Practical Applications of Blockchain Technology in the Certification Industry
Are there practical applications of Blockchain technology in the certification industry? Exactly this question was the topic of my talk at BIOFACH Congress 2019 in Nuremberg on February 14. Invited to a top-class session led by the renowned industry expert Gerald A. Herrmann, I had the opportunity to present an untypically critical view on this hyped technology. This article is a transcript of my talk and includes a live audio recording as well as the presentation slides.
The Current State of Blockchain Technology
Today, I am going to take you on a 12 minute journey—that’s the time I am allowed to speak—where we explore the hype around Blockchain technology, take a look at its potential and its limitations, and see what a practical application of Blockchain technology can look like in the context of the certification industry.
Let’s start with the basics: what is Blockchain technology?
It is the technology behind Bitcoin and other cryptocurrencies. That’s what most people know about it. But there is more. It is the holy grail that can solve any problem across all industries. [Audience laughs] Well, only one of these two statements is true. I think you can already guess which one is not.
It is the holy grail that can solve any problem across all industries.
Yes, of course, there are numerous possible applications of blockchain technology in all kinds of industries and verticals, and we already see a lot of test balloons rising. However, blockchain is far from being production ready at the moment. And that’s not only my personal view on it. That’s for example what Gartner says, or McKinsey says.
Time for Disillusionment—or the Pathway to Realistic Expectations
Garnter expects Blockchain to reach production readiness in about five to ten years from now, which is illustrated in the Gartner Hype Cycle, which you can see in the slide below.
Gartner regularly publishes hype cycles, an illustration of where a certain new or emerging technology is on its way to production readiness. You typically see a hype as the technology emerges, because people think: oh, that’s new! That’s cool! You can do this and that … but they don’t really understand it yet. So, there are a lot of inflated expectations about what this technology can do before they realize: it can’t.
Then, there is a lot of disillusionment going on and if you follow this topic in the media at the moment, you will recognize that we are already in that phase of disillusionment. Half a year ago, McKinsey still recommended to go for Blockchain technology, but now warns to step back from adopting it, at least on a production level.
So, it is time to lower our expectations to a realistic level, with a good starting point being a definition of Blockchain technology, which will help us to better understand what I will be talking about next.
Blockchain basically is an append-only database. You can only add data to it, you cannot delete it. It is stored there, and it is replicated to multiple nodes in a distributed computer network, so that each piece of data is not only stored on one single server but on multiple servers in the computer network. This means that you don’t have this single point of truth, which can easily become your single point of failure. And that’s one of the big benefits of Blockchain technology, of course.
Why is it called Blockchain? Data on a Blockchain is stored in so-called blocks—hence the name. Apart from the data that is stored in each block, you also have a time stamp in each block, and a cryptographic hash of the previously-created block. So you have that chain of blocks, a history of all the data you have entered into the blockchain, and you can not tamper with that history. You will always know this data has been entered at that point in time, and that afterwards. If you enter wrong data you will have to correct it, but you cannot delete it. You will always see that there was this failure, that there was wrong data entered.
A Practical Example from the Certification Industry
If we talk about the certification industry, if you issue a certificate and would want to store that certificate on a Blockchain, you could see: okay, that’s the certificate issued at that point in time. You could also see if the certification status has been revoked at a later point in time because of an incident, and you would always be able to see that there was no valid certification for that time period, for example.
And that’s why a lot of people are interested in bringing certification data onto a Blockchain, or supply chains onto a Blockchain, because it gives you, on a data level, transparency and, well, integrity. You know that the data that is on that system can’t be tempered with. You know that there is no fraud, at least at the technical level.
Blockchain ≠ Solution
But of course, Blockchain technology is only a tool. It is not more than that. It is not a solution to problems that are not related or caused by the technology itself. If you have fraud in your supply chain, Blockchain won’t help you to solve it. If a farmer sprays pesticides on his crop, on his mangos, he could enter into a blockchain system that they were organic and you would not know. So, Blockchain cannot replace a trusted third party such as a certification body. You will need them to verify that the data entered onto such a system is valid, is trustworthy.
Avoid the Hype—But Start Evaluating
And that’s also what Gartner says, in general, about Blockchain. Avoid the hype. It’s too early. And don’t expect Blockchain to solve your problems that are not caused by the technology itself. And they also say: „…much of what is on the market as an enterprise ‚blockchain‘ solution“, at the moment, „lacks at least two of the five core components“ of Blockchain: „Encryption, immutability, distribution, decentralization and tokenization“ (Gartner Top 10 Strategic Technology Trends for 2019).
So if you hear about Blockchain solutions out there right now, the chances are high that they are not true Blockchain solutions. So much for production readiness.
But they also say that businesses should start evaluating the technology, explore its potential and see what you can realistically do with it. And that’s exactly what we did.
Intact’s Whitepaper About Blockchain in the Certification Industry
We teamed up with the Blockchain Hub network—a network of Blockchain experts who do pilot projects etc.—and explored the potential of Blockchain technology in the certification industry. So, we already work with a lot of certification bodies and standard setters, and we figured out that a viable way of implementing Blockchain technology would be to put the last step in the certification process, where you issue a certificate and have your certification data available, onto a Blockchain system.
