Date
August 16, 2020
Author
Richard Caetano
Summary
The second in a series of articles documenting our product development

From the Digital Atelier: the Crypto Ledger

Following our last article, “From the Digital Atelier: the Akord Wallet”, we will take a look at how we work with your Akord Wallet to secure every operation made to your data in an “internal blockchain”.

Released in 2009, Bitcoin not only changed the technological capabilities of networks, it changed the political views on modern institutions. ‘Decentralization’ replaced the need for a centralized institution to preside over a system of money.

Blockchain, the underlying technology of Bitcoin, is a tool developers can use to build a network of computers where each node participates in the consensus of what is written in a permanent ledger. By extending blockchain into other use cases, it has the potential to bring accountability to our financial systems, our global trade networks and our governmental systems.

Paradigm shifting for business right?

Blockchain Consortiums are Complicated

Well, as it turns out, it’s not that easy to get a consortium of enterprise companies to agree on deploying a blockchain network. Tricky questions with no clear answers are raised:

  • Who controls what?
  • How should consensus be achieved?
  • Who owns the data?
  • What if members leave and/or no one uses it?

The complexity increases as competition and incumbents are factored in. If we look at the many attempts to deploy an enterprise blockchain network, we cannot find many that are still running in production:

More than 80,000 projects claiming to utilize blockchain technology have launched worldwide since Bitcoin’s underlying technology became the hottest buzzword in business. Of those projects, only a mere eight percent are still active, and the average lifespan of any given project is roughly 1.22 years. - bitcoinist.com

Meanwhile, the business activity around cloud-based software is exploding. Software-as-a-service (SaaS) platforms offer quick installation and setup, global accessibility and realtime upgrades. ‘Built in the cloud’ is truly mainstream as claimed by the Gartner quote below:

At this point, cloud adoption is mainstream. The expectations of the outcomes associated with cloud investments, therefore, are also higher. Adoption of next-generation solutions are almost always ‘cloud-enhanced’ solutions, meaning they build on the strengths of a cloud platform to deliver digital business capabilities.

Cloud-based software offers a nearly perfect way to deliver software services. So what can go wrong?

Centralized Security and Backdoors

In July of 2020, illegal tweets were posted on the social media giant Twitter. Accounts belonging to Joe Biden, Barack Obama, Elon Musk and Bill Gates were compromised by a group of hackers led by a 17-year-old in Florida. The sophisticated attack leveraged employees’ accounts to send out the tweets and to access the inboxes.

The hackers were able to work through internal employees and their accounts to gain backdoor access. With 'admin' control they were able to see the user's direct messages and post illegal tweets.

A fake tweet posted to Apple's Twitter Account

Backend access is common across many SaaS platforms and is a threat to users' security. It’s clear to say that data security and integrity always comes down to who controls the keys to the data. Own your keys, own your data.

But in this case, there's a twist. In the illegal tweet, the hackers presented a bitcoin address to receive money with the promise to 'give back'. Unfortunately, some people fell for this social hack, resulting in over $110,000 sent to the address. Normally, as these transactions are recorded on a blockchain, the payments cannot be reversed.

However, Coinbase, who holds Bitcoin wallets for millions of users, caught on to the hack early on. After blacklisting the hacker's address on the service to protect their customers from this fraud, they ended up preventing over 1,000 people who tried to send bitcoin. A thousand people saved by a decision made by a centralized service.

As there are trade-offs from both centralized and decentralized services, we innovate by asking the questions:

  • Can we can combine the advantages of cloud-based software with the security of blockchain networks?
  • What if we offer an “internal blockchain”, replacing network consensus with centralized control?
  • What if we centralize the smart contract (business logic) and decentralized the keys to the users?

Introducing the Crypto Ledger

Akord’s core service operates as 'single-node blockchain'. This allows us to implement a very efficient and immutable transaction register, while still having some control over the operating conditions of the service.

Eliminating the complexity around building a network, an internal blockchain offers some of the properties of a public blockchain (immutable transaction ledger, smart contracts, etc) while compromising on others (censorship resistance, distributed redundancy, etc).

Our customers own and control the cryptographic keys that secure their data. With data that’s encrypted end to end, Akord only accepts operations on the data that are signed by the authorized keys. Once validated by the service, the operation is recorded as a transaction in a ledger where it cannot be modified nor reversed. In digital security this property is called 'non-repudiation'.

We call this system the Crypto Ledger.

The Crypto Ledger functions similarly to a blockchain with transactions grouped into blocks. These blocks are cryptographically sealed, preventing any modifications to the transactions and/or data held within them.

The Crypto Ledger registers changes to your data in an ‘internal blockchain’.

In Akord, every operation executed on the data is described as a transaction. These transactions are then signed by the user and sent to our GraphQL API where it’s validated and posted to the Crypto Ledger.

The resulting hash (a digital fingerprint of the data) of the operation is then sent back to the client, ready to be included (as the previous hash) in the signing of the next operation. It’s by embedding this hash into the next block that we get strong accountability for the operations made by the user.

With a signed list of changes to a data set, we can then render the current state while offering the proof behind it. Ultimately, the transaction cannot be forged by anyone other than the user who controls the wallet.

By decentralized the control of the data to our users, we have no backdoor that can be hacked

Conclusion

As data becomes more valuable, its security becomes ever more important. By understanding the advantages of both centralized and decentralized software platforms, we can begin to combine the strengths of both to imagine and build a new paradigm.

As we are seeing with Akord, we can build an efficient and easy to deploy platform with a very high level of data integrity on an internal blockchain. This enables us to offer some of the key benefits of blockchain technology, ‘out of the box’ on a SaaS platform, to businesses of all sizes.


In the next article of this series, we will look at how your privacy is protected and encrypted, end to end.