A state of the art of decentralized web — Part 3

3. Blockchain and smart contracts

This article is the third chapter of a series about web decentralization. Here we will focus on one of the most trending buzzwords of the year: the blockchain. While it has real and unquestionable potential, it also has significant limits. We will have a look at the main public blockchains (meaning available to everybody) and see when it can be a clever choice in a project.

Series articles

1. Introduction
2. File storage
3. Blockchain and smart contracts
4. Databases

Before going further, if you have no idea what blockchain is, watch this 2 minutes video to get the main principles:

A brief history of the blockchain

1995 — The first signs

For the anecdote, the first known blockchain has been created in 1995 and its ledger was… a newspaper. Stuart Haber and Scott Stornetta, two researchers in cryptography, decided to use the NOTICES & LOST AND FOUND section of the New York Times to timestamp and certify data. What is the link with the blockchain everybody is speaking about nowadays? Well, it has the same characteristics: Information is encrypted and stored in a timestamped block (here an edition of the newspaper and will be distributed to a network (newspaper readers). This process makes it almost impossible to falsify data. Indeed, one could print a backdated version of the newspaper and change its content. But it would be extremely easy to verify if a version is fake or not by looking at many archives.

To be precise, the information stored in the newspaper is just a hash that allows verifying the integrity of the data that is stored "off-chain". Otherwise, they would need much more space in the newspaper! You can read more about the process here.

2009 — And God created Bitcoin

Bitcoin is a decentralized digital currency created in 2009 by someone under the name Satoshi Nakamoto. Its real identity is still unknown and subject to as many debates than the street artist Banksy. Search "Satoshi Nakamoto identity" on Google to read about the best conspiracy theories. But for sure, he is probably extremely rich now as he mined about a million blocks at the very beginning (the exchange rate fluctuates a lot, but makes him multi-billionaire).

What makes Bitcoin revolutionary is the fact it is decentralized: it isn't owned by any bank or organization, and anyone can be part of the network. Transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. You might wonder how we can get a consensus without a centralized trusted entity? To achieve that, miners (a.k.a. full nodes, they are rewarded to write data) have to provide a Proof of Work (PoW) in order to append new data into the blockchain. A PoW is the result of a complex calculation (time and energy consuming) that can be easily verified. To sum up, a single node will spend resources to append data to the blockchain, which integrity can be verified by any node. Bitcoin uses the HashCash PoW and constantly adapt the calculation difficulty.

The two main drawbacks of the Proof of Work consensus algorithm are the following:

• Mining consumes a lot of energy due to the calculation complexity. Even though the currency is purely virtual, it consumes more energy than 159 countries (not combined though). It isn't sustainable nor desirable and is even more regrettable since the computations are totally useless (they aren't helping science for instance).

• In reality, Bitcoin full nodes aren't that much decentralized because big mining pools have more chances to get their work rewarded over individual miners. Here is the last year pools distribution:

Mining pools distribution — Last year 58% of the blocks were mined by only 4 mining pools

• It is vulnerable to 51% attacks. To make it simple, if a group was able to control the majority of the mining nodes, they would be able to compromise the whole system integrity. It is, of course, a very expensive attack, but given the current distribution, hackers would "simply" have to take control of a few organizations to make it possible.

I won’t spend too much time on Bitcoin which is mostly limited to financial transactions (even though it has a scripting language and it is technically possible to write smart contracts).

2015 — Ethereum extends the potential of the blockchain

Vitalik Buterin, a programmer interested in Bitcoin, saw a much broader potential for the technology behind this crypto-currency. He and his team introduced a new blockchain aiming to create Decentralized Applications. Instead of sticking to a basic set of operations, like in Bitcoin's scripting language, Ethereum offers a Turing-complete language. To make it simple, that means you can theoretically solve any computational problem in a smart contract, assuming you have enough computation resources. Let's be clear, you will face computational limits much faster than in most languages because executing code in Ethereum has a cost (called gas) and will take more time. So it is up to the developer to keep a low complexity into the program (avoid nested loops or loops with a high number of iterations).

The smart contracts can be written in various languages, the most popular one being Solidity. They are then compiled in an Ethereum-specific bytecode and executed in the Ethereum Virtual Machine (EVM), similarly to Java. The concept of smart contract might still be abstract in your head. If you are curious about what does a smart contract can look like, here are a bunch of examples.

