Blockchains for Business Process Management - Challenges and Opportunities

Article (PDF Available)inACM Transactions on Management Information Systems . In press, accepted(1) · January 2018with 17,691 Reads 
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
DOI: 10.1145/3183367
Cite this publication
Abstract
(Note that we have updated the paper to the accepted version on 23 Jan 2018) Blockchain technology offers a sizable promise to rethink the way inter-organizational business processes are managed because of its potential to realize execution with- out a central party serving as a single point of trust (and failure). To stimulate research on this promise and the limits thereof, in this paper we outline the challenges and opportunities of blockchain for Business Process Management (BPM). We structure our commentary alongside two established frameworks, namely the six BPM core capabilities and the BPM lifecycle, and detail seven research directions for investigating the application of blockchain technology to BPM.
Advertisement
Blockchains for Business Process Management - Challenges and Opportunities 0:1
Blockchains for Business Process Management - Challenges
and Opportunities
JAN MENDLING, Wirtschaftsuniversität Wien, Austria
INGO WEBER, Data61, CSIRO, Australia
WIL VAN DER AALST, Eindhoven University of Technology, The Netherlands
JAN VOM BROCKE, University of Liechtenstein, Liechtenstein
CRISTINA CABANILLAS, Wirtschaftsuniversität Wien, Austria
FLORIAN DANIEL, Politecnico di Milano, Italy
SØREN DEBOIS, IT University of Copenhagen, Denmark
CLAUDIO DI CICCIO, Wirtschaftsuniversität Wien, Austria
MARLON DUMAS, University of Tartu, Estonia
SCHAHRAM DUSTDAR, TU Wien, Austria
AVIGDOR GAL, Technion - Israel Institute of Technology, Israel
LUCIANO GARCÍA-BAÑUELOS, University of Tartu, Estonia
GUIDO GOVERNATORI, Data61, CSIRO, Australia
RICHARD HULL, IBM Research, United States of America
MARCELLO LA ROSA, Queensland University of Technology, Australia
HENRIK LEOPOLD, Vrije Universiteit, The Netherlands
FRANK LEYMANN, IAAS, Universität Stuttgart, Germany
JAN RECKER, Queensland University of Technology, Australia
MANFRED REICHERT, Ulm University, Germany
HAJO A. REIJERS, Vrije Universiteit, The Netherlands
STEFANIE RINDERLE-MA, University of Vienna, Austria
ANDREAS SOLTI, Wirtschaftsuniversität Wien, Austria
MICHAEL ROSEMANN, Queensland University of Technology, Australia
STEFAN SCHULTE, TU Wien, Austria
MUNINDAR P. SINGH, North Carolina State University, United States of America
TIJS SLAATS, University of Copenhagen, Denmark
MARK STAPLES, Data61, CSIRO, Australia
BARBARA WEBER, Technical University of Denmark, Denmark
MATTHIAS WEIDLICH, Humboldt-Universität zu Berlin, Germany
MATHIAS WESKE, Hasso-Plattner-Institute, Universität Potsdam, Germany
XIWEI XU, Data61, CSIRO, Australia
LIMING ZHU, Data61, CSIRO, Australia
Authors’ addresses: Jan Mendling, Wirtschaftsuniversität Wien, Vienna, Austria, jan.mendling@wu.ac.at; Ingo Weber,
Data61, CSIRO, Sydney, Australia, ingo.weber@data61.csiro.au; Wil van der Aalst, Eindhoven University of Technology,
Eindhoven, The Netherlands, w.m.p.v.d.aalst@tue.nl; Jan vom Brocke, University of Liechtenstein, Vaduz, Liechtenstein, jan.
vom.brocke@uni.li; Cristina Cabanillas, Wirtschaftsuniversität Wien, Vienna, Austria, cristina.cabanillas@wu.ac.at; Florian
Daniel, Politecnico di Milano, Milan, Italy, orian.daniel@polimi.it; Søren Debois, IT University of Copenhagen, Copenhagen,
Denmark, debois@itu.dk; Claudio Di Ciccio, Wirtschaftsuniversität Wien, Vienna, Austria, claudio.di.ciccio@wu.ac.at;
Marlon Dumas, University of Tartu, Tartu, Estonia, marlon.dumas@ut.ee; Schahram Dustdar, TU Wien, Vienna, Austria,
dustdar@tuwien.ac.at; Avigdor Gal, Technion - Israel Institute of Technology, Haifa, Israel, avigal@technion.ac.il; Luciano
García-Bañuelos, University of Tartu, Tartu, Estonia, luciano.garcia@ut.ee; Guido Governatori, Data61, CSIRO, Brisbane,
Australia, guido.governatori@data61.csiro.au; Richard Hull, IBM Research, Yorktown Heights, United States of America,
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee
provided that copies are not made or distributed for prot or commercial advantage and that copies bear this notice and
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:2 Mendling, J. et al
Blockchain technology oers a sizable promise to rethink the way inter-organizational business processes
are managed because of its potential to realize execution without a central party serving as a single point of
trust (and failure). To stimulate research on this promise and the limits thereof, in this paper we outline the
challenges and opportunities of blockchain for Business Process Management (BPM). We rst reect how
blockchains could be used in the context of the established BPM lifecycle and second how they might become
relevant beyond. We conclude our discourse with a summary of seven research directions for investigating
the application of blockchain technology in the context of BPM.
