In 2008, Satoshi Nakamoto published an ingenious paper sketching the idea and architecture to implement a peer-to-peer digital cash system called Bitcoin. The system was launched in 2009 and, since then, has kick-started a wave of digital innovations related to blockchain.

The meaning of blockchain is literal – it refers to a way of storing data in a “chain” of blocks. These data blocks are connected in a sequential “chain” structure using their cryptographic summary called hashes (see Nakamoto 2008; figure reproduced below). A hash value is a numeric summary of a fixed length that is uniquely associated with the data used to produce it. It is computed by applying a mathematical hash function to the data. Because the hashes are highly sensitive to the stored data and no one can deterministically create a specific hash value, chaining them together creates dependency among the data and thus enhances their integrity.

However, we must ensure that no one can (maliciously) change the data and re-generate all hashes to fool other users. This is accomplished by replicating the entire blockchain across a network of validators, who are responsible for verifying existing blocks and creating new blocks to store future data. Such replication and collaborative processing of the blockchain prevents anyone from unilaterally changing the data without being detected by others. Because of this feature, a blockchain is often called distributed ledger technology (DLT).

The ability to guarantee data integrity in a distributed collaborative environment without the need for a trusted central administrator is appealing. Take property transactions as an example. In Hong Kong, all property transactions are handled by solicitors who check that all title and mortgage deeds are complete, and funds are available. Imagine if we now record all property transaction information into a blockchain that is jointly maintained by a large network of independent validators. We can track the history of the ownership and deed information of a property by directly reading the data from the blockchain without worrying about errors or frauds. This helps save the solicitor time and costs.

Because of its power to facilitate trustworthy transactions without a trusted central party, blockchain has been tipped to be the next generation of the Internet. To many enthusiasts, it is not a matter of whether we should use blockchain, but when. In fact, many companies and even governments in some countries are planning to migrate their services to blockchain.

Before we embark on the blockchain journey, however, we must remember that blockchain does carry some unique characteristics. Its data are trustable because multiple parties work together to verify and maintain the blockchain. Hence, it does not make sense if the entire blockchain is maintained by a single entity or organization, because it can then change any data within the blockchain without detection.

Trust in Blockchain

In fact, the value of blockchain lies heavily in whether trust is endowed in the service provider. The pioneering permissionless (aka public) blockchain, Bitcoin, assumes that no trust is placed in any single entity. Hence, it can be used as a completely decentralized digital cash system for peer-to-peer payments. Similarly, Ethereum, another popular public blockchain, facilitates tamper-proof execution of smart contracts in a truly decentralized environment.

However, most people have no problem in trusting the financial institutions issuing our money or credit cards, or service providers handling our commercial transactions. To many people, having a central administrator is preferred because of the extra values it provides. For example, a bank guarantees that our money will not be stolen if we lose our credit cards and we can still access our account even if we forget its number. In the case of Bitcoin, once your fund is transferred out of your wallet or you lose the access key to your wallet, your Bitcoin is gone, forever.

Therefore, the value of blockchain depends on whether we trust other parties to handle our data and the degree of control and transaction speed desired. The following framework is helpful:

In general, if we trust the organizations handling our data, a conventional database or enterprise system will suffice. We can extend the system to a distributed architecture with clearly defined roles and regulations if collaborative processing is necessary. For example, in most countries, government systems and services are trusted and often distributed, sometimes in collaboration with other statutory or private organizations, but nonetheless managed by a single authority. For these services, a blockchain may not add significant value.

If, however, we do not have full trust in our trading partners (as in the property transaction example), a blockchain may be helpful. The disadvantage of using a permissionless blockchain is that we cannot control how the validators work. Permissionless blockchains also tend to be less efficient as it takes time to manage the block creation and confirmation process among a large number of un-coordinated validators. Currently, it takes around 10 minutes to confirm Bitcoin and 15 seconds to confirm Ethereum transactions. Such latency makes permissionless blockchains an undesirable choice for applications that require real-time, instantaneous confirmations.

Hence, if control and efficiency are important, we may consider using a permissioned (aka private or consortium) blockchain, which delegates exclusive roles to selected participating parties in validating transactions and creating the blocks. It is more efficient because we can coordinate all processing related to the blockchain. The transactions are still tamper-proof and trustworthy because the blockchain is replicated across a consortium of members. In other words, the members collaborate to ensure that no one can unilaterally change the data.

Use with permission

The drawback of using a permissioned blockchain is development cost. It takes effort to develop a native blockchain that is secure against malicious attacks or programming errors especially when we want fast transaction throughput in a highly-distributed environment with massive replication of data. The cost of developing applications on public blockchains such as Ethereum is relatively lower because the blockchain itself is proven to be secure and functioning properly.

Forming a consortium that shares a common goal and motivation is not trivial either. Even if we can line up the participating parties, how to incentivize them to validate transactions and maintain the blockchain in an ongoing basis remains an unsolved problem. In fact, the need for trust is not entirely removed in a permissioned blockchain – we must have faith in the consortium, that other members will not collude to manipulate the data. The following figure provides a high-level characterization of the permissionless-permissioned blockchain continuum.

Last, regardless of blockchain types, we must recognize that it ensures integrity only when the data are accurately presented. It cannot address the “last mile” problem between digital data and physical entities. Referring to our property transaction example, if the deeds are misrepresented, recording them on a blockchain will not make them usable or legitimate.

To conclude, blockchain may transform businesses especially in settings where trust and data integrity are the top priority. However, we will not be able to unleash its full potential without a good grasp of its characteristics and capability. It is time for business leaders to go back to the drawing board and sketch how a blockchain can play a role (or whether it should play a role at all) in their business applications, processes, or innovations.


Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System (