It’s time to talk about transaction finality. Last week’s 51% attack demonstrates that Ethereum-style blockchains are not ready for business
A belief took hold amongst some of the tech community in 2018: “If you have an enterprise blockchain use-case you should build it on a platform based on Ethereum.”
The argument was pretty well constructed and relied on several plausible-sounding claims so it’s understandable how it seemed pretty convincing. However, as 2018 unfolded, these claims began to be challenged. And as we enter 2019, the final remaining argument has been undermined with a public demonstration of how the lack of settlement finality in public blockchains such as Ethereum renders their immutability and security guarantees worthless for business.
In this piece, I will argue that it is now time to conclude that Ethereum’s core technologies are the wrong foundation upon which to build business blockchain solutions. My argument is: 1) the core Ethereum technologies are due for abandonment, leaving businesses at risk of technology dead-ends, 2) the Ethereum developer skill-pool has been massively overstated and is in fact far tinier than that for the purpose-built business blockchains based on existing languages, and 3) the idea of building on Ethereum in order to securely ‘anchor’ private blockchains to a public chain is now discredited.
In short, business blockchain applications should be built on technologies designed for the enterprise, not Ethereum.
What was the argument for why businesses should build on Ethereum?
To understand how we reached this point as a community, it’s helpful to review the thinking that led here. Here’s how the argument for why businesses should build on Ethereum went:
- “Go where the skills and innovation are: Ethereum has the largest community and the broadest availability of skills.”
- “Use the tools that will best let you interoperate with the public chain: Even if you’re not using the public Ethereum network you should use platforms that are based on the EVM, and use languages like Solidity so you can inherit the innovation from the public chain and maximise the chances of interoperability in the future”
- “Overcome the ‘weak’ security of private chains by ‘anchoring’ in the public chain: Public chains are more immutable than ‘insecure’ private networks and so you should ‘anchor’ your private transactions to prevent malicious parties rolling back your transactions behind your back.”
By the end of 2018, there was ample evidence to debunk the first two claims, but the third claim persisted. Indeed, this third claim, that a public blockchain such as Ethereum offers a degree of transaction confirmation permanence that is otherwise unobtainable, has been repeated over and over again, even as late as December 2018.
Until last week, that is, when a 51% attack against the Classic (original) Ethereum network demonstrated for real what we already knew in theory: that history on a public blockchain like Ethereum can be arbitrarily rewound, money double-spent and network participants defrauded.
The rest of this article will review each of the three claims above in depth to explain why they are incorrect and how that makes Ethereum – and Ethereum-based platforms – unsuitable for business. But it’s important to note that the purpose of this blog post is actually to make a positive message. Because the broader picture is actually one of success: Ethereum is proving to be a valuable tool for a wide range of isolated social and economic experiments. And plenty of blockchains purpose-built to solve business problems, such as Hyperledger and Corda, are live and are changing the world of commerce.
So my key message is that it’s the inappropriate application of Ethereum technologies to the unforgiving world of real business problems, for which it was not designed, that we need to guard against. These two worlds have very different requirements.
It’s time to declare in public what has been openly discussed in private: Ethereum is currently unsuited to the world of business and we should have the courage as a community to say so.
So let’s now review the arguments for using Ethereum in the enterprise, that have now shown to be incorrect.
Claim 1: “Go where the skills and innovation are: Ethereum has the largest community and the broadest availability of skills.”
This argument starts well. For example, ConsenSys claim that the “Ethereum developer community” has 250,000 members, by which they presumably mean the number of people who can code using Solidity, the language in which almost all Ethereum apps are coded.
But when you scratch the surface, reality begins to intrude:
- Hundreds of thousands of Solidity developers sounds like a big number until you realise that there are over a million developers with the knowledge to build applications for Hyperledger Fabric using the language Go and twelve million developers with the knowledge to build applications for Corda using Java. In the latter case, our experience shows that any competent Java developer can pick up the Corda library and be productive in a couple of days. This means the Hyperledger and Corda developer skillpools are at least one, maybe even two, orders of magnitude bigger, even using ConsenSys’s figures.