CCS Concepts:
Information systems Enterprise information systems
;Middleware business process
managers;
Applied computing Business process management
;
Software and its engineering
Software development process management
;
Computing methodologies
Modeling and simulation;
Additional Key Words and Phrases: Blockchain, Business Process Management, Research Challenges
ACM Reference Format:
Jan Mendling, Ingo Weber, Wil van der Aalst, Jan vom Brocke, Cristina Cabanillas, Florian Daniel, Søren
Debois, Claudio Di Ciccio, Marlon Dumas, Schahram Dustdar, Avigdor Gal, Luciano García-Bañuelos, Guido
Governatori, Richard Hull, Marcello La Rosa, Henrik Leopold, Frank Leymann, Jan Recker, Manfred Reichert,
Hajo A. Reijers, Stefanie Rinderle-Ma, Andreas Solti, Michael Rosemann, Stefan Schulte, Munindar P. Singh,
Tijs Slaats, Mark Staples, Barbara Weber, Matthias Weidlich, Mathias Weske, Xiwei Xu, and Liming Zhu. 2018.
Blockchains for Business Process Management - Challenges and Opportunities. ACM Trans. Manag. Inform.
Syst. 9, 0, Article 0 ( 2018), 17 pages. https://doi.org/0000001.0000001
1 INTRODUCTION
Business process management (BPM) is concerned with the design, execution, monitoring, and
improvement of business processes. Systems that support the enactment and execution of processes
have extensively been used by companies to streamline and automate intra-organizational processes.
Yet, for inter-organizational processes, challenges of joint design and a lack of mutual trust have
hampered a broader uptake.
Emerging blockchain technology has the potential to drastically change the environment in which
inter-organizational processes are able to operate. Blockchains oer a way to execute processes in
a trustworthy manner even in a network without any mutual trust between nodes. Key aspects are
specic algorithms that lead to consensus among the nodes and market mechanisms that motivate
hull@us.ibm.com; Marcello La Rosa, Queensland University of Technology, Brisbane, Australia, m.larosa@qut.edu.au;
Henrik Leopold, Vrije Universiteit, Amsterdam, The Netherlands, h.leopold@vu.nl; Frank Leymann, IAAS, Universität
Stuttgart, Stuttgart, Germany, frank.leymann@iaas.uni-stuttgart.de; Jan Recker, Queensland University of Technology,
Brisbane, Australia, j.recker@qut.edu.au; Manfred Reichert, Ulm University, Ulm, Germany, manfred.reichert@uni-ulm.de;
Hajo A. Reijers, Vrije Universiteit, Amsterdam, The Netherlands, h.a.reijers@vu.nl; Stefanie Rinderle-Ma, University of
Vienna, Vienna, Austria, stefanie.rinderle-ma@univie.ac.at; Andreas Solti, Wirtschaftsuniversität Wien, Vienna, Austria,
andreas.rogge-solti@wu.ac.at; Michael Rosemann, Queensland University of Technology, Brisbane, Australia, m.rosemann@
qut.edu.au; Stefan Schulte, TU Wien, Vienna, Austria, stefan.schulte@tuwien.ac.at; Munindar P. Singh, North Carolina State
University, Raleigh, United States of America, mpsingh@ncsu.edu; Tijs Slaats, University of Copenhagen, Copenhagen,
Denmark, slaats@di.ku.dk; Mark Staples, Data61, CSIRO, Sydney, Australia, mark.staples@data61.csiro.au; Barbara Weber,
Technical University of Denmark, Lyngby, Denmark, bweb@dtu.dk; Matthias Weidlich, Humboldt-Universität zu Berlin,
Berlin, Germany, matthias.weidlich@hu-berlin.de; Mathias Weske, Hasso-Plattner-Institute, Universität Potsdam, Potsdam,
Germany, mathias.weske@hpi.de; Xiwei Xu, Data61, CSIRO, Sydney, Australia, xiwei.xu@data61.csiro.au; Liming Zhu,
Data61, CSIRO, Sydney, Australia, liming.zhu@data61.csiro.au.
the full citation on the rst page. Copyrights for components of this work owned by others than ACM must be honored.
Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires
prior specic permission and/or a fee. Request permissions from permissions@acm.org.
©2018 Association for Computing Machinery.
2158-656X/2018/0-ART0 $15.00
https://doi.org/0000001.0000001
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:3
the nodes to progress the network. Through these capabilities, this technology has the potential to
shift the discourse in BPM research about how systems might enable the enactment, execution,
monitoring or improvement of business process within or across business networks.
In this paper, we describe what we believe are the main new challenges and opportunities
of blockchain technology for BPM. This leads to directions for research activities to investigate
both challenges and opportunities. Section 2provides a background on fundamental concepts
of blockchain technology and an illustrative example of how this technology applies to business
processes. Section 3focuses on the impact of blockchains on the traditional BPM lifecycle phases [Du-
mas et al
.
2018]. Section 4goes beyond it and asks which impact blockchains might have on core
capability areas of BPM [Rosemann and vom Brocke 2015]. Section 5summarizes this discussion
by emphasizing seven future research directions.
2 BACKGROUND
This section summarizes the essential aspects of blockchain technology and discusses initial research
eorts at the intersection of BPM and blockchains.
2.1 Blockchain Technology
In its original form, Blockchain is a distributed database technology that builds on a tamper-proof
list of timestamped transaction records. Among others, it is used for cryptocurrencies such as
Bitcoin [Nakamoto 2008]. Its innovative power stems from allowing parties to transact with others
they do not trust over a computer network in which nobody is trusted. This is enabled by a
combination of peer-to-peer networks, consensus-making, cryptography, and market mechanisms.
Blockchain derives its name from the fact that its essential data structure is a chained list of blocks.
This chain of blocks is distributed over a peer-to-peer network, in which every node maintains
the latest version of it. Blocks can contain information about transactions. In this way, we can for
instance know that a buyer has ordered 200 items of a particular type of material from a vendor
at a specic time. When a new block is added to the blockchain, it is signed using cryptographic
methods. In this way, it can be checked if its content and its signature match. For example, if we
take the content
c=
"Buyer orders 200 items from vendor" and apply a specic hash function
h(c)
,
we get a unique result
r
. Every block is associated with a hash generated from its content and
the hash value of the previous block in the list. Hash values thus uniquely represent not only the
transactions within blocks but also the ordering of every block. This mechanism is at the basis of
the chain. In case somebody would try to alter a transaction, this would change the hash value
of its block, and therefore break the chain. Since every node can create blocks in a peer-to-peer
network, there has to be consensus on the new version of the blockchain including a new block.
This is achieved with consensus algorithms that are based on concepts like proof-of-work or proof-
of-stake [Bentov et al
.
2016], and more recently proof-of-elapsed-time
1
. In proof-of-work, miners
guess a value for a specic eld, to fulll the condition that
r
must be smaller than a threshold
(which is dynamically adjusted by the network based on a predened protocol). In proof-of-stake,
miner selection considers the size of their stake , i.e., amount of cryptocurrency held by them. The
rationale is that a high stake is a strong motivation for not cheating: if the miners cheat (and this is
detected), the respective cryptocurrency will be devalued. The network protocols and dynamic
adjustment of thresholds are designed to avoid network overload. In summary, these foundational
blockchain concepts support two important notions that are also essential for business processes:
the blockchain as a (tamper-proof) data structure captures the history and the current state of the
network and transactions move the system to a new state.
1Intel: Proof of elapsed time (PoET). Available from http://intelledger.github.io/
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:4 Mendling, J. et al
Blockchain oers an additional concept that is important for business processes, called smart
contracts [Szabo 1997]. Consider again the example of the buyer ordering 200 items from the vendor.
Business processes are subject to rules on how to respond to specic conditions. If, for instance,
the vendor does not deliver within two weeks, the buyer might be entitled to receive a penalty
payment. Such business rules can be expressed by smart contracts. For instance, the Ethereum
blockchain supports a Turing-complete programming language for smart contracts
2
. The code in
these languages is deterministic and relies on a closed-world assumption: only information that is
stored on the blockchain is available in the runtime environment. Smart contract code is deployed
with a specic type of transaction. As with any other blockchain transaction, the deployment of
smart contract code to the blockchain is immutable. Once deployed, smart contracts oer a way
to execute code directly on the blockchain network, like the conditional transfer of money in our
example if a certain condition is fullled.
By using blockchain technology, untrusted parties can establish trust in the truthful execution
of the code. Smart contracts can be used to implement business collaborations in general and
inter-organizational business processes in particular. The potential of blockchain-based distributed
ledgers to enable collaboration in open environments has been successfully tested in diverse elds
ranging from diamonds trading to securities settlement [Walport 2016].
