Checking the Ledger: Permissioned vs. Permissionless Blockchains

Share this post:

Blockchain technology is all about dramatically increasing trust in business transactions. It will revolutionize the way we do business by making it impossible for participants to cheat. A permanent digitized chain of all transactions — grouped into blocks, the blockchain — means that participants cannot tamper with or deny past transactions.

Although the potential of blockchain is huge, it does not do away with the need for businesses to know with whom they are engaging in a particular transaction. For example, a retailer will still want to know that a supplier is reliable. While all blockchains record validated business transactions, only those that are “permissioned” blockchains ensure that you know who you are dealing with.

At the American Banker’s Blockchains + Digital Currencies conference today, permissioned and permissionless blockchains were debated. I, personally argued that while permissionless blockchains are interesting and will find their place in some niche applications, virtually all business applications will be on permissioned blockchains.

By taking trust-related friction out, in every industry, it will dramatically increase economic activity (I tell my kids I’m in the business of accelerating world GDP growth!) It will also drastically reduce inefficiencies by, for example, cutting out middlemen who act as trust intermediaries.

Regulations also play a role here. Banks need to know their customers comply with anti-money laundering and counter-terrorist-financing rules. US businesses need to know that the companies they deal with are not in countries on a US government sanctions list.

Also, business interactions on the blockchain, like any business interaction, can sometimes end in disputes. When disputes occur you need to know who you are dealing with in order to fall back on the legal system (see what happened with the recent DAO incident on the Ethereum blockchain).

This Ethereum incident is a powerful reminder of why we need permissioned blockchains. In a permissioned blockchain, no one would exploit a software bug to do anything illegal, like steal money, since they will be immediately identified! The incident also highlights the need for good governance.

Blockchain technology is software and like all software sometimes you run into bugs. When they occur, you need agreed upon mechanisms among the participants to move forward with fixes.

So, in order to conduct business on the blockchain, all participants — those who invoke business transactions and those who control and manage copies of the blockchain — must be known. In other words, a blockchain for business will necessarily be a permissioned blockchain. This is precisely why IBM is fully committed to the Linux Foundation’s Hyperledger project to build a permissioned blockchain for business.

Permission to move about the blockchain

The distinction between permissioned and permissionless blockchain, however, is not black and white. For permissioned blockchains, an essential notion is that of an identity service. But that identity service doesn’t have to share every part of your identity. There is a continuum ranging from total anonymity to full identification (like name and address, or fingerprint).

And in between there are applications where the identity service has to only share partial information; maybe just age or citizenship, or contact information. Sometimes identity means being able to prove that you are what you say you are (for example, being over 21 years old when you want to buy alcohol in the US), not who you say you are.

An identity service in a permissioned blockchain links information about business entities to the cryptographic keys used to digitally sign transactions. Naturally, this identity service cannot be controlled by a single entity; it has to be decentralized, making it impossible for any one entity to tamper with the identity service.

By keeping the information about each business entity as complete as needed or as sparse as needed you literally have a slider going all the way from a highly permissioned scenario on the one end, to a near permissionless scenario on the other.

Blockchain has great potential, but in order to be useful, it has to be permissioned and have proper governance to resolve issues. This is why IBM has partnered with the Linux Foundation on the Hyperledger Project.