STANDARDS NOW

Blockchain Standards for Compliance and Trust

Blockchain methods are emerging as practical tools for validation, record-keeping, and access control in addition to their early applications in cryptocurrency. This column explores the options for use of blockchains to enhance security, trust, and compliance in a variety of industry settings and explores the current state of blockchain standards.

ryptocurrency applications of distributed ledger methods such as blockchains are now well estab- Ashiq Anjum lished, but their implications for more general topics University of Derby are just beginning to be appreciated. Beyond appli- Manu Sporny cations in finance and banking, new applications are emerg- Digital Bazaar ing in supply chain management, manufacturing, agricultural product tracking, advertising verification, Internet of Things, Alan Sill healthcare, and the pharmaceutical industry, among others. Texas Tech University

This column will explore Distributed Trust current and open topics for The idea of a completely stand-alone, autonomous, trust, verification, compliance, self-contained, self-validating application that does and security in distributed environments with a spe- not depend on either immediate or eventual net- cific focus on the current status of standards efforts work communication is becoming nearly unthink- related to blockchain technologies. able. In the past, keeping something secure usually depended on providing it with isolated defenses, such as placing it in a physical safe or otherwise iso- lating it from external access. This approach is still a component of some forms of electronic security, such as offline hardware cryptographic modules for certificate authorities, but blockchain methods depend, in contrast, on the idea of independent EDITOR open verification rather than isolated operation. ALAN SILL Distributed methods carry the advantage of being Texas Tech University useful in multiple, physically separated settings, but [email protected] require the existence of methods to determine that a given transaction is complete. Blockchains have

2 IEEE CLOUD COMPUTING PUBLISHED BY THE IEEE COMPUTER SOCIETY 2325-6095/17/$33.00 © 2017 IEEE become popular precisely because they is that, just like the web itself, this rep- physical human- or machine-readable provide noncentralized, independently resents the applicability of blockchain labels, such as bar codes or RFID tags. verifiable capabilities to ensure the integ- techniques to solve problems in a way Furthermore, such physical labels do not rity and consistency of distributed ledgers that adds to, rather than replaces, exist- themselves permit recording of associ- and the associated transactions. ing business, scientific, record-keeping, ated data, such as temperature or shock and audit trail logging use cases.2 protection handling records during ship- Key Success Factors To make a true leap to a status that ment. Blockchain methods can be added One factor that drives the interest in dis- could in fact be revolutionary, interna- readily to verify the association of such tributed ledger-based methods is the ease tional standards will have to be devel- records with food or parts during ship- with which they can be added to existing oped simultaneously across a wide range ment at extremely low costs once the basic workflows and data processing lifecycles. of needs, as outlined in these tables; or distributed ledger methods are in place. This consideration may be more impor- alternatively, developed in a way that will Advertising verification is another tant, in the long run, than the current allow their characteristics to be mixed area in which adding trust and compli- emphasis on inventing entirely new busi- and matched seamlessly depending on ance to existing business models can ness models based on such methods. the application area. Much work is going enhance value. In addition to the direct Key success factors, in this view, for on in pursuit of such approaches. use case of allowing billing verifica- the use of distributed ledger technolo- tion through shared ledgers, blockchain gies basically boil down to whether the Compliance Using Blockchains methods can also be applied directly introduction of such methods will solve Consider the example of providing during generation of the advertising particular problems without requiring RFID tags to parts to enable tracking impressions to ensure their authenticity the addition of entirely new business them through a supply chain. While it and uniqueness. In this way, fake views, models and can be incorporated into is easy to register unique tags to each spoofed domains, and other mecha- existing processes. part, even for items produced at large nisms for advertising fraud can be volumes, nothing prevents a given reg- avoided.4 The adChain Registry (https:// Blockchain Types and istry tag from being assigned to more adtoken.com/uploads/white-paper.pdf) Performance Characteristics than one such part, or the introduction provides an example of a decentrally- By now, many different blockchain ap- of other tags that either intentionally or owned domain whitelist being launched proaches have been documented, and an accidentally duplicate such information. as a collaboration of industry groups. increasing number of them are beginning Some might argue that distrib- The adChain Registry is a smart con- to receive significant use. Figure 1 docu- uted ledgers can entirely replace physi- tract on the Ethereum blockchain ments different blockchain approaches cal tags and labels, but we believe that which stores domain names accredited and how capable they are at achieving tra- there is an overlap between these tech- as nonfraudulent by participants. ditional information security principles.1 nologies. There are definitely situations Not all of these perform in the same in which human- or machine-readable Blockchains for Recordkeeping way on a given usage pattern. Some are labels are valuable, or even essential. Since many applications of block- more suited to particular types of oper- With the addition of a digital signature chain technology beyond cryptocur- ation than others. Figure 2 highlights and incorporation of that signature into rency relate strongly to recordkeeping, some of the primary performance char- a blockchain, such tags can be checked existing standards on information and acteristics of several different types of easily with respect to their authenticity records management are applicable blockchains.1 and uniqueness. Counterfeit parts can and provide a good basis for extrapo- Beyond the generally-applicable be excluded, and accidental duplica- lation. A good review of this aspect of types of blockchains explored in these tions eliminated, through this method. blockchain applications is contained in figures, an increasingly wide range of Such approaches can also be applied the article by Lemieux, which summa- specialized distributed ledger technolo- to any sort of record management to rizes previous applicable recordkeep- gies has emerged focused on specialized ensure tamper resistance and authen- ing standards and also points out some fields of application. Although some ticity of business records.3 limitations inherent in overdependence have argued that this represents a foun- Some transactions, however, are too on distributed ledger technologies for dational shift in technology, our belief small or otherwise unsuited to affixing record-keeping.5