At this stage, it has to be noted that blockchain technology still faces numerous general tech-
nological challenges. A mapping study by [Yli-Huumo et al
.
2016] found that a majority of these
challenges have not been addressed by the research community, albeit we note that blockchain
developer communities actively discuss some of these challenges and suggest a myriad of potential
solutions
3
. Some of them can be addressed by using private or consortium blockchain instead
of a fully open network [Mougayar 2016]. In general, the technological challenges include the
following [Swan 2015].
Throughput
in the Ethereum blockchain is limited to approx. 15 transaction inclusions per
second (tps) currently. In comparison, transaction volumes for the VISA payment network
are 2,000 tps on average, with a tested capacity of up to 50,000 tps. However, the experimental
Red Belly Blockchain which particularly caters to private or consortium blockchains has
achieved more than 400,000 tps in a lab test4.
Latency
is also an issue. Transaction inclusion in the absence of network congestion takes
a certain amount of time. In addition, a number of conrmation blocks are typically rec-
ommended to ensure the transaction does not get removed due to accidental or malicious
forking. That means that transactions can be seen as committed after 60 minutes on average
in Bitcoin, or 3 to 10 minutes in Ethereum. Even with improvements of techniques like the
lightning network or side chains spawned o from the main chain, blockchains are unlikely
to achieve latencies as low as centrally-controlled systems.
Size and bandwidth
limitations are variations of the throughput issue: if the transaction
volume of VISA were to be processed by Bitcoin, the full replication of the entire blockchain
data structure would pose massive problems. [Yli-Huumo et al
.
2016] quote 214 PB per year,
thus posing a challenge in data storage and bandwidth. Private and consortium chains and
concepts like the lightning network or side chains all aim to address these challenges. In this
context it is worth noting that most everyday users can use wallets instead, which require
only small amounts of storage.
2https://www.ethereum.org/
3http://www.the-blockchain.com/2017/01/24/adi-ben-ari- outstanding-challenges-blockchain-technology-2017/
4http://poseidon.it.usyd.edu.au/~concurrentsystems/rbbc/
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:5
Usability
is limited at this point, in terms of both developer support (lack of adequate tooling)
and end-user support (hard to use and understand). Recent advances on developer support
include eorts by some of the authors towards model-driven development of blockchain
applications [García-Bañuelos et al. 2017;Tran et al. 2017;Weber et al. 2016].
Security
will always pose a challenge on an open network like a public blockchain. Secu-
rity is often discussed in terms of the CIA properties [Dhillon and Backhouse 2000]. First,
condentiality is per se low in a distributed system that replicates all data over its network,
but can be addressed by targeted encryption [Kosba et al
.
2016]. Second, integrity is a strong
suit of blockchains, albeit challenges do exist [Eyal and Sirer 2014;Gervais et al
.
2016]. Third,
availability can be considered high in terms of reads from blockchain due to the wide replica-
tion, but is less favorable in terms of write availability [Weber et al
.
2017]. New attack vectors
exist around forking, e.g., through network segregation [Natoli and Gramoli 2017]. These are
particularly relevant in private or consortium blockchains.
Wasted resources,
particularly electricity, are due to the consensus mechanism, where
miners constantly compete in a race to mine the next block for a high reward. In an empirical
analysis, [Weber et al
.
2017] found that about 10% of announced new blocks on the Ethereum
network were uncles (forks of length 1). This can be seen as wasteful, but is just a small
indication of the vast duplication of eort in proof-of-work mechanisms. Longer forks (at most
of length 3) were extremely rare, so accidental forking seems unlikely in a well-connected
network like the Internet – but could occur if larger nations were cut o temporarily or
even permanently. Alternatives to the proof-of-work, like proof-of-stake [Bentov et al
.
2016],
have been discussed for a while and would be much more ecient. At the time of writing,
they remain an unproven but highly interesting alternative. Proof-of-work makes very low
assumptions in trusting other participants, which is well suited for an open network managing
digital assets. Designing more ecient protocols without relaxing these assumptions has
proven a challenge.
Hard forks
are changes to the protocol of a blockchain which enable transactions or blocks
which were previously considered invalid [Decker and Wattenhofer 2013]. They essentially
change the rules of the game and therefore require adoption by a vast majority of the miners to
be eective [Bonneau et al
.
2015]. While hard forks can be controversial in public blockchains,
as demonstrated by the split of the Ethereum blockchain into a hard forked main chain and
Ethereum Classic (ETC), this is less of an issue for private and consortium blockchains where
such a consensus is more easily found.
