic expertise in this space.)
It would be unwise to assume that MPC, or any technology for that matter, will provide a perfect, totally infallible solution to security problems. It is always true that the biggest security threats come when human beings complacently believe security is not a threat.
However, if you squint hard enough, and think about how this technology’s prospects for better key management can be married to Enigma’s vision for an MPC-based secret contract layer and to the broader march toward decentralized, interoperable asset exchanges, a compelling vision of true peer-to-peer blockchain-based commerce starts to emerge.
At the very least, you need to watch this space.
Although once confined largely to agriculture, blockchain technology is now making major inroads into the luxury goods supply chain market.
Luxury brands trial blockchain
Although many products in the luxury goods market are renowned status symbols found in expensive city center stores the world over, the components of their products can originate in the most far-flung corners of the globe. The nature of globalized trade means that raw materials can be sourced in one continent, collected and assembled in another, and then shipped on to be sold in any of the world’s major cities. Global shipping networks and rapidly advancing technology present ample opportunities for business and profit. However, the nature of globalized trade can often result in a creaking supply chain and dubious ethical practice when it comes to sourcing and producing the materials needed for luxury goods. As customers become more and more concerned with the ethical origins of their products and companies seek to create sustainable and profitable business models, blockchain technology is increasingly being seen as a solution to suit all parties involved.
The new platform developed by LMVH and Microsoft, named Aura, is based on the Ethereum blockchain and will use Microsoft Azure. Consensys worked on the design and development of the Traceability Smart Contracts on the project as well as the blockchain infrastructure. As per the press release, Aura is a “permissioned consortium network with privacy, based on Quorum.”
The press release states that several companies under the LMVH Group umbrella, such as Louis Vuitton and Parfums Christian Dior, are already involved in the project. Customers will be able to access a wealth of information about the origins and components of the product, taking into account ethical and environmental data, details about how to care of the product, along with general information regarding after-sale warranty services. The press release added:
“AURA makes it possible for consumers to access the product history and proof of authenticity of luxury goods — from raw materials to the point of sale, all the way to second-hand markets.”
Although the world of luxury fashion is as competitive as any other market, the team behind Aura hopes that it will bring about more cooperation within the industry. Ken Timsit, the managing director of Consensys Solutions, outlined his hope that the project would bring benefits to the luxury industry as a whole:
“AURA is a groundbreaking innovation for the luxury industry. ConsenSys is proud to contribute and to work with LVMH on an initiative that will serve the entire luxury industry, protecting the interests, integrity, and privacy of each brand, leveraging Ethereum blockchain technology in a truly decentralized way.”
Although Louis Vuitton’s relationship with blockchain reportedly spans three years to date, other luxury brands are already experimenting with the technology to help streamline their supply chains. Alyx, a luxury brand created by New York-based creative director Matthew Williams, is pairing up with the German blockchain foundation Iota in order to create a more ethically transparent supply chain.
In partnership with Iota and global manufacturing company Avery Dennison, Alyx plans to offer customers a comprehensive insight into the full extent of its supply chain. Customers seeking to find out more about their purchases will be able to scan a QR code, giving them access to data covering the product’s first stitch to point of sale.
As brands the world over are feeling the pressure to be more transparent about the way in which their materials are sourced and their products produced, Alyx is clearly seeking to assuage any doubts customers could have regarding its products. Debbie Shakespeare, senior director of sustainability and compliance at Avery Dennison, reportedly said:
“Brands and consumers can know that the information they are being shown about the garment’s creation process is 100% accurate and can be trusted implicitly.”