JULY/AUGUST 2017 IEEE CLOUD COMPUTING 3 STANDARDS NOW

Many Di erent Types of Blockchains

Principle Bitcoin Ethereum Stellar IPFS Blockstack Hashgraph

Confidentiality None None None Hash-based None None content addresses

Information Block Block Ledger Graph and Block Hashgraph/ availability mirroring mirroring mirroring file mirroring mirroring/ mirroring; DHT Optional mirroring Event History

Intergrity Multiple Multiple Latest Hash-based Multiple Consensus block block block content block with verifications verifications verification addressing verifications probability one

Non Digital Digital Digital Digital Digital Digital repudiation signatures signatures signatures signatures signatures signatures

Provenance Transaction Ethereum Digitaly Digital Transaction Hashgraph/ inputs/outputs state signed ledger signatures inputs & mirroring; machine and transition and outputs and Optional transition instructions versioning virtual chain Event History functions references

Pseudonymity Public keys Public keys Public keys Public keys Public keys, Not and contract but public supported; addresses information could be encouraged layered

Selective None None None None Selective Not disclosure access to supported; encrypted could be storage layered

FIGURE 1. Blockchain information security principle analysis.

It is worth remembering that most Current State of Standards Conditions under which standards can ledgers function by storing and crypto- Applications of blockchain methods be expected to contribute usefully to graphically signing hashes associated are growing rapidly due to the consid- developing areas of technology can be with information and transactions, and erations just mentioned. As with any characterized and quantified.6 Strong do not necessarily contain the primary rapidly developing field, there has been bidirectional feedback and communica- information being recorded. While a chorus of calls for standardization of tion between application user commu- there are ledger standards under devel- associated terminology and technologies nities and the organizations developing opment to store information directly to optimize interoperability and useful- the standards are also crucial.7 in the blockchain, such as the Web ness of these methods. Items that could be targets for further Ledger Protocol (https://w3c.github.io The decision to pursue develop- standardization include the following:8 /web-ledger/), many existing blockchains ment of standards depends strongly require additional layers and long-term on whether they will simplify the field • Basic data models for Blockchain repositories to allow blockchain signing by producing an overlap among mul- (Blocks, Events, and State Machine) to function efficiently as part of record- tiple suppliers, particularly in a way • Consensus algorithms (Proof of keeping systems. that promotes creation of markets. Work, Stellar Consensus, Hashgraph)

4 IEEE CLOUD COMPUTING WWW.COMPUTER.ORG/CLOUDCOMPUTING erormce hrcterstcs o occhs

rcpe tco thereum ter ocstc shgrph Consistency Block Block Single block P2P mirroring. Block Consensus verifications. verifications. verification. Limited verifications. with 30–60 20–60 Less then 1 primarily by 30–60 probability minutes minutes minute network I/O. minutes one; Byzantine Several agreement, seconds for but attackers files less than must control 128KB. less than one- third