Many of these general technological challenges of blockchains are currently the focus of the
emerging body of research. As noted, our main interest is in the potential of blockchain technology
to enable a shift in BPM research. Our belief is vested both in the novel technological properties
discussed above and in the already available attempts of using blockchain technology in the
denition and implementation of fundamentally novel business processes. We review these attempts
in the following.
2.2 Business Processes and Blockchain Technology
We are not the rst to identify the application potential of blockchain technology to business
processes. In fact, several blockchains are currently adopted in various domains to facilitate the
operation of new business processes. For example, [Nofer et al
.
2017] list applications in the nancial
sector including cryptocurrency transactions, securities trading and settlement, and insurances as
well as non-nancial applications such as notary services, music distribution, and various services
like proof of existence, authenticity, or storage. Other works describe application scenarios involving
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:6 Mendling, J. et al
Supply
Supplier
receive
order receive
request provide
details provide
waybill
Produce Prepare
Transport
Special Carrier
receive
order request
details receive
details receive
waybill
deliver
order
Middleman
receive
order
forward
order
order
transport
Manufacturer
Calculate
demand
place
order receive
order
report
start of
production
Produce
receive
order deliver
product
Bulk
Buyer
Fig. 1. Supply Chain Scenario from [Weber et al. 2016]
blockchain technology in logistics and supply chain processes, for instance in the agricultural
sector [Staples et al. 2017].
A proposal to support inter-organizational processes through blockchain technology is described
by [Weber et al
.
2016]: large parts of the control ow and business logic of inter-organizational
business processes can be compiled from process models into smart contracts which ensure the
joint process is correctly executed. So-called trigger components allow connecting these inter-
organizational process implementations to Web services and internal process implementations.
These triggers serve as a bridge between the blockchain and enterprise applications. The cryptocur-
rency concept enables the optional implementation of conditional payment and built-in escrow
management at dened points within the process, where this is desired and feasible.
To illustrate these capabilities, Figure 1shows a simplied supply chain scenario, where a bulk
buyer orders goods from a manufacturer. The manufacturer, in turn, orders supplies through a
middleman, which are sent from the supplier to the manufacturer via a special carrier. Withoutglobal
monitoring each participant has restricted visibility of the overall progress. This may very well be a
basis for misunderstandings and shifting blame in cases of conict. Model-driven approaches such
as proposed by [García-Bañuelos et al
.
2017;Weber et al
.
2016] produce code of smart contracts
that implement the process (see Figure 2).
If executed using smart contracts on a blockchain, typical barriers complicating the deployment of
inter-organizational processes can be removed. (i) The blockchain can serve as an immutable public
ledger, so that participants can review a trustworthy history of messages to pinpoint the source
of an error. This means that all state-changing messages have to be recorded in the blockchain.
(ii) Smart contracts can oer independent process monitoring from a global viewpoint, such that
only expected messages are accepted, and only if they are sent from the player registered for the
respective role in the process instance. (iii) Encryption can ensure that only the data that must be
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:7
Fig. 2. Smart contract snippet illustrating how code is generated from a BPMN model. It shows the im-
plementation of function
PlaceOrder
from the above process model. This function is to be executed by
the Manufacturer, which is checked in line 6. Subsequently, we check if the function is activated in line 7.
If so, any custom task logic is executed, and the activation of tasks is updated in line 9. For more details,
see [García-Bañuelos et al. 2017].
visible is public, while the remaining data is only readable for the process participants that require
it.
These capabilities demonstrate how blockchains can help organizations to implement and execute
business processes across organizational boundaries even if they cannot agree on a trusted third
party. This is a fundamental advance, because the core aspects of this technology enable support of
enterprise collaborations going far beyond asset management, including the management of entire
supply chains, tracking food from source to consumption to increase safety, or sharing personal
health records in privacy-ensuring ways amongst medical service providers.
The technical realization of this advance is still nascent at this stage, although some early eorts
can be found in the literature. For example, smart contracts that enforce a process execution in
a trustworthy way can be generated from BPMN process models [Weber et al
.
2016] and from
domain-specic languages [Frantz and Nowostawski 2016]. Further cost optimizations are proposed
by [García-Bañuelos et al
.
2017]. Figure 2shows a code excerpt that was generated by this approach.
In a closely related work, [Hull et al
.
2016] emphasize the anity of artifact-centric process
specication [Cohn and Hull 2009;Marin et al. 2012] for blockchain execution.