The decision to host supply information via the use of blockchain technology is the latest in the company’s short yet committed history of sustainability. Creative Director Matthew Williams told fashion news outlet GQ that the company’s other efforts to increase sustainability include using recycled materials and a leather-dying process, which had a smaller carbon footprint. Williams gave an outline for when consumers can expect the initiative to be launched:
“We’re taking it a step further: we’re going to be the first brand to introduce blockchain technology this month in Copenhagen. We’re doing a blockchain prototype that shows the raw material to the finished garment. Our brand is about evolution not revolution, so we work on making the things we do better”
From agriculture to high-end fashion, it seems that companies are finding solutions in blockchain. Cointelegraph spoke to two experts from the World Economic Forum, a nonprofit international organization that seeks to increase public-private cooperation, to learn how blockchain is being implemented in supply chains across the world. Nadia Hewett, lead for blockchain and distributed ledger technology (DLT) at the World Economic Forum, explained that traceability and streamlining present real benefits for companies with complex supply chain structures:
“Currently, the supply chain industry is fragmented, with parties adopting a siloed approach. Blockchain and distributed ledger technology could bring standardization and transparency. Due to an increasing demand from customers for the proof of legitimacy and authenticity of the products they purchase, there is a strong interest in the deployment of blockchain for product provenance, often referred to as pedigree. In general, blockchain has features that can help trace a product’s digital footprint. The fact that the data is timestamped (tamper-proof) provides a single source of data integrity and allows users to retrieve a full history of activities.”
Hewett added that blockchain technology presents unique advantages for large, multinational companies seeking to both streamline and tighten security over their supply chains:
“A blockchain-based platform can support the digitization of paper-based documentation, and establish an immutable, shared record of all transactions among network participants in near real time. In this sense, blockchains are ideally suited to large networks of disparate parties and are a solution to making the complexity of global supply chains much more manageable. Secure data-sharing and, specifically, smart contracts are another aspect of blockchain technology that allows for increased automation and efficiency through avoidance or redundant data entry, acceleration of transaction execution and reduction of errors and misunderstandings.”
Although international business is fiercely competitive, the blockchain industry represents a rare environment in which companies realize that collaboration can be in their interest. In 2018, international food giants Nestle, Unilever, Walmart and Dole partnered with IBM to create the Food Trust, a blockchain system based on the idea that partners and competitors should collaborate and keep a single-record system.
The most recent addition to the Food Trust is the Ecuador-based Sustainable Shrimp Partnership (SSP), according to a press release on May 6. The rationale behind the Food Trust is that failure to cooperate could create huge quantities of unmanageable data, due to the multitude of parties involved in the extent of the companies’ supply chains and could improve the overall quality and safety of the products the companies provide.
Sumedha Deshmukh, a project specialist for blockchain and DLT at the World Economic Forum, said that their current blockchain projects witness collaboration efforts from a diverse range of industries and sectors:
“We have assembled organizations from across all supply chain functions, cutting edge blockchain companies and key members of civil society in our project community. They are collaborating to shape the deployment of blockchain for supply chains towards interoperability, inclusivity, and integrity.
“They know blockchain and distributed ledger technology is coming, whether the industry likes it or not. An inclusive and multi-stakeholder approach that takes the entire system into consideration is good for all players. Given the nature of the technology, organizations are understanding that blockchain is a team sport — its benefits are maximized through collaboration. Moreover, there seems to be an understanding that collaboration is critical in thinking through any potential unintended consequences and minimizing the risks associated with its deployment.”
Whiskey whets its whistle with blockchain
Blockchain’s more recent supply chain activity has expanded from high-end fashion to another of life’s luxuries: whisky. On March 26, premium Scotch whisky Ailsa Bay became the latest brand to be tracked with a blockchain-based system, according to the liquor-related news website the Drinks Business.
Ailsa Bay’s introduction of blockchain tracking is a move intended to tackle liquor counterfeiting in the United Kingdom, something a separate report by the Drinks Business claims loses the U.K. around 218 million British pounds (over $288 million) a year. The partnership is formed by William Grant & Sons, the owner of Ailsa Bay, and blockchain company Arc-Net, which will develop the system to track the products’ journey from distillery to store. The information will also be used to collate data from customers, using mobile services to establish where the whisky is being purchased.
Another company to integrate blockchain into its supply chain is the highland Scotch whisky distillery Ardnamurchan. In 2017, the company also announced a partnership with Arc-Net to introduce a scannable QR code for its products, in an effort to increase transparency about how the whisky is produced.
Alex Bruce, the managing director of Adelphi — the owner and operator of Ardnamurchan Distillery — expressed his hope that this latest measure would bring the Scotch whisky industry into the 21st century:
“We have a vision for the future and using the platform is an integral component in our ability to capture and share production, process and product data with our customers, simply by scanning a QR code on the bottle. In addition to a growing number of countries, globally, recognising Scotch whisky’s Geographical Indication, we also believe it to be essential that the consumer is able to understand the craftsmanship of making it, and for the producer to ensure the security of their route to market. In addition, the Arc-Net platform will give us the opportunity, as a nascent distiller, to share and communicate our love for the brand and ensure our customers have the ability to visualise and validate our products as they move across the globe.”