- But we need to challenge ConsenSys’s figures, small as they now seem. This is because there is minimal evidence to support even the 250k figure. The claim seems to be based on looking at how many people have downloaded one of the development tools that pretty much every Ethereum developer has to use, and assuming half of them became Ethereum developers. But that methodology doesn’t work. To see why, let’s apply the same logic to the Java ecosystem to generate an estimate for how many developers there are and see if it matches the correct figure, twelve million. Now, we know that one tool for developing Java applications, IntelliJ, had almost twenty five million downloads in 2017 alone, and that product had barely ten percent of the huge and diverse market for Java development tools (Eclipse, Android Studio and NetBeans were all larger). This means we can estimate there were at least 250 million downloads of Java development tools in 2017, which would mean there must be over 125 million Java developers by ConsenSys’s logic. Except, there aren’t… we know the correct number is about twelve. It’s out by a factor of ten. So the true number of people with Ethereum skills is almost certainly much smaller than 250k; I would be surprised if it was even 50k or 10k, a rounding error in the world of developer communities. And the number of those who can write Solidity contracts securely, critical to avoiding another DAO-style bug, is smaller still.
- And on top of this, we also need to add the huge productivity gains that come from being part of established ecosystems. For example, the range of development environments, debuggers, testing frameworks, profilers and libraries available for the Java ecosystem is staggeringly larger than that for the Ethereum and Solidity ecosystems.
The reality is that the developer ecosystem and momentum is with the Hyperledger and Corda communities, not Ethereum. So it’s perhaps no surprise that the overwhelming majority of truly ground-breaking, successful enterprise blockchain deployments to date run on Hyperledger Fabric and Corda, not Ethereum.
Claim 2: “Use the tools that will best let you interoperate with the public chain: Even if you’re not using the public Ethereum network you should use platforms that are based on the Ethereum Virtual Machine (EVM) so you can inherit the ‘innovation’ from the public chain and maximise the chances of interoperability in the future”
This argument is more pernicious than the previous one. It says to developers: “even if you’ve correctly determined that a public Ethereum network is wrong for you, you should still use the Ethereum toolset for your private project.” It is an argument that plays on people’s deep fears: stick with the crowd; after all, you won’t be fired if you make the same mistake that everybody else made!
The problem is: as we demonstrated above, there is no crowd and the Ethereum community plans to throw all the current technology away in any case: the EVM is set for total replacement. The plan, “Ethereum 2.0”, is to build a new design from scratch.
So the world faces the possibility that, long after the public Ethereum community have moved on to something new, business leaders will wake up one day to discover critical parts of their business are running on technology that isn’t even being used any more for the purpose for which it was built. Talk about buyer’s remorse…
This might be OK if the Ethereum Virtual Machine was a sound technology but, as the team from Kadena documented, the EVM is “fundamentally unsafe”. And the team at Aion also independently reached a similar conclusion and have written eloquently why they didn’t use the EVM and chosen the Java ecosystem instead. And yet consultants, some from reputable firms, are pushing this technology hard in to organisations that don’t always possess the technical expertise to realise the advice may not be appropriate.
Genuinely ground-breaking work is, of course, being done by some very talented and committed people in the Ethereum community on the public Ethereum network, but it is – and should continue to be done – safely away from the back offices of the businesses upon whose data integrity the world depends.
However, 2018 ended with one, last, killer plank in the argument for why businesses should nevertheless build on Ethereum rather than a platform like Hyperledger Fabric or Hyperledger Sawtooth or Corda.
And it was this last argument that was severely undermined this week.
Claim 3: “Overcome the ‘weak’ security of private chains by ‘anchoring’ in the public chain: Public chains are more immutable than insecure private networks and so you should ‘anchor’ your private transactions to prevent malicious parties rolling back your transactions behind your back.”
This argument was actually pretty clever. Here’s how it went:
- ‘The security of public blockchains is “backed” by the work performed by billions of dollars worth of mining equipment and electricity. To reverse a “confirmed” transaction would be economically infeasible and, since only public blockchains use proof of work, only public blockchains can provide this “immutability” guarantee.’
- ‘By contrast, blockchains that rely instead on identifiable parties to provide consensus cannot deliver this level of security and immutability; there is always the chance that parties could “collude” to reverse a transaction.’