Even at this stage, research on the benets and potentials of blockchain technology is mixed
with studies that highlight or examine issues and challenges. For example, [Norta 2015,2016]
discusses ways to ensure secure negotiation and creation of smart contracts for Decentralized
Autonomous Organizations (DAOs), among others in order to avoid attacks like the DAO hack
during which approx. US$ 60M were stolen. This in turn was remediated by a hard fork of the
Ethereum blockchain, which was controversial among the respective mining node operators and
resulted in a part of the public Ethereum network splintering o into the Ethereum Classic (ETC)
network. This split, in turn, caused major issues for the network in the medium term, allowing
among others replay attacks where transactions from Ethereum can be replayed on ETC. A formal
analysis of smart contract participants using game theory and formal methods is conducted by [Bigi
et al
.
2015]. As pointed out by [Norta 2016], the assumption of perfect rationality underlying the
game-theoretic analysis is unlikely to hold for human participants.
These examples show that blockchain technology and its application to BPM are at an impor-
tant crossroads: technical realization issues blend with promising application scenarios; early
implementations mix with unanticipated challenges. It is timely, therefore, to discuss in broad and
encompassing ways where open questions lie that the scholarly community should be interested in
addressing. We do so in the two sections that follow.
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:8 Mendling, J. et al
3 BLOCKCHAIN TECHNOLOGY AND THE BPM LIFECYCLE
In this section, we discuss blockchain in relation to the traditional BPM lifecycle [Dumas et al
.
2018] including the following phases: identication, discovery, analysis, redesign, implementation,
execution, monitoring, and adaptation. Using the traditional BPM lifecycle as a framework of
reference allows us to discuss many incremental changes that blockchains might provide.
3.1 Identification
Process identication is concerned with the high-level description and evaluation of a company
from a process-oriented perspective, thus connecting strategic alignment with process improvement.
Currently, identication is mostly approached from an inward-looking perspective [Dumas et al
.
2018]. Blockchain technology adds another relevant perspective for evaluating high-level processes
in terms of the implied strengths, weaknesses, opportunities, and threats. For example, how can a
company systematically identify the most suitable processes for blockchains or the most threatened
ones? Research is needed into how this perspective can be integrated into the identication phase.
Because blockchains have anity with the support of inter-organizational processes, process
identication may need to encompass not only the needs of one organization, but broader known
and even unknown partners.
3.2 Discovery
Process discovery refers to the collection of information about the current way a process operates
and its representation as an as-is process model. Currently, methods for process discovery are
largely based on interviews, walkthroughs and documentation analysis, complemented with auto-
mated process discovery techniques over non-encrypted event logs generated by process-aware
information systems [van der Aalst 2016]. Blockchain technology denes new challenges for pro-
cess discovery techniques: the information may be fragmented and encrypted; accounts and keys
can change frequently; and payload data may be stored partly on-chain and partly o-chain. For
example, how can a company discover an overall process from blockchain transactions when these
might not be logically related to a process identier? This fragmentation might require a repeated
alignment of information from all relevant parties operating on the blockchain. Work on matching
could represent a promising starting point to solve this problem [Cayoglu et al
.
2014;Euzenat and
Shvaiko 2013;Gal 2011]. There is both the risk and opportunity of conducting process mining on
blockchain data. An opportunity could involve establishing trust in how a process or a prospective
business partner operates, while a risk is that other parties might be able to understand operational
characteristics from blockchain transactions. There are also opportunities for reverse engineering
business processes, among others, from smart contracts.
3.3 Analysis
Process analysis refers to obtaining insights into issues relating to the way a business process
currently operates. Currently, the analysis of processes mostly builds on data that is available inside
of organizations or from perceptions shared by internal and external process stakeholders [Dumas
et al
.
2018]. Records of processes executed on the blockchain yield valuable information that can
help to assess the case load, durations, frequencies of paths, parties involved, and correlations
between unencrypted data items. These pieces of information can be used to discover processes,
detect deviations, and conduct root cause analysis [van der Aalst 2016], ranging from small groups
of companies to an entire industry at large. The question is which eort is required to bring the
available blockchain transaction data into a format that permits such analysis.
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:9
3.4 Redesign
Process redesign deals with the systematic improvement of a process. Currently, approaches like
redesign heuristics build on the assumption that there are recurring patterns of how a process can
be improved [Vanwersch et al
.
2016]. Blockchain technology oers novel ways of improving specic
business processes or resolving specic problems. For instance, instead of involving a trustee to
release a payment if an agreed condition is met, a buyer and a seller of a house might agree on a
smart contract instead. The question is where blockchains can be applied for optimizing existing
interactions and where new interaction patterns without a trusted central party can be established,
potentially drawing on insights from related research on Web service interaction [Barros et al
.