Kieran Kelly, CEO of Arc-Net, expressed his excitement about working with Adelphi and the prospect of modernizing the Scotch whisky market:
“Blockchain enables a new era of transparency and product authentication. It’s a fantastic opportunity to work with such a forward-thinking company like Adelphi. Alex and his team are pushing the envelope of spirit and whisky production in terms of quality and traceability, and also demonstrating a realistic and pioneering approach to renewable energy and sustainability, and Arc-Net is delighted to be a part of their brand story.”
Gartner survey finds damning results for blockchain solutions
Despite the latest wave of companies turning to blockchain, a technology survey of user wants and needs conducted by Gartner reported that only 19% of businesses rated the technology as important for their businesses, according to a press release published on the company website on May 7.
Gartner, which refers to itself as the world’s leading research and advisory company on its website, states that, in addition to the 19% that see blockchain as important for their business, only 9% have actually invested in the technology. The survey found that, although blockchain enjoys popular support, it sees 90% of blockchain initiatives within the sector suffering from “blockchain fatigue” by 2023. The company said that blockchain projects are currently very limited and “do not match the initial enthusiasm for the technology’s application in supply chain management.”
Alex Pradhan, a senior principal research analyst at Gartner, mentioned that blockchain projects have mostly focused on traceability, authenticity and trust, and outlined her view that more emphasis should be place on technological capacity and standards:
“Most have remained pilot projects due to a combination of technology immaturity, lack of standards, overly ambitious scope and a misunderstanding of how blockchain could, or should, actually help the supply chain. Inevitably, this is causing the market to experience blockchain fatigue.”
The findings of the report indicated that the fledgling nature of the blockchain industry means that it is hard for projects to focus on high-value use cases and that the vendor ecosystem “is not fully formed and is struggling to establish market dominance.”
Pradhan said that the cumulative effect of the current developmental stage of blockchain projects and less-than-enthusiastic market prospects means that the solutions offered are not suitable for scale of the issues they are supposed to solve:
“Without a vibrant market for commercial blockchain applications, the majority of companies do not know how to evaluate, assess and benchmark solutions, especially as the market landscape rapidly evolves. Furthermore, current creations offered by solution providers are complicated hybrids of conventional blockchain technologies. This adds more complexity and confusion, making it that much harder for companies to identify appropriate supply chain use cases.”
Pradhan added that organizations should not rush into adopting blockchain solutions:
“The emphasis should be on proof of concept, experimentation and limited-scope initiatives that deliver lessons, rather than high-cost, high-risk, strategic business value.”
Despite the gloomy findings of Gartner’s report, both Hewett and Deshmukh are confident about the potential for blockchain to bring solutions to the supply chain industry. When asked whether blockchain simply represents another solution looking for a problem, Hewett responded:
“The past two years saw a lot of enthusiasm around blockchain in the supply-chain space. It is these high expectations that brought the blockchain topic to the board agenda — and, in many ways, this has opened the door to discussing various supply-chain system standardization issues that have long been lacking in the industry. There is also much misunderstanding and confusion about the technology in the trade and logistic spaces.”
Deshmukh said that, although there are obvious benefits for supply chains, organizations need to focus on specific issues:
“Organizations have to cut through the hype to find how it can solve a specific problem. What the Blockchain for Supply Chains project is trying to do is help decision makers cut through the hype with a framework to guide them towards interoperability and integrity in blockchain deployment. Blockchain technology can help solve some major issues in the industry. But, it is not one size fits all.”
Despite the many hurdles faced by blockchain projects that aim to make an impact on the supply chain industry, Deshmukh added that the willingness of companies to experiment with them validates their purpose:
“Supply chains have been an area ripe for blockchain experimentation because it addresses many of the pain points within the global supply chain — the volume of experimentation and interest seems to validate this. Supply chain actors are looking into a wide array of use cases ranging from product provenance and traceability to streamlining global operations.”