Bitcoin (2008) and Ethereum (2015) are the most well-known, while Zcash (2016), Tezos (2018) and Algorand (2019) are the most recent. With millions of users worldwide, these various crypto-currency (token) exchange networks are based on blockchain technology. Blockchain is similar to a shared, transparent and secure database which operates in a decentralised manner and without a controlling intermediary. Similar to a distributed ledger, it contains the entire history of transactions carried out on a network by the parties involved. Transactions are grouped and recorded in blocks of data which are linked to each other. Each new block is first validated by the participants before being added to the chain using blockchainspecific techniques. In the end, each user has the same copy of the database.
While the general public still tend to largely associate blockchain with the transfer of assets, this technology for storing and sharing information is now used in other sectors (health, supply chain, intellectual property, governance, voting, energy, automotive, etc.) and is of increasing interest to companies. Originally intended to be public and open to all (still its most popular format), the technology has evolved into private formats, such as those developed by companies, with access limited to authorised users.
While a range of parameters vary from one blockchain to another, the mechanism for validating new blocks of data, or a consensus protocol, is the key to ensuring that the system remains consistent. The method used when Bitcoin first emerged and which was widely adopted by subsequent public blockchains is proof of work, or PoW, based on the solution of algorithmic problems. This validation mechanism responds to a crypto-economic logic: the first user to solve the algorithm sees their efforts (and computing power) rewarded by the payment of tokens. In this scenario, it is more profitable for participants to try to secure the network rather than attack it. “If a person has to make an effort to validate the blocks and is paid in return, they will be more likely to respect the protocol and not jeopardise the blockchain,” points out Sara Tucci- Piergiovanni, head of laboratory and blockchain expert at the Software and Systems Engineering Department (DILS) at the CEAList (Univ. Paris-Saclay, CEA). The more users a network has whose validation mechanism is based on PoW, the more secure it is.
However, even if blockchain is considered almost infallible and unfalsifiable, it is not immune to attacks, like the so-called 51% rule. It occurs when one user has enough computing power to dominate and take control of the blockchain. This type of attack is unlikely for large blockchains, but becomes possible with smaller ones.
One of the main problems with blockchains, whose consensus protocol is based on proof of work, is their energy consumption. “The most optimistic of assessments suggest that validating a transaction with PoW is equivalent to consuming as much energy as that consumed by a four-person household per day in France,” says Sara Tucci- Piergiovanni. On Bitcoin alone, the number of transactions averages 330,000 per day.
In addition to its energy and environmental costs, PoW also limits scaling up options. “The most popular public blockchains, such as Bitcoin and Ethereum, are experiencing bottlenecks. Ten transactions take place per second at most, which is relatively low. More efficient consensus, data representation and transaction processing mechanisms must be found in order to scale up to several thousand transactions per second,” points out Daniel Augot, a researcher at Inria Saclay and a member of the Ile-de-France academic research group BART (Blockchain Advanced Research & Technologies).
It is for these reasons that another method for achieving distributed consensus, which has emerged in recent years, is gaining ground in public blockchains. Known as proof of stake or PoS, the method does not consume so much energy. The PoS does not require users to use their computing power, but instead prove that they hold a certain amount of crypto-currency in the blockchain. “The more assets the user has in the system, the more likely they are to be chosen as a block validator,” explains Daniel Augot. As the user commits their money and the money invested is locked in, it is in the user’s interest to contribute to the smooth running of the system. This mechanism is at the heart of the Cosmos, Cardano and Tezos blockchains, and Ethereum has committed itself to implementing the PoS model by the end of 2021.
“With proof of stake, there is however a small chance that two validators will be chosen at the same time to validate a transaction and enter it into the next block. This can produce two competing blocks, one of which must be rejected. The rule when this occurs is to opt for the longest chain,” points out Sara Tucci-Piergiovanni. A new algorithm developed and applied by some blockchain platforms such as Hyperledger and Tendermint avoids this temporary inconsistency. This consensus algorithm, known as byzantine fault tolerant (BFT), tolerates network communication faults and uses a list of validators known at the outset. For additional security, the most recent blockchains combine PoS and BFT. “They include a committee of validators whose task is to approve each new block generated by a BFT algorithm. If a quorum of signatures is reached for a given block, then it is immediately accepted by the rest of the network. It starts again in the same way for a new block,” explains Sara Tucci-Piergiovanni.