And so, the proponents of Ethereum for the enterprise propose a clever idea: by all means, use a peer-reviewed fault-tolerant algorithm for your business transactions – you need rapid and final confirmation, after all.
But then, as an additional layer of safety, “anchor” a summary of your transactions in the public Ethereum network. The network that is massively more secure and resistant to mutation. Its proponents even claim this would provide ‘greater “proof of settlement finality”’ and that ‘any chance of counterparty disputes about membership is eliminated’.
This sounds perfect: the privacy, performance and settlement finality of a private chain and the security and immutability of a public chain!
Except… there was always a problem with this argument: finality.
In short, the two unanswered questions were:
- If your enterprise blockchain needs settlement finality but the chain into which it is ‘anchored’ provides only probabilistic finality, when is it safe to tell a user of the private chain their transaction has been confirmed? What happens if two conflicting hashes might be vying for inclusion at the same time? Are users expected to constantly monitor the underlying chain to check the private chain hasn’t gone bad? And what exactly are they supposed to do at that point in any case?
- If the ‘anchor’ gets washed away by a ‘reorganisation’ of the underlying public probabilistic blockchain, what are you supposed to do then?
The problem is: technically savvy people knew these questions made the concept highly suspect but the fact that there had never been any high profile examples of where this would ever have been a problem, nobody seemed to care. And the concepts were complicated in any case – probabilistic settlement, reorganisations. All too abstract! So the response seemed to be: “sure… this could happen in theory but it never happens in practice, so who cares?”.
Until last week.
When a high profile Ethereum network suffered a devastating and unprecedented attack, that caused transactions over one hundred blocks deep to go from “confirmed” to “unconfirmed”. Any “anchor” that had been in one of those hundred blocks would have been washed away, opening up the possibility that a simultaneous attack on the private network could result in a conflicting anchor taking its place.
In other words, the trivial ease with which the supposedly secure and immutable chain was rewritten means it failed in its only and single purpose for an enterprise deployment.
The right approach to settlement finality for business blockchains is to acknowledge things can go wrong and to plan for them up-front: accept that you need to know the identity of the consensus providers, which also ensures provider diversity rather than increasingly centralised mining providers; and that you need a governance process and dispute resolution forum for problems that cannot be solved solely with clever math or novel technology.
So, here at the start of January 2019, what is left of the “Ethereum in business” story?
- The number of developers with skills in Ethereum is far lower than Ethereum’s proponents claim and is orders of magnitude smaller than the programming language ecosystems supporting Hyperledger and Corda
- The core ‘engine’ of Ethereum, the EVM, has been publicly disowned by the communities that spawned it and the platform is being expensively rewritten, yet enterprise Ethereum vendors continue to push tools based on this dead-end into unsuspecting businesses.
- And the only remaining plausible argument for using Ethereum in the enterprise, that it somehow makes it easier to secure your network by ‘anchoring’ into the public network, has been shown by the Ethereum Classic debacle to be false.
Be in no doubt: blockchain for the enterprise is real and it is here to stay. But if you’re doing it on Ethereum, you’re doing it wrong.
[Update 2019-01-14 Reworded subtitle to clarify I’m making a broader point about probabilistic finality]
Ethereum variants used in private enterprise deployments almost always use non-mining based consensus algorithms like Raft, IBFT, PoA etc and so the odds of an attack on the consensus (finality) are extremely low. Unlike Corda, Ethereum does not need a notary to intermediate for each transaction and has already proved itself in the public sphere to be a viable solution. How many of these enterprise blockchain solutions could stand up to that level of scrutiny with billions in bounties up for grabs? Ethereum is definitely battle tested and evolving. I would rest my case saying that there is a market fit for different platforms in the private space.
Mr Gendal, Lets talk sense attack was done on a weaker chain with less mining power, lets talk who uses R3 and does it benefit common man down in street or it just helps the bosses sitting in the top office. People in community regard you as a leader act like one. Has the attack happened on Quorum which uses PBFT which has been made by JPMC answer No as if PBFT breaks u break. and for reality check you at R3 and linux foundation don’t have capability to make any blockchain based VM and by this blog its your envy over Ethereum is visible.
actually I like the Corda Project a lot. It is in the private DLT Space, in my eyes, the most promising.
