This bit is fresh text and it isn't very good, but I need something like it. It comes from a discussion last night on my FB (which is currently all blerkchain all the time) over the idiocy of Proof of Work blockchains in business, and Permissioned Blockchain when you could just use a database cluster centrally administered. Suggestions welcomed - remember, this is for businesspeople and those who work for them in real jobs, who are intelligent but probably not techies.

---

Security threat models

If you want to work with people you trust less than those you trust now, you will need to be absolutely clear on how your blockchain is secured against attackers, both internal and external. What is your threat model? What attacks from the outside world do you need to protect against? What attacks from your fellows do you need to protect against? What do your security-conscious IT staff think?

Blockchain promises that it will let people who don’t trust each other work together. The trouble is that it does this only approximately, with startling inefficiency, and in a way that naturally recentralises to one or a few winners, as happened with Bitcoin.

You already work with other people and companies. Industry consortia, standards groups and so on are well-tested models. Blockchains do not offer a better way to do this.

.

Permissioned blockchains

Many business blockchains suggest a different consensus model, i.e. who gets to write the next block. Bitcoin-style competitive Proof of Work is stupendously wasteful; other models tend to be a form of just agreeing to take turns, because a bit of trust saves huge amounts of wasted effort.

An August 2015 blog post from Vitalik Buterin discusses “public”, “consortium” and “private” blockchains. Bitcoin and Ethereum are “public” blockchains.1 This comment chain on the post concisely summarises the innovations the private blockchain brings:

Andrey Zamovskiy: Let’s just admit that blockchain is simply a new type of replication algorithm for a database cluster. That’s it. Vitalik Buterin: Correct. Plus Merkle trees. The Merkle trees are actually important. Andrey Zamovskiy: Merkle trees have not been invented with bitcoin, they’ve just got an adoption.

A “permissioned” blockchain is otherwise known as “the most inefficient possible centrally-administered database cluster.” All proposals I’ve seen in the course of researching this chapter, if they turned out to do anything useful, could gain immediate vast improvements by just going to a conventional centralised database.

---

offcut that makes a point but makes it too densely, but isn't worth five paras:

Consider what you get with the right to write the next block, to pick which transactions go into that block, and (if your chain has currency-like tokens) to get the reward. If an attacker writes that block, what could they do? If your somewhat trusted sort-of-friend writes that block, what could he do that would be bad for you?

---

It occurred to me that others had probably asked this obvious question. So I googled "permissioned blockchain" "security" and it was mainly awful rubbish. (If your filter bubble is better than mine, please tell me if someone has answered this better.) This is an article featuring the actual leading lights of Bitcoin and Ethereum; as far as I can tell, they can't see the point of permissioned blockchains either.