At CEA-List, researchers have recently analysed the BFT consensus protocol of the Tendermint blockchain. “Certain flaws and vulnerabilities were found and have since been fixed,” says Sara Tucci-Piergiovanni. This work also confirmed Tendermint’s ability to tolerate up to one third of malicious participants without jeopardising the consistency of the system. The team is currently working on low power blockchains, such as Tezos, which use PoS and the BFT algorithm. “The security and performance of these systems continue to improve.”
Guaranteeing the confidentiality of transactions when a public blockchain is, by definition, open, (meaning everyone can see everything), is one of the other cryptographic issues that remains to be resolved. The solution might just lie in the zero knowledge proof (ZKP) protocol, which is used by the blockchain Zcash. The ZKP makes it possible to prove that transaction’s validity criteria have been met without having to explicitly show them, i.e. without providing evidence. Neither the sender, nor the recipient, nor the transaction amount are known. “It is a bit like the game ‘Where’s Wally?’ – to prove that the character has been found in the picture without showing him precisely, a much larger sheet of paper is superimposed and perforated at the character’s exact location,” explains Daniel Augot.
The other advantage of ZKP is that the proof provided is much shorter than the real proof. This makes validating a large number of transactions with a single proof possible. “Zero knowledge proof excites people, especially in industry. It is seen as a solution for scaling up and major standardisation initiatives are being carried out on this technology,” says Daniel Augot.
Smart contracts are another blockchain feature which are of great interest to industry. These computer programmes are quite small (between 30 and 100 lines of code) and once started, they automatically execute a set of predefined instructions within the network without the need for human intervention. Many of the challenges relate to their language and verification. “The aim is to develop verification tools so that users, particularly those in industry, are able to describe their programme and its normal behaviour,” explains François Bobot, a researcher from the Software and Systems Engineering Department (DILS) at CEA-List. These tools must be able to express the properties of the programme easily and verify them. “The smart contract scene is very active. There are a lot of computer languages for coding them – new ones, as well as old ones which have been updated.”
At CEA-List, François Bobot and his colleagues use the Why 3 platform to verify these programmes. The platform was developed by the Laboratory for Computer Science (LRI) which became the Formal Methods Laboratory (LMF – Univ. Paris-Saclay, CNRS, Inria, Centrale- Supélec). “Why 3 has a fairly powerful language and many tools to express the desired properties easily. It is used to transition towards the programming languages used by industry, like Solidity.” The team uses formal methods, such as abstract interpretation, deductive verification and model checking. “Using mathematical formulas, we try to describe the expected behaviour of the programme as precisely possible as in order to check that it respects its specification.”
Today, blockchain is increasingly being used in areas like supply chains where traceability and product auditing is key. For example, BART and IRT System X are currently conducting a vehicle logbook project. The idea is to record in a blockchain all the operations carried out, from the numbering of spare parts in the factory to the arrival of the vehicle at the scrapyard. The goal is develop a passport for a product that conforms to a set of rules and criteria imposed by regulations. “At the moment, there is no central supervisory authority capable of acting as a cross-border validator. And there is no other technology, apart from blockchain, which can meet this challenge,” says Sara Tucci-Piergiovanni.
Recently, CEA-List has been working with TEO (The Energy Origin), the start-up incubated by Engie and Bureau Veritas, the world leader in inspection, certification and laboratory testing, to launch a green energy traceability application based on blockchain and the implementation of smart contracts. “The aim is to ensure that the green energy credit lines produced in one location are used only once elsewhere,” says François Bobot. With the start-up Connecting Food, CEA-List is trying to encourage stakeholders in the food industry to enter their certificates into blockchain for greater transparency.
