Trusting the private/permissioned blockchain infrastructure provider

Question

Private/Permissioned blockchains allows us to create a network and multiple organisation can join into the network by having their own peers. For a transaction to happen multiple parties need to agree. But the question is, we are using thirdparty infrastructure provider like IBM,Amazon to run the blockchain network for us. How can i trust IBM/Amazon.

If i want to trust IBM, then we can maintain centralised ledger there itself right? Am i missing something?

Answer 1

Definitions are important here.

Blockchain

First of all, the terms "blockchain technology" and "the blockchain" are overused, often meaningless terms that have different meanings in different contexts. A blockchain is just a data structure similar to a linked list. Blocks of data reference their previous block by including their digital fingerprint or hash in their block of data. If a previous block is modified, then all the following hashes will be different and it is easy to detect if the data has been tampered with. This is not really a new concept (e.g. merkle trees).

Proof of Work

Proof of work extends the blockchain data structure by providing rules (agreed to by network participants) that enforce how much work must be done before a hash is accepted as valid (it must meet a maximum value threshold). The lower the threshold, the more work must have been done (on average) to calculate the block hash. Providing a valid block hash becomes a proof-of-work. This can make it much more difficult to modify past blocks, as the same amount of work must be done in order for the network to accept it as valid, thus distributed consensus can be achieved. This is why "blockchain technology" was invented, to achieve distributed consensus without relying on a third party. "Blockchain technology" is not really that interesting without the proof-of-work component and so it depends on what your definition of "blockchain technology" happens to be.

Private/Permissioned Blockchains

In the private/permissioned blockchain model, nodes are only allowed to join the private network if they get permission. Not everyone can participate in consensus. Thus, consensus is controlled by the authority or authorities who allow new participants.

Private, permissioned blockchain applications may or may not use proof of work, and do not allow anyone to join and participate and contribute to consensus by providing proof-of-work. Because the authority gets to decide who contributes to consensus, it is not a distributed consensus, but a federated consensus. If an actor becomes malicious, or doesn't align with their goals, they can be removed from the network. This is not the case with a distributed network, the work can be rejected, but they can keep attempting to submit work.

Okay. But i have seen that so many big corporates are moving to IBM blockchain and also lot of projects on Hyperledger is coming up. Are you saying that it all is a crap?

I can't comment on projects without specific references, but I think one could assess whether or not it makes sense to use "blockchain technology" as defined above, for a given project. If it does not need to achieve distributed consensus, there are much less expensive, energy intensive ways to manage data, like a database, but I wouldn't consider that "blockchain technology".