We already do that, but not on Blockchain. We have certificate verification via QR code—so, you print a QR Code on the certificate, you can scan it, and then you can get the live certification status, the current certification status of that farmer, as can be seen on the slide below.
This allows you to see if the certificate is still valid or not, because the certificate itself, as a piece of paper or as a PDF file, is not worth much. It says that it expires on a certain date, but you don’t know if there was some sort if incident that lead to the revocation of the certification status.
Now, we wanted to see if it was possible to add more security, more transparency, more integrity if we implemented Blockchain technology, if we brought that onto a Blockchain system.
There Is More Than One Blockchain—Which To Choose?
The first Blockchain ever is the Bitcoin Blockchain. It was launched in 2009 and it is designed for financial transactions. Its performance is really bad and the script language to program it is really complicated. So, Bitcoin Blockchain is not the way to go if you are not in the financial sector. However, Bitcoin is not the only Blockchain.
There are many Blockchains out there by now with one of the most popular and powerful ones being the ethereum Blockchain. ethereum is different to Bitcoin, because it allows for the execution of so-called smart contracts. So, in other words, you can write a little piece of code, a small computer program that you can execute in a virtual machine on that Blockchain. So, you can run a small piece of computer software on that Blockchain, which allows you to store certification data there if the certification status is positive.
That would be a suitable Blockchain system for our scenario. However, it only has the performance of typical smartphone—the entire ethereum Blockchain, worldwide. So, rather limited. And that’s the point where we come to the limitations of Blockchain technology.
Limitations of Blockchain Technology
With Blockchain you always have limited scalability. In the case of ethereum, you only have the processing power of a typical smartphone, and you have to share that with the entire world, with everybody using the ethereum Blockchain. And you only have limited storage capacity per block, which, in combination with performance limitations, drastically limits the amount of data you can store in a day.
You also have high running costs, because Bitcoin and ethereum are public Blockchains—everybody can read, everybody can write—and they involve transaction fees. If you want to write to the Blockchain, you have to pay for it. You have to pay Bitcoins, for example, because someone offers their hardware to do all the calculations needed. That can get very expensive very quickly.
Finally, there are also legal limitations. Maybe not so much in the US, but definitely in the European Union where we have the General Data Protection Regulation (GDPR), which forces you to follow anybody’s request to delete their personal data. As we already heard, you can’t delete anything that is stored on a Blockchain. It will always be there. As a result, you are not allowed to store personal data on a Blockchain. In the organic industry this might not be a huge issue, but if you are in personell certification you have a problem and can’t go on a Blockchain.
What Does This Mean in Practice?
Storing a typical certifacte—the PDF file—is very expensive. The size of a typical certificate out of our system would be around 387 KB per file. If you wanted to store that onto the ethereum Blockchain, this would involve transaction fees that are subject to a certain exchange rate to the currency you use.
In scenario 1, on September 23, 2018, it would have cost us 719.82 USD to store that certificate on the ethereum Blockchain. In scenario 2, on January 6, 2018, it would have cost you even 23,723.10 USD to store that same certificate. So, a clear no-go.
But there is even more. Storing certificates onto a Blockchain would also not be a viable solution in terms of performance. Even if costs were not an issue, you would only be able to store 192 certificates a day, provided that you use the entire ethereum Blockchain on your own, and nobody else.
The conclusion: too expensive and not practical.
The Practical Solution
So, what can a practical solution look like. The thing is, you don’t have to store an entire certificate onto a Blockchain. You don’t have to store all certification data linked to that certificate onto a Blockchain. You only need some sort of unique identifier that allows you to verify that the data you are accessing at the moment are valid. And that identifier can’t be tampered with if it is on a Blockchain. So, you can create a cryptographic hash, a unique identifier calculated based on a file. You have your PDF file or the certification data and you run an algorithm on it, and the output of that algorithm is that hash. Only if the file is the same, it will match with that hash and thus prove the file’s authenticity.
The way to go is to store only a cryptographic hash of the certification data onto the Blockchain. That would be possible, would not cost that much, and would be doable in terms of performance.
Furthermore, you also would not want to go for a public permissionless Blockchain where everybody can read and write. You’d rather want to go for a public permissioned Blockchain, where everybody can access to read but only certain parties are allowed to write. You, of course, have to trust that parties, but certification bodies could, for example, take over this part in our scenario. This would be an independent system but still linked to the ethereum Blockchain.
To get an idea of what this could look like, you can scan the QR code below. It will direct you to a test dummy and not a real database, but it uses a cryptographic hash stored on a Blockchain to get you there.
Subscribe to Get Intact’s Blockchain Whitepaper
To learn more about the technical details of this approach, best subscribe to Intact’s newsletter and get notified as soon as we publish our Blockchain whitepaper. Also, feel free to get in touch with me in case of any questions or requests.
Subscribe this blog and receive email notifications on published posts.