Aside from technological issues, blockchain raises legal and regulatory questions which legislators are only just beginning to address. And the task is not that simple. “The technology is not stable, nor are its uses. It is difficult to provide a legal framework for an area that is constantly evolving,” points out Mélanie Clément-Fontaine, a researcher of the Business Law and New Technologies Laboratory (DANTE – Univ. Paris-Saclay, UVSQ). Finding the right timing for legislation is not easy. “If we intervene too early, the law will prevent the technology’s development.” The cross-border aspect of technology also makes it difficult to apply simple regulation.
“This does not mean that there is a legal vacuum as there is an existing legal arsenal to draw on. The challenge is how to successfully adapt it to blockchain uses,” suggests Mélanie Clément- Fontaine. The field of crypto-currencies, where the technology is most advanced, is the first field where the law has understandably become involved. “It clarified how tokens are classified, which do not have the status of money but of digital assets.” The PACTE law (Action Plan for Business Growth and Transformation), enacted in 2019, allows the creation of financial securities (shares) through blockchain. “Thanks to this law, it is now possible to issue financial securities, which was previously reserved for banks,” points out Véronique Magnier, a researcher at the Institute of Ethical Property Law (IDEP – Univ. Paris-Saclay). The law also added a principle of equivalence – a financial security on blockchain has the same scope as a security in a bank account. This principle challenges the supremacy of banks, which is something that the French competition regulator, the Autorité de la concurrence, is also monitoring. “When players have their own crypto-currency, it creates an ecosystem which drives competition. The consumer is caught and locked into this system,” points out Mélanie Clément-Fontaine.
Another issue, resolved by the 2016 Sapin II law, is the tax framework for transactions carried out in blockchain. The application of a flatrate levy was the chosen solution. In regards to money laundering, the law has also intervened by passing a law in 2019 that removes the anonymity of users in the event of an inspection from tax and public authorities. “The government’s role is to ensure that individuals are protected when using this technology. It is mindful of respecting personal data, consumer rights and the prevention of scams or unlawful activities,” says Mélanie Clément-Fontaine.
The registration of financial securities in a blockchain opens up a whole field of possibilities in terms of corporate governance. Traditionally, holding shares in a company gives a person the right to vote at general meetings. Although French law has allowed remote voting since 2001, and in particular electronic voting, in practice it is not widely used as it is not considered secure enough. “There have been many cases of fraud. Companies have remained very wary of this method of voting,” says Véronique Magnier. However, the current health crisis has changed everything. The suspension of travel and face-to-face meetings has forced companies to develop blockchainbased voting platforms, the majority of which are private.
Blockchain also has the potential to ease the administrative burden on businesses. In France and abroad, companies are required by law to keep registers, including the register of share movements or the shareholders’ register, the minutes of shareholders’ and partners’ meetings, the accounting books, etc. “Transferring all of these records, which are typically kept in paper format, to a blockchain, would be revolutionary for company legal departments. However, this transfer would have to be planned in order to avoid any disruption of information.”
In the field of intellectual property, blockchain is a good way to demonstrate the existence of prior art. “People have rights and if someone challenges them, they have to prove the existence of a prior right,” points out Véronique Magnier. As evidence is at the heart of the law during a trial, what type of evidence is blockchain similar to? French and European law allow for different types of evidence – documentary or written, witness accounts, circumstantial, confessions and oaths. Among forms of written evidence, the law recognises digital evidence and the value of digital writing. This evidence must meet a certain level of reliability. “If there is a cryptographic protocol, the evidence is considered as submitted. However, as long as French or European legislators do not specify that blockchain evidence is equivalent to submitted evidence or simple evidence, we will remain in the dark.” At present, this does not prevent certain lawyers from protecting their clients’ intellectual property by using dedicated blockchain platforms. “The question is how will a judge react to this type of evidence in a trial?”
In the short term, efforts should be made to train lawyers and company staff. “Today, companies do not necessarily have all the possible uses of blockchain in mind. People need training so that they can understand and be able to manage the technology,” says Véronique Magnier. It is a technological shift which is at the root of many sociological questions as certain professions will probably disappear within companies. “This will inevitably require a trade-off between human and artificial intelligence,” warns the researcher.