When coding smart contracts, security is a primary question because you are dealing with money and a small leak could have huge impacts. One good practice is to reuse libraries that have been audited instead of writing everything by yourself. Take a look to OpenZeppelin, probably the most popular one:

OpenZeppelin_OpenZeppelin is an open-source framework to build secure smart contracts. Reduce the risk of vulnerabilities in your…_openzeppelin.org

Also, when dealing with Ethereum, the development pipeline can be cumbersome. Truffle Suite offers some tools that should make your life much easier: an IDE, a testing pipeline, a simple way to upgrade your contracts (with migrations) and a tool to create a new blockchain on-the-fly for your tests. It is the Swiss army knife of the Ethereum developer.

Truffle Suite | Sweet Tools for Smart Contracts_The Truffle suite of tools make dapp development easier and more consistent._truffleframework.com

So, Ethereum looks amazing! You can code everything on it which makes it theoretically possible to decentralize any application! Let's now have a look at the main limitations:

• Environmental disaster. As for Bitcoin, Ethereum uses a Proof of Work consensus algorithm and has the same environmental impact issue due to its electricity consumption. The good news is they are planning to move to a Proof of Stake (PoS) in 2019 (project name: Casper). What's this? Well, instead of resolving time and energy consuming calculations, the miners (here called validators) will have to deposit an amount of tokens that will be held as long as they are mining. They will then be given some blocks to validate based on two factors: the amount of the stake (the more you have to lose, the more you are considered trustworthy) and a degree of chance (otherwise only the richest would be able to validate blocks).
• Slowness. A transaction takes about 15 seconds to process. It may be acceptable for some specific use cases, but not to decentralize existing applications which are already immediate. But PoS should solve this issue by reducing the time to 1 second.
• Scalability. For now, Ethereum can support up to 15 transactions per second (1.3 million transactions per day). That's really low compared its potential of use. In comparison, the VISA system can handle 24,000 transactions per seconds (theoretically). The good news here is that Ethereum is aiming to increase this limit to 1 million TPS by combining 2 technological solutions: sharding and a project named Plasma. The first one consists of splitting the network into fragments that would only process certain transactions (instead of processing them all), and the second one aims to conduct some transactions on a side chain which should free up the main chain. Casper is planned to arrive during 2019, while we will have to wait until 2020 or 2021 for sharding to show up.
• Cost. Every transaction has a price, called gas, which amount depends on the complexity of the contract. Users are used to a free and unlimited Internet, so having to pay for every transaction in your day-to-day life application may be a serious obstacle. The average gas price is almost $0.01. In a chat application where every sent message would be a transaction, it would be quite expensive to use Ethereum!

While Ethereum has a lot to address to allow their vision, they already have a plan for almost everything. But having to wait 1 or 2 years to see these problems solved, if everything goes well, put them in a risky situation.

2018 — EOSIO, Ethereum on steroids?

EOSIO (or simply EOS) has very similar goals to Ethereum. So instead of a full description, I am going to focus on what makes it different:

• Smart contracts are being executed within WebAssembly (abbreviated Wasm) virtual machine. In short, it is a new web standard allowing websites to run native code in the browser within a sandbox. Wasm could become a concurrent to Javascript for frontend development. In theory, you should be able to write EOS smart contracts in any of those languages (but for now C, C++, and Rust seem to be the most supported).
• EOS uses Delegated Proof of Stake (DPoS) as the consensus algorithm. It's very similar to PoS, except that there is a limited number of block producers (21). Even though letting all the power to 21 actors seems very risky, it relies on the community that can vote to fire untrusted producers. It is a new paradigm because the consensus algorithm is a hybrid between democracy where people elect delegates to represent them and a deterministic algorithm between the 21 delegates (which real identities are known). Interesting fact: EOS has a community-written constitution (any change can be applied with 15/21 voters).
• The last point allows EOS to get much better performances: up to 6000 TPS, and a transaction only takes about 1 second.
• EOS proposes a fee-less economic model (no gas to pay to run a transaction), the block producers will be rewarded with 1% of the yearly inflation.
• EOS also brings some higher level features like account/password recovery, human-readable usernames (instead of some long hexadecimal addresses) and a file storage solution. These features were usually offered by third-party services, having them integrated is an interesting experiment.