2005]. A promising direction for developing blockchain-appropriate abstractions and heuristics may
come from data-aware workows [Marin et al. 2012] and BPMN choreography diagrams [Decker
and Weske 2011]. Both techniques combine two primary ingredients of blockchain, namely data
and process, in a holistic manner that is well-suited for top-down design of cross-organizational
processes. It might also be benecial to formulate blockchain-specic redesign heuristics that
could mimic how Incoterms [Ramberg 2011] dene standardized interactions in international trade.
Specic challenges for redesign include the joint engineering of blockchain processes between all
parties involved, an ongoing problem for choreography design.
3.5 Implementation
Process implementation refers to the procedure of transforming a to-be model into software
components executing the business process. Currently, business processes are often implemented
using process-aware information systems or business process management systems inside single
organizations. In this context, the question is how can the involved parties make sure that the
implementation that they deploy on the blockchain supports their process as desired. Some of the
challenges regarding the transformation of a process model to blockchain artifacts are discussed
by [Weber et al
.
2016]. Several ideas from earlier work on choreography can be reused in this new
setting [Chopra et al
.
2014;Decker and Weske 2011;Mendling and Hafner 2008;Telang and Singh
2012;van der Aalst and Weske 2001;Weber et al
.
2008]. It has to be noted that choreographies
have not been adopted by industry to a large extent yet. Despite this, they are especially helpful in
inter-organizational settings, where it is not possible to control and monitor a complete process in
a centralized fashion because of organizational borders [Breu et al
.
2013]. To verify that contracts
between choreography stakeholders have been fullled, a trust basis, which is not under control of
a particular party, needs to be established. Blockchains may serve to establish this kind of trust
between stakeholders.
An important engineering challenge on the implementation level is the identication and def-
inition of abstractions for the design of blockchain-based business process execution. Libraries
and operations for engines are required, accompanied by modeling primitives and language exten-
sions of BPMN. Software patterns and anti-patterns will be of good help to engineers designing
blockchain-based processes. There is also a need for new approaches for quality assurance, cor-
rectness, and verication, as well as for new corresponding correctness criteria. These can build
on existing notions of compliance [van der Aalst et al
.
2008], reliability [Subramanian et al
.
2008],
quality of services [Zeng et al
.
2004] or data-aware workow verication [Calvanese et al
.
2013],
but will have to go further in terms of consistency and consideration of potential payments. Fur-
thermore, dynamic partner binding and rebinding is a challenge that requires attention. Process
participants will have to nd partners, either manually or automatically on dedicated marketplaces
using dedicated look-up services. The property of inhabiting a certain role in a process might itself
be a tradable asset. For example, a supplier might auction o the role of shipper to the highest
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:10 Mendling, J. et al
bidder as part of the process. Finally, as more and more companies use blockchain, there will be a
proliferation of smart contract templates available for use. Tools for nding templates appropriate
for a given style of collaboration will be essential. All these characteristics emphasize the need for
specic testing and verication approaches.
3.6 Execution
Execution refers to the instantiation of individual cases and their information-technological pro-
cessing. Currently, such execution is facilitated by process-aware information systems or business
process management systems [Dumas et al
.
2018]. For the actual execution of a process deployed
on a blockchain following the method of [Weber et al
.
2016], several dierences with the traditional
ways exist. During the execution of an instance, messages between participants need to be passed
as blockchain transactions to the smart contract; resulting messages need to be observed from
the blocks in the blockchain. Both of these can be achieved by integrating blockchain technology
directly with existing enterprise systems or through the use of dedicated integration components,
such as the triggers suggested by [Weber et al
.
2016]. First prototypes like Caterpillar as a BPMS that
build on blockchains are emerging [López-Pintado et al
.
2017]. The main challenge here involves
ensuring correctness and security, especially when monetary assets are transferred using this
technology.
3.7 Monitoring
Process monitoring refers to collecting events of process executions, displaying them in an under-
standable way, and triggering alerts and escalation in cases where undesired behavior is observed.
Currently, such process execution data is recorded by systems that support process execution [Du-
mas et al
.
2018]. First, we face issues in terms of data fragmentation and encryption as in the
analysis phase. For example, the data on the blockchain alone will likely not be enough to monitor
the process, but require an integration with local o-chain data. Once such tracing in place, the
global view of the process can be monitored independently by each involved party. This provides a
suitable basis for continuous conformance and compliance checking and monitoring of service-
level agreements. Second, based on monitoring data exchanged via the blockchain, it is possible
to verify if a process instance meets the original process model and the contractual obligations
of all involved process stakeholders. For this, blockchain technology can be exploited to store the
process execution data and handos between process participants. Notably, this is even possible
without the usage of smart contracts, i.e., in a rst-generation blockchain like the one operated by
Bitcoin [Prybila et al. 2017].