System Block Block Single block Single storage Block Virtual voting; Availability verifications. verifications. verification. request verifications. DoS resistant 30–60 20–60 Less then 1 response. 30–60 without minutes minutes minute Several minutes proof-of-work, seconds for fast files less than gossip 128KB. Failure Longest chain Longest chain Last balloted Content Longest chain Strong Tolerance wins wins block always address hash. wins Byzantine fault has Highly resilient tolerance consensus. against network partitioning Scalability Block size. 7 Block size. 7– Thousands to Thousands to Block size. 7 Thousands to transactions 20 tens of tens of transactions tens of per second transactions thousands of thousands of per second thousands of per second transactions transactions transactions per second. per seconds. per seconds. Scales linearly Limited by as nodes are bandwidth added. only

Latency Block Block Single block Single storage Block Virtual voting; verifications. verifications. verification. request verifications. limited only by 30–60 20–60 Less than 1 response. 30–60 exponentially minutes minutes minute. Several minutes fast gossip seconds for protocol files less than 128KB. Auditability Full Full Full Di–cult Full Configurable Liveliness Full Full Full Fails if nodes Full Full storing data fail Denial of Spend Bitcoin Spend Ether Spend Stellar Files are only Spend Bitcoin Signed State/ Service mirrored if Proof-of-stake/ Resistance requested <1/3 attackers System Low, but not Medium High Medium Medium Medium High Complexity full system FIGURE 2. Blockchain performance characteristics analysis.

• Storage algorithms (Merkle Trees, Hierarchically Deterministic Keys, The World Wide Web Consortium MerklePatriciaTries, Linked Lists) Chainpoint) (W3C; https://www.w3.org) held a work- • Signature algorithms (JOSE Web • Web-based access protocols (Cre- shop in June 2016 to examine aspects Signing, Linked Data Signatures, ate, Read, Add, Get Status, Query) of blockchains that relate to Web

JULY/AUGUST 2017 IEEE CLOUD COMPUTING 5 STANDARDS NOW

technologies, and identify specific tech- deferred the potentially more challeng- trade, and community organizations nologies mature enough to consider for ing work on establishing standards for that are not otherwise based in formal standardization. After issuing a report, governance, auditing, or interoperabil- standards developing organizations. it has formed a number of new groups ity of these technologies. These are distinguished from the work to address these topics including the The standardization sector of the of formal standards organizations by the following:9 International Telecommunications Union fact that they are often accompanied by (ITU-T; https://www.itu.int) has estab- repositories of open source implemen- • Credentials Community Group lished a focus group on distributed led- tation code. Bitcoin itself is based on a (https://www.w3.org/community ger technology (FG DLT; https://www.itu series of standard specifications devel- /credentials/) .int/en/ITU-T/focusgroups/dlt/). Accord- oped and maintained by its own com- • Digital Verification Community ing to its charter, this group will develop munity through a process called Bitcoin Group (https://w3c-dvcg.github.io/) a standardization roadmap for interoper- Improvement Proposals (https://github • Blockchain Community Group able DLT-based services, taking into con- .com/bitcoin/bips). (https://www.w3.org/community sideration the activities underway in ITU, Other organizations have emerged /blockchain/) other standards developing organizations, to pursue goals for distributed ledger • Verifiable Claims Working Group forums, and groups. technologies that are independent from (https://www.w3.org/2017/vc/), and Other major formal standards the Bitcoin community. The Cloud • Interledger Community Group developing organizations active in pro- Standards Customer Council, for exam- (https://www.w3.org/community moting DLT standards include the ple, has produced a document summa- /interledger/) IEEE, which has formed a blockchain rizing the exiting needs from a business member interest group to coordinate perspective, and offering a reference The W3C’s Web Ledger Proto- and disseminate information on activi- architecture that could be used in fur- col (https://w3c.github.io/web-ledger/), ties in this area (http://blockchain.ieee ther standardization efforts.12 which is a work in incubation at W3C, .org), and the Society for Worldwide As an example of community was recently the recipient of a Small Interbank Financial Telecommunica- responses to these needs, the Hyper­ Business Innovative Research proj- tion (SWIFT; https://www.swift.com), Ledger collaboration (https://www ect award from the US Department of which has recently expanded its activi- .hyperledger.org), hosted by The Linux Homeland Security’s Science and Tech- ties in this area to work with several Foundation, currently has more than nology Directorate.10 related industry organizations. 120 supporting industry members and The International Organization There is already considerable coor- a governance model that allows for for Standardization (ISO; https://www dination among these efforts. The ISO community participation. It supports .iso.org/) has also recently launched TC 307 has formal liaisons with ITU-T, projects spanning a range of business a technical committee (TC) 307 on SWIFT, and other interested parties, blockchain technologies, including dis- blockchain and distributed ledger tech­ for example, and liaisons from the ISO tributed ledger frameworks, smart con- nologies (https://www.iso.org/committee and W3C Blockchain work recently met tract engines, client libraries, graphical /6266604.html) with liaisons with sev- at a US Federal Reserve Secure Pay- interfaces, utility libraries, and sample eral other ISO committees and other ments Task Force meeting to discuss applications. The OpenChain proj- relevant standards developing organi- aligning the initiatives at each organiza- ect (https://www.openchain.org) and zations. This effort was originally pro- tion as the work progresses. related Open Assets Protocol (www posed by Standards Australia, which .openassets.org/) supports specifica- published a roadmap for blockchain Industry, Trade, and tions available at https://github.com standards in March 2017.11 Community Organizations /openchain/docs and https://github.com The new ISO TC 307 has estab- As has been discussed in several pre- /OpenAssets/open-assets-protocol that lished working groups on a reference vious Standards Now columns, some are aimed to support and manage user- architecture, taxonomy, and ontology of the most effective work in creation, created assets. Each of these projects (SG 1), use cases (SG 2), security and development, and curation of cloud supports both community-based specifi- privacy (SG 3), identity (SG 4), and standards continues to be accomplished cation development and repositories of smart contracts (SG 5), but has so far by the direct formation of industry, open-source implementation code.

