Hardware instead of hard forks: Accenture plans to end blockchain security controversy

Baozou Comment : The blockchain field is seeking to transform and upgrade the cryptocurrency mining mechanism, so related hardware products should also be adjusted to match its security level. For example, consulting company Accenture integrates Thales' hardware security module to solve the problem of low security of existing distributed solutions. Accenture hopes to replace hard forks with programmable blockchains, without the need to revoke transactions, but to modify transaction history through private keys.

Translation: Annie_Xu

The ethereal world of blockchain technology is gradually converging towards more concrete, scalable solutions.

As large institutions begin to explore software concepts that rethink or replace Bitcoin’s proof-of-work mechanism, companies involved in these products will also need to seek hardware solutions to achieve the level of security they expect from distributed ledgers.

Recently, Accenture, a $75 billion consulting firm, unveiled a patent-pending security layer that integrates hardware security modules (HSMs) from Thales, a global security solutions company that is currently protecting passwords and encrypted data for some of the company’s most valuable assets.

While the distributed nature of blockchain itself is designed to ensure the integrity of each transaction, applications of the technology and distributed solutions with fewer nodes (and therefore less protection) remain vulnerable, according to Accenture managing director David Treat.

David Treat

In a conversation with CoinDesk, Treat said his company’s decision to integrate existing, government-certified hardware is not just about selling a new product to existing and future customers. Rather, it’s about entering the space by actually deploying a blockchain solution.

“We are focused on building this HSM integration layer as part of an overall innovation effort that is currently underway to consider all the elements required for blockchain systems to move from proof of concept and prototype development to production.”

Eliminate disputes

In the Accenture and Thales integration, the private keys necessary to conduct transactions are stored on nShield hardware that is jointly certified by the US National Institute for Standards and Technology (NIST) and the Canadian Communications Security Establishment.

Created in London with support from Accenture’s Rome team, the secure system was initially based on Hyperledger’s Fabric platform and integrated with Thales’ nShield HSMs, and has already been used by the French company to protect UK taxpayers, Samsung phones and fighter jets.

The unbranded blockchain integration system is expected to be officially named later this week, along with a new website that will integrate with any number of competing distributed ledger, blockchain and HSM solutions.

Treat positions hardware as part of blockchain’s natural evolution as regulators, existing financial infrastructure providers and banks take advantage of the benefits of faster settlement times and the auditability of a shared trusted ledger, but hesitate over some security and privacy issues.

Rather than storing the private keys necessary to confirm identity in the protocol’s application layer, the Accenture solution keeps them in the HSM physical architecture.

“This eliminates the debate about key security, and if you look at the high standards we adhere to in relation to current security infrastructure certifications, the answer is even simpler.”

Hardware competition

Accenture hasn’t yet decided how to market this “blockchain-agnostic” integration layer, or at least hasn’t announced it yet. But a closer look at the emerging blockchain hardware ecosystem will reveal more.

One of the unanswered questions for Accenture is whether the integration layer will be sold through a subscription model or a flat rate. However, Accenture’s target customers are relatively clear.

Treat told CoinDesk that clients who already have the company’s HSM solution will be able to ask Accenture to integrate it into their blockchain or any other blockchain. On the other hand, new clients or those with “higher security needs” will buy a hardware stack from Thales or another HSM provider “and install our integration layer on top of it.”

What sets Accenture apart from the recent crop of consulting firms offering blockchain services is that it is the first to join the fast-growing blockchain hardware industry.

Until now, blockchain infrastructure providers have tended to charge a periodic service fee, while cryptocurrency firms have charged fees based on the size of transactions.

For example, IBM currently charges $10,000 per month for blockchain users to securely access its HSM network, while venture-backed Xapo gives clients free access to offline and “geographically distributed deep” databases, charging only fees for the transfer of funds associated with an account.

But perhaps the most suggestive example of the emerging industry is Intel’s Software Guard Extensions (SGX) — hardware designed to isolate cryptographic keys and other valuable information. SGX has been proposed for both general blockchain applications and specific cryptocurrency use cases.

In each case, concerns about using the hardware quickly became apparent.

Last year, when Intel proposed to deploy SGX at the heart of the Sawtooth Lake blockchain project, it sparked a debate about whether to use trusted hardware to run the network, and the potential for running without trust. A few weeks later, IC3 (CryptoCurrencies & Contracts) proposed using SGX to help Bitcoin scale, sparking a similar debate again.

Pushing the limits

Jon Geater, CTO of Thales, agrees with David Treat of Accenture that the flaw in blockchain lies not in the technology itself, but in the way it is implemented.

Treat confirmed this concern by highlighting in the interview that exchanges like Mt Gox and Bitfinex were hacked due to poor key management.

But Geater, who helps Accenture integrate its software into its corporate hardware, is more concerned about the potential limitations of small private networks in creating assets more complex than cryptocurrencies.

Furthermore, for private networks with fewer than 5,800 nodes on the public bitcoin network, Geater believes the ability to protect each node from a variety of potential attack vectors is even more important.

“When you have a small population, some of these threats become more real, so having hardware that you can trust is obviously more for peace of mind and better for application velocity and business agility.”

Geater’s concerns about highly regulated digital assets, along with the issues mentioned above, make certified hardware key to widespread industry adoption, he said.

However, not everyone sees it that way. Accenture’s controversial plan to make distributed ledgers more palatable to traditional financial infrastructure providers and other regulatory agencies is part of its plan to integrate blockchain security features into third-party hardware.

“Programmable blockchain”

In December, Accenture published an article in the New York Times outlining its vision of a “programmable blockchain” that does not rely on consensus-driven hard forks to undo transactions, as Ethereum does; instead it relies on the ability to edit history using highly secure private keys.

While critics argue that the idea is antithetical to the potential benefits of a distributed network, Geater believes that programmable blockchains combined with certified secure hardware are the only way to get financial industry leaders to truly embrace the technology.

“In the real world there are revocations, there are lawyers, there are disputes, and you need to program all of those processes and authorities into the system.”

“While Bitcoin is almost entirely anti-authoritarian and anti-centralized, what Accenture is doing is taking most of the advantages of the technology and applying it to cases where businesses have some legal authority to make decisions.”

The debate over whether hardware, hard forks, or other solutions are preferable has yet to be resolved, and early solutions around standards have emerged.

But Treat believes that editing the blockchain and the hardware that protects the keys to these important editing rights is inevitable.

“Designing a solution is part of the solution, and we will absolutely store shards of these keys in HSMs to increase people’s trust in the system.”

Geater concluded that the more complex blockchain deployments become than cryptocurrencies, the more imaginative solutions are needed.

“That doesn’t translate to other use cases; even if you’re trying to implement compliance requirements or multi-asset trading instead of cryptocurrencies, that doesn’t translate that quickly; when you try to overlay a real business relationship and implement it with blockchain concepts instead of using blockchain itself, it doesn’t apply.”