But what I don’t like is mixing the facts to push some own narrative.
Unfortunately, this is what happens massively in your article.
Immutability for digital information is hard to achieve.
In a private consortium chain, immutability can be broken if the participating validators agree to break it.
If you point a gun to the validator heads, with a finger snap, history of the blocks is rewritten.
And a gun can be: 100 people died due to faulty medicine. The supply chain validators agree to remove a block from their private DLT. So not literally a gun made of steel…
In a public (PoW) blockchain, immutability can be broken if the majority of validators agree (>51%).
So you chose the blockchain which is hardest to mutate to secure your transactions.
If you want to change history, you have to overcome hurdle to reach 51% consensus power.
In case of Ethereum Classic, this is only a fraction of hashing power needed for Ethereum.
In case of Ethereum, this is only a fraction of hashing power needed for Bitcoin.
There is nothing more immutable than Bitcoin and the limit of immutablity extends with every hashing power addeded to it.
Corda representatives should not mix the facts about some 51% attack on minority chains and make conclusions about all existing public PoW chains.
Hi @Aravind. Thanks for the comment! I agree you can deploy Ethereum in a private context but I disagree there is no need for a notary. Notary is just the word we use for the consensus service. Fabric uses the word “Ordering service”. We could also have said “consensus cluster”, “uniqueness service”, “block producer”, whatever. It’s the thing that confirms transactions. One-by-one in Corda, batched into blocks in Ethereum and Fabric. Don’t get hung up on the name 🙂
But your point is the one I tried to address with claims #1 and #2 in my piece. If you’re not planning to interoperate with the public chain, eg for anchoring (which I tried to debunk in claim #3) then you’re left with the question of why you’re using Ethereum. Skills are far more abundant in the Java and Go ecosystems, and, in any case, why would you target a runtime (the EVM) that is end-of-life?
I totally agree with your “battle tested” comment… systems always get stronger as a result of being used in the wild. No question.
Thanks for the comment – I know my article caused controversy and I appreciate the civil, constructive way which you (and others) have chosen to respond.
Best regards – Richard
Hi Florian – thanks for the comment. You’re right to draw a distinction between ETC and ETH – and I updated the subtitle of the article shortly after publishing as I hadn’t distinguished between them clearly enough. But I was trying to make a slightly different point: sure… it may be harder (at present) to reverse one public PoW-secured chain than another but it’s the fact that you never quite know _when_ the risk is negligible that makes these approaches so hard to use for business applications. You’re right that any consensus system could in principle be rolled back… but that’s an argument for planning up front for what you would do if it should happen. But anyway – thanks for the comment.
Richard, absolutely appreciate your assessment. Our confidence from multiple angles in selecting r3 for the architecture of our Blockchain4Media solution for the digital advertising space, is reinforced by the points you raise in your post. Money makes the world go round, and with r3’s blockchain consortium of 200 of the world’s largest institutions, including the major financial institutions around the globe; one of the first criteria was checked off our list. Transaction and data security is on the top of the list of importance for any financial institution, as it is with Blockchain4Media. Transaction speed was also at the top of the list. With over $100M invested by the world’s major institutions into the r3 blockchain consortium, and custom configuration of the blockchain nodes at the core product set, the vote of confidence for r3 couldn’t be stated any stronger. Money talks.
Hi LuRae – thanks for the comment! Great to have you as part of the Corda ecosystem. https://marketplace.r3.com/solutions/blockchain4media?referrer=search
Appreciate your in-depth assessment on this topic! Thanks
thanks for Article, it does clears some myth about EVM
Thanks for this useful information.
Best Blockchain Training in Kolkata
Indian Cyber Security Solutions
Best Blockchain Training
Inspirational content, have achieved a good knowledge from the above content on Blockchain Training useful for all the aspirants of Blockchain Training.
bán cầu nâng thủy lực 1 trụ rửa xe ô tô
This is really nice.Certified Ethical Hacking
Nice Post | thank you so much for sharing the informative article share with us, your blog was creative writing ability has inspired me. whatsapp mod