6 IEEE CLOUD COMPUTING WWW.COMPUTER.ORG/CLOUDCOMPUTING Future Directions Acknowledgments 6. A. Sill, “Socioeconomics of Cloud Portions of this article are based on Standards,” IEEE Cloud Comput- espite initial successful uptake, work performed with funding from ing, vol. 2, no. 3, July 15, 2015, current blockchain methods the US National Science Foundation’s pp. 8–11; doi:10.1109/MCC.2015.59. exhibit gaps and limitations in areas Cloud and Autonomic Computing 7. A. Sill, “Forecasting Cloud Stan- related to scalability, flexibility, and Center under award number 1362134. dards Success Patterns,” IEEE governance. The architectural choices Other portions are based on work that Cloud Computing, vol. 4, no. 1, Mar. made by currently available products was performed by Digital Bazaar, which 15, 2017, pp. 56–60; doi:10.1109 favor security and data integrity over has been funded in part by the US /MCC.2017.3. scalability and flexibility. For example, Department of Homeland Security’s 8. M. Sporny, “A Web-Based Ledger most Bitcoin-based systems cannot pro- Science and Technology Directorate Data Model and Format”; https:// cess more than seven transactions per under contracts HSHQDC-16-C-00058 www.w3.org/2016/04/blockchain second. These limitations in the tech- and HSHQDC-17-C-00019. The con- -workshop/slides/Sporny-Block- nology have led to a number of special- tent of this article does not necessar- chains-The_Bits_That_Could_Be ized platforms—we’ve counted 70 so ily reflect the position or the policy of _Standardized.pdf. far—that have emerged to address prob- the US Government and no official 9. World Wide Web Consortium, lems in specific sectors and application endorsement should be inferred. “Blockchains and the Web Report: domains. Clearly, standardization activ- A W3C Workshop on Distributed ity will be required to enable these tech- References Ledgers on the Web,” June 29–30, nologies to be interoperable. 1. M. Sporny, “Building Better Block- 2016; https://www.w3.org/2016/04 Improvements addressing confiden- chains: Linked Data in Distrib- /blockchain-workshop/report.html. tiality, strong identity, and collaboration uted Ledgers,” Proc. 26th Int’l 10. S. Higgins, “US Government Awards between the blockchain network par- Conf. World Wide Web Com- $2.25 Million to Blockchain Re- ticipants will be required in near future. panion, Apr. 3–7, 2017, p. 1429; search Projects,” CoinDesk, May Smart contracts will very likely soon lead doi:10.1145/3041021.3053899. 12, 2017; http://www.coindesk.com to programmable blockchains, and associ- 2. M. Iansiti and K. R. Lakhani, “The /us-government-awards-2-25-million ated standards and tools will be required Truth About Blockchain,” Harvard -blockchain-research-projects. for developing, debugging, monitoring, Business Review, Jan.–Feb. 2017, 11. Standards Australia, “Roadmap and managing smart contract systems. pp. 118–127; https://hbr.org/2017/01 for Blockchain Standards,” Mar. This discussion only represents our /the-truth-about-blockchain. 2017; http://www.standards.org.au own viewpoints. Given space limita- 3. K. O’Marah, “Blockchain for Sup- /OurOrganisation/News/Documents tions in this column, it only scratches ply Chain: Enormous Potential /Roadmap_for_Blockchain_Standards the surface of a very large field, con- Down the Road,” Forbes, Mar. 9, _report.pdf. centrating on the most recent standards 2017; https://www.forbes.com/sites 12. Cloud Standards Customer Coun- activity. We are open to other opinions /kevinomarah/2017/03/09/block- cil, “Cloud Customer Architecture and experience in this area and are sure chain-for-supply-chain-enormous for Blockchain.” July 2017, http:// that readers of the magazine would also -potential-down-the-road/. www.cloud-council.org/deliverables appreciate any additional article sub- 4. “MetaX and DMA Provide Block- /CSCC-Cloud-Customer-Architecture missions or information on this topic. chain Solution for Digital Advertising,” -for-Blockchain.pdf The magazine is open to input on Chain Finance, June 13, 2017; https: this or previous columns. Please include //blockchain-finance.com/2017/06/13 ASHIQ ANJUM is professor of distrib- news you think the community should /metax-and-dma-provide-blockchain- uted systems in the School of Comput- know about in the general areas of solution-for-digital-advertising/. ing and Mathematics at the University cloud standards, compliance, or related 5. V.L. Lemieux, “Trusting Records: of Derby. His areas of research include topics. Ideas for potential submis- Is Blockchain Technology the An- distributed and parallel systems (includ- sions to the magazine or for proposed swer?” Records Management Journal, ing high performance computing, grid, guest columns can be sent to alan.sill@ vol. 26, no. 2, pp. 110–139; https:// and cloud computing), distributed top- standards-now.org. doi.org/10.1108/RMJ-12-2015-0042. erating systems, and scalable methods

