A recurring theme when discussing blockchain technology is that the data stored in its structure would be immune to alterations, intentional or not. However, this assertion is often met with a mix of enthusiasm and disbelief. How could this capability be achieved with electronic and electromagnetic media, precisely designed to be alterable?
The immutability of the blockchain is based on the application of two fundamental concepts: decentralization and consensus. The way these concepts are implemented varies widely among platforms, but in very general and simplified terms we can define them as:
Platforms leverage multiple decentralized instances to maintain multiple valid and identical copies of blockchain data. Each instance performs frequent checks on its data and those received from other instances; any discrepancies found are flagged, and consensus mechanisms allow the correct situation to be determined and the faulty copy to be recovered. This coordinated and redundant operation protects data against unauthorized changes and is essential for the blockchain's reputation for reliability.
The more instances there are, the greater the processing power verifying the validity of the data, the greater the number of alternative locations where data can be retrieved, and the clearer and easier it is to detect attempts to corrupt the data and even correct them. A malicious attempt to alter information externally would need to affect all (or at least a large portion) of the blockchain instances simultaneously to have any chance of success.
Platforms leverage multiple decentralized instances to maintain multiple valid and identical copies of blockchain data.
Thus, not immutability of the blockchain is not an 'intrinsic property', but rather a condition actively maintained by the network. A change is possible but would need to be accepted by a significant portion of the instances. And platforms add validation rules designed to make building a valid substitute blockchain a very costly task.
Private networks often have restricted access, fewer actors, and a specific design, while public networks allow new instances to connect 'on their own' and often have greater and more distributed processing power. They are distinct philosophies with the same goal of setting up a network where it is very difficult for a group of actors to mobilize enough processing power to force consistent changes.
A commonly implemented consistency checking method is the 'linking value': each new block needs to contain a value that depends on the data stored in the previous block. Changing an old block requires calculating the linking value to the next block, which requires recalculating this value for the next block as well, and so on until reaching the most recent block in the chain – that is, it requires recalculating and changing all blocks from the point you want to alter.
Another technique is to calculate and store a numerical verification code with several dozen digits for each block. This calculation is designed to be so laborious that it is called “proof-of-work.” In the Bitcoin network, for example, it is adjusted to take about 10 minutes, and solving it first is one of the main goals of 'mining' activity, often financially rewarded to create more interest in reinforcing blockchain security than trying to bypass it. Improper changes can be identified by checking this code.
Combining both techniques, a change in the blockchain not only becomes laborious but also proportionally more extensive and costly the older the blocks you want to change.
It is also common to record digital signatures that need to be compatible with the recorded data and required authorizations. Changing data would require obtaining new signatures from the involved parties, exposing the attempt.
There is a recommendation that a block in the Bitcoin network should only be considered immutable if there are already at least 6 other blocks recorded after it. Before that, the block may be replaced by another according to the platform's own consensus rules if a more suitable sequence of blocks is presented (in this case, longer). This applies to any block, no matter how old it is, but from 6 blocks deep (which take 1 hour to be 'mined'), it is considered that there are no more remaining consensus conflicts.
Other platforms operate on the same principle, such as Ethereum, where this waiting number is 12 blocks (which take an average of 3 minutes to create). Theoretically, these blockchains could be altered by definition, but in practice, only with recently added blocks would this be feasible.
But even the bitcoin network has already had to 'officially' break its immutability at times of need. In 2010, a bug in the network's basic software created over 92 million bitcoins in a single operation when only 50 would be expected. To fix this, most network actors agreed to alter the block from the moment of the failure identically (and eliminate all subsequent ones). This correction was a moment when data immutability was breached.
To be fair, this paradigm shift corrected a serious malicious attack (which was not related to data immutability), was done when the Bitcoin network had less processing power, and had the agreement of most actors. It was done quickly (a few hours), there were few blocks after the time of the error, and the consensus mechanism itself disseminated the adjustments after the adoption of the corrected versions.
Recently, several attacks have been reported on networks like Electroneum, Bitcoin Gold, and Litecoin Cash, among others. These are smaller public networks, allowing for greater processing power to be applied to attack them. Nevertheless, the attacks were made on recent blocks; affecting old blocks would have a much higher cost for the attackers.
A block in the Bitcoin network should only be considered immutable if there are already at least 6 other blocks recorded after it.
Private blockchain networks tend to have fewer participants and therefore often use electronic signature and authorization processes to prevent a group from forcing improper changes. A participant will have more assurances about immutability by maintaining their own decentralized instance on the network.
On the other hand, public networks rely on the large number of participants to maintain data immutability. Thus, even those who do not have an instance in the network can trust the recorded data, but this also has a negative impact on the time required to register information in an unalterable way.
As seen, the conditions under which data written on a blockchain can be considered immutable vary depending on the implementation used by each platform, the number of participants, and the processing power of the network. It is important to evaluate whether the established conditions meet the needs of each project.
Author: Márcio Marcelo Pelícia - Nov/2018