One of the biggest criticisms to EOS is that it is too centralized. They are definitely doing an interesting trade-off here and it's too soon to know if this choice is viable or not. On the other hand, it will probably make EOS evolution much simpler. In many blockchains, some important evolutions require breaking changes which resulted in splitting the community into 2 parts: those who wanted to continue with the old system and those who accept the evolution. Having some delegates should ideally offer more agility. You can read more about the different kinds of forks here.

Block.one, the company behind EOS has closed a $4 billion ICO to develop the ecosystem. The team behind the project is also renowned (CTO Daniel Larimer previously founded BitShares and Steemit). Their project is very ambitious as their main concurrent is already the de-facto solution for lots of blockchain projects. 2019 will definitely be an interesting year and both platforms will probably have to incentives users and developers to join them.

There are many other competitors like HyperLedger or Lisk and I may have forgotten some major ones. Feel free to share your thoughts in the comments.

When should you use the blockchain?

First of all, even if we are focusing on public (or permissionless) blockchains because they aim to decentralize the logic of an application, you should know that there is another kind: permissioned (or private) blockchains. They are useful in a project where not anyone should be able to contribute. The limit between these two kinds is not sharp, and there are also semi-pemissioned blockchains.

To sum up, here are the main benefits of a blockchain:

• No central authority: When using a system, you don't need to trust a third party and everything is verifiable and transparent.
• Data immutability: Once it is written on the chain, it is theoretically impossible to change it (except in case of an attack).
• Single source of truth: Due to the structure of the blockchain, you can know in a reliable way whether a token belongs to a user or another.

These features make blockchain particularly interesting to build traceability systems (in a supply chain for instance). But you can also use it to build the logic of a decentralized app: It helps you to get rid of the code that usually runs on your servers.

Here is a landscape of blockchain applications:

Source

So when should you use it? You will find lots of decision trees helping you to decide whether you should or not use a blockchain in a project. I find this one particularly relevant:

More details

However, I kinda disagree with the 5th question:

Do you intend to store large amounts of non-transactional data as part of your solutions?

If you read the second chapter about file storage, you would know that solutions exist to store large amounts of data in a decentralized way. It is then possible to store the transactions on the blockchain and some encrypted files off-chain.

Blockchain also brings a lot of complexity

While blockchain has a huge potential, don't forget that it will complexify your application:

Evolution will be complicated

Upgrading your smart contracts won't be very easy. Having a good architecture and thinking about all the features you will implement from day one is important.

Security as a priority

As we have seen previously, a simple mistake can cost a lot and you won't be able to fix it as easily as with a centralized server. That's why security must be a number one priority, and you should audit your smart contracts before deploying them!

More complex architecture

For performance and cost issues, you won't be able to handle all the logic of your application within your smart contracts. You will also often have to gather data from 3rd party API. To achieve that kind of things with the blockchain, you will have to use Oracles:

An oracle, in blockchain world, is an one-way digital agent that finds & verifies real-world data & cryptographically submits this information to the querying smart contract. An oracle is not the datasource itself but the layer that interfaces with data-sources & the blockchain; it’s a translator for information provided by a 3rd-party API that’s to be added to a blockchain. With oracles, smart contracts have a pathway to interacting with data outside of the immediate blockchain environment. — Blockchain Oracles: What They Are & Why They’re Necessary

A bunch of cool blockchain projects

Fizzy

Fizzy is a flight delay insurance. If you subscribe to it, it will automatically gather flight data from airlines and immediately compensate you in case your plane was delayed. I like this one because it brings transparency in insurance contracts which are often extremely complicated to decode. If you are interested in the technical implementation, check out this article.

FOAM

FOAM is introducing a crypto-mapping solution based on a Proof of Location. We already have GPS, what's the point? Well, GPS is a way for a device to know it's own location, but there is no way for another actor to verify if the coordinates provided by a device are real or not (it could easily falsify them). FOAM relies on a network of beacons that will earn tokens by validating devices location. This could be particularly interesting when used with IOT.

EXERGY

EXERGY is a peer-to-peer energy network. It allows you to buy and sell energy in a secure and transparent way from your neighbors inside a microgrid. What's interesting is that decentralization can also apply to other networks than the internet.