Blockchain and the Slim Risk of a “51% Attack”

Aside from a blockchain’s application to BitCoin, variants of blockchain have made inroads as a distributed ledger for other applications in finance and allied industries. The allure of blockchain is its validation mechanism, its secure transaction history and its low-cost record keeping. Recently blockchain has been used in such diverse fields as health records and elections voting.

Blockchain was originally conceived as a way to securely track BitCoin transactions and avoid the need for a government intermediary who would oversee the integrity of transactions conducted in BitCoin. The aversion to government intermediaries still applies to BitCoin and other cryptocurrencies, such as Etherium, Ripple, Litecoin and Dash. Some non-currency applications rely on community validation of transactions, just as the cryptocurrencies do.

In a community focused on a non-currency application, the network of members may conduct transactions, collect transaction records into blocks and then offer their collective opinion on whether that block is valid for addition to the existing blockchain. “Once a majority of nodes reaches consensus that all transactions in the recent past are unique,”… they are cryptographically sealed into a block. Each new block is linked to previously sealed blocks to create a chain of accepted history, thereby preserving a verified record of every transaction.

When that process is applied to cryptocurrencies, some of the community members act as “miners,” because they do the work to establish that the block of transactions is valid and could be added to the existing blockchain. When their block receives approval from a majority of the community, they are paid a reward and the block is appended to the existing blockchain.

Blockchain could be tampered with if more than 50% of the community’s computing power is controlled by one player and if he rewrites all the previous transactions (highly impractical). Such tampering is called a “51% attack,” but when there are a large number of active community members, the chance of a successful 51% attack is exceedingly small.

West Virginia ran a trial of blockchain applied to the May 8th primary election for two counties. The purpose was to improve the voting experience for “secure military mobile voting.” The WV  blockchain application “uses biometrics to verify the voter’s identity, then records the vote from the mobile device onto a chain where it is verified by a third party.” In the past, overseas voters have had to contend with non-private and unreliable (or unavailable) postal service and fax service when registering their vote. The WV trial served just a small number of voters, but it seems to be a technical success. However, it is unclear if the “third-party” verification is the most trustworthy way to validate the votes as cast.

Google is working on a health record system with attributes similar to blockchain technology. The chain would be a collection of all data from patient interactions, and it would allow professionals offering treatment to access the data. Any access made to the data and the reason for the access would be recorded in a separate chain, providing an audit trail. Instead of being distributed, the patient interaction chain would be centralized and would rely for its validation on hospitals and major health care bodies, such as government and relevant professional associations (e.g. the AMA). If this is expected to gain consumer support, it will need to be thoroughly isolated from Google’s main business that collects and sells individuals’ private data to advertisers.