This section provides an overview of blockchain technology. The scope of this section is to introduce and present a generic view of the technology and to go beyond its well-known use for financial transactions. First, blockchain technology is introduced as a decentralized, trustless, and immutable database. It is further discussed how a consensus is achieved within such a distributed network of nodes, and the most common consensus algorithm is briefly discussed. Finally, the drawbacks of blockchain technology are shown.
Blockchain technology can be described as a trustless and fully decentralized peer-to-peer data storage that is spread over all participants that are often referred to as nodes. The blockchain is designed to hold immutable information once data is committed to the chain, and it is therefore a decentralized, distributed, and immutable database in which data is logically structured as a sequence of smaller chunks (blocks). Each block Bi>0 is immutably connected to a single preceding block Bi−1 through a cryptographic hash function H(Bi−1). Changes to Bi−1 would yield an invalid hash in Bi and all following blocks. The very first block B0 is called the genesis block and is the only block without a predecessor. In order to assure the integrity of a block and the data contained in it, respectively, the block is usually digitally signed.
For some applications, it is more useful to view a blockchain as a state machine . Each block contains a new state with the very last block representing the current state. Given the list of blocks and the data in this block, there is a unique and immutable order of transitions that lead to the current state.
The main features of blockchain technology can be summarized as follows:
Decentralization: Instead of relying on a single trusted entity, trust is spread across multiple or all participants, depending on the agreed-upon consensus algorithm . This does not only mean that multiple copies of a data item are stored on all nodes, but also that the integrity of the data is governed by many decentralized parties.
Immutability: Once data is committed to the blockchain and a sufficient number of participants have agreed on this state, the information is stored permanently and immutably. Changing the information contained in a particular block would require to also change all the following blocks up to the last block, which is considered to be infeasible [1, 11].
Scalability: The block rate, comprised of the throughput and propagation time of information, depends on the consensus algorithm and the number of participants. This can be a limiting factor for applications that require high throughput . Since all nodes hold a copy of the blockchain, scalability issues also arise in terms of the total amount of data that can be stored. Furthermore, in order to check the integrity of the blockchain, a new node needs to download a copy and validate the integrity of the entire chain. Note that more recent proposals for BFT-based consensus algorithms improved on this, e.g., .
Limited privacy: All data in the blockchain is publicly visible to all participants. Private or permissioned blockchains limit the range of disclosure. However, they do not cryptographically protect the data. In order to achieve privacy, additional layers, such as zero-knowledge proofs  or a commitment scheme are required .
In the originally proposed Bitcoin protocol from , the blockchain is used to keep track of coins, i.e., a public list of financial transactions and how many coins are owned by each participant. For this purpose, each transaction contains sender and receiver information, as well as the number of coins to be transferred. A number of such transactions – once confirmed by the peers – become a new block. Such a block also includes the hash of the previous block and is appended to the chain. The transactions are therefore permanently linked to the series of previous transactions.
This list of chained blocks is public, kept by all members in the network, and can be verified by all participants by checking the integrity of the new block and the correct calculation of the hash. Participants in the network are identified by a private-public key pair, which is often referred to as the ID or address.
A blockchain can be generalized to store arbitrary data. In its simplest form, a block Bi consists of the following data:
Hash of previous block hi: A cryptographic hash of the previous block, i.e., hi:=H(Bi−1), as described above.
Payload pi: Arbitrary data that is stored in this block. In many practical applications, this data has to follow a predefined pattern (e.g., transactions in Bitcoin or operations in Ethereum).
Signature si: A digital signature of the block data, i.e., si=σsk(hi|pi), signed with the secret key sk of the creator of the block. This signature can be verified by the public key pk.
In public blockchains, all participants can create and append new blocks. Once a new block is created and successfully linked to the chain, it is broadcasted to the network. If other participants receive such a new block and consider it to be valid (i.e., by verifying the signature, checking the hash, and checking the validity of the payload), they extend their local copy of the chain with the newly created block and eventually broadcast the block to other participants. If a block is invalid, it is discarded and does not become part of the chain.
Blockchains therefore boil down to the question of how to achieve consensus in a distributed network with potentially faulty participants. This is referred to as Byzantine Fault Tolerance (BFT), originally introduced in , together with optimal algorithms for a variable number of adversaries, up to one third of the participants. This has been further investigated for asynchronous networks, such as blockchains, by many others, e.g., [11, 16]. It must be noted, however, that BFT algorithms for asynchronous networks are only practical up to about 1000 participants  due to the incurred overhead of the cryptographic algorithms.
In , a practical solution for achieving consensus in asynchronous networks of millions of participants and under the presence of Sybil attacks, where one attacker is in control of multiple nodes, is presented. Bitcoin requires synchrony among nodes to achieve consensus and uses the Proof-of-Work (PoW) algorithm. In order to consider a new block to be valid, the participant who initially provides this block has to prove that a significant amount of work has been spent for creating this block. The node therefore varies the input of a cryptographic hash function in order to get an output that has a certain pattern, e.g., a certain number of leading zeros. This becomes a computationally expensive problem by exploiting the preimage resistance of cryptographic hash functions . Given such a hash function and its output h=H(m), it is practically infeasible to find m for a given h. In order to incentivize nodes to verify transactions and append new blocks (and thus spend time computing time and energy), the effort is rewarded in the form of newly created coins, referred to as mining reward. The process of creating new blocks is therefore also referred to as mining.
In practice, branches may occur, where one or more nodes create new blocks at the same time. Commonly, the branch that contains more work, i.e., the longer branch, is considered to be the valid one. PoW therefore prevents malicious nodes from forging data or—in the case of crypto currencies—from spending the same coin twice, also referred to as the double-spending attack. In order to create a valid branch, a malicious subset of nodes must control at least 50% of the computing power in the network . However, it is shown in  that there is a theoretical threshold of only 33% for specific attacks. The 50% threshold is improved by . Therefore, a blockchain does not require a single trusted party, but instead is trustless if at least half of the computing power used for creating and verifying blocks is spent by honest peers.
Furthermore, peers and transactions are pseudonymous in the sense that the sender and the receiver are only identified by their addresses and that a new pair of keys (and therefore a new address) can be created for every transaction. Further advances in blockchain technology are described in Section 4.
Despite the advantages of decentralization, trustlessness, and immutability, there are two major issues with current blockchain technology—scalability and power consumption . Scalability refers to the time needed for propagating, processing, and validating transactions. The higher the number of nodes is, the more limiting network bandwidth, overall storage space, and power consumption become.
The current power consumption (as of May 2018) of the Bitcoin network is approximately 70 TWh per yearFootnote 3. This is mainly caused by the approximately 35 exahashes per second (3.5 × 1019 H/s) which need to be computed for the PoW. Thus, for energy-sensitive use cases, using Bitcoin in its current state is not a sustainable approach.
Find more: Cryptocurrency try to turn private blockchain – Krypto-NFTs