JULY/AUGUST 2017 IEEE CLOUD COMPUTING 7 STANDARDS NOW

to mine large and complex datasets. helped start six software technology start- PhD in physics from American Universi- He has worked on a variety of research ups. He is cocreator of the JSON-LD, ty and extensive experience in large-scale projects dealing with resource manage- Linked Data Signatures, and Verifiable scientific computing. He serves as presi- ment of large scale systems, performance Claims standards and the Flex Ledger dent for the Open Grid Forum and is an monitoring and optimization, data min- Protocol. He spends most of his time cre- active member of the IEEE, the Distrib- ing and service orchestration, and works ating open standards and open technolo- uted Management Task Force, and other closely with industry on applications of gy that will integrate payments, identity, cloud standards working groups, as well these topics. His current projects include and blockchain into the core architecture as national and international computing working with a leading Pharma com- of the Web. standards roadmap committees. For fur- pany to develop a large scale clinical trial ther details, visit http://nsfcac.org or con- management system across distributed ALAN SILL is senior director of the tact him at [email protected]. data centers to optimize drug discovery High Performance Computing Center while reducing operational costs, and and adjunct professor of physics at Tex- on machine learning algorithms for pro- as Tech University. He codirects the US cessing of video streams in a cloud envi- National Science Foundation’s multi- ronment for security and surveillance university “Cloud and Autonomic Com- purposes. puting” industry/university cooperative Read your subscriptions research center, and holds a position as through the myCS MANU SPORNY is founder and CEO visiting professor of distributed comput- publications portal at of Digital Bazaar, Inc. He has founded or ing at the University of Derby. Sill has a http://mycs.computer.org.

8 IEEE CLOUD COMPUTING WWW.COMPUTER.ORG/CLOUDCOMPUTING