3.8 Adaptation and Evolution
Runtime adaptation refers to the concept of changing the process during execution. In traditional
approaches, this can for instance be achieved by allowing participants in a process to change the
model during its execution [Reichert and Weber 2012]. Interacting partners might take a defensive
stance in order to avoid certain types of adaptation. As discussed by [Weber et al
.
2016], blockchain
can be used to enforce conformance with the model, so that participants can rely on the joint model
being followed. In such a setting, adaptation is by default something to be avoided: if a participant
can change the model, this could be used to gain an unfair advantage over the other participants.
For instance, the rules of retrieving cryptocurrency from an escrow account could be changed or
the terms of payment. In this setting, process adaptation must strictly adhere to dened paths for it,
e.g., any change to a deployed smart contract may require a transaction signed by all participants.
In contrast, the method proposed by [Prybila et al
.
2017] allows runtime adaptation, but assumes
that relevant participants monitor the execution and react if a change is undesired.
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:11
If smart contracts enforce the process, there are also problems arising in relation to evolution:
new smart contracts need to be deployed to reect changes to a new version of the process model.
Porting running instances from an old version to a new one would require eective coordina-
tion mechanisms involving all participants. Some challenges for choreographies are summarized
by [Fdhila et al. 2015].
4 BLOCKCHAIN TECHNOLOGY AND BPM CAPABILITIES
There are also challenges and opportunities for BPM and blockchain technology beyond the classical
BPM lifecycle. We refer to the BPM capability areas [Rosemann and vom Brocke 2015] beyond the
methodological support we reected above, including strategy, governance, information technology,
people, and culture.
4.1 Strategy
Strategic alignment refers to the active management of connections between organizational priori-
ties and business processes [Rosemann and vom Brocke 2015], which aims at facilitating eective
actions to improve business performance. Currently, various approaches to BPM assume that
the corporate strategy is dened rst and business processes are aligned with the respective
strategic imperatives [Dumas et al
.
2018]. Blockchain technology challenges these approaches
to strategic alignment. For many companies, blockchains dene a potential threat to their core
business processes. For instance, the banking industry could see a major disintermediation based on
blockchain-based payment services [Guo and Liang 2016]. Also lock-in eects [Tassey 2000] might
deteriorate when, for example, the banking service is not the banking network itself anymore, but
only the interface to it. These developments could lead to business processes and business models
being under strong inuence of technological innovations outside of companies.
4.2 Governance
BPM governance refers to appropriate and transparent accountability in terms of roles, responsibili-
ties, and decision processes for dierent BPM-related programs, projects, and operations [Rosemann
and vom Brocke 2015]. Currently, BPM as a management approach builds on the explicit denition
of BPM-related roles and responsibilities with a focus on the internal operations of a company.
Blockchain technology might change governance towards a more externally oriented model of
self-governance based on smart contracts. Research on corporate governance investigates agency
problems and mechanisms to provide eective incentives for intended behavior [Shleifer and Vishny
1997]. Smart contracts can be used to establish new governance models as exemplied by The
Decentralized Autonomous Organization (The DAO)
5
. It is an important question in how far this
idea of The DAO can be extended towards reducing the agency problem of management discretion
or eventually eliminate the need for management altogether. Furthermore, the revolutionary change
suggested by The DAO for organization shows just how disruptive this technology can be, and
whether similarly radical changes could apply to BPM.
4.3 Information Technology
BPM-related information technology subsumes all systems that support process execution, such
as process-aware information systems and business process management systems. These systems
typically assume central control over the process.
Blockchain technology enables novel ways of process execution, but several challenges in terms
of security and privacy have to be considered. While the visibility of encrypted data on a blockchain
5https://daohub.org
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:12 Mendling, J. et al
is restricted, it is up to the participants in the process to ensure that these mechanisms are used
according to their condentiality requirements. Some of these requirements are currently being
investigated in the nancial industry
6
. Further challenges can be expected with the introduction
of the General Data Protection Regulation
7
. It is also not clear, which new attack scenarios on
blockchain networks might emerge [Hurlburt 2016]. Therefore, guidelines for using private, public,
or consortium-based blockchains are required [Mougayar 2016]. It also has to be decided what
types of smart contract and which cryptocurrency are allowed to be used in a corporate setting.
4.4 People
People in this context refers to all individuals, possibly in dierent roles, who engage with
BPM [Rosemann and vom Brocke 2015]. Currently, these are people who work as process analyst,
process manager, process owner or in other process-related roles. The roles of these individuals are
shaped by skills in the area of management, business analysis and requirements engineering. In this
capability area, the use of blockchain technology requires extensions of their skill sets. New required
skills relate to partner and contract management, software enginering, and cryptography. Also,
people have to be willing to design blockchain-based collaborations within the frame of existing
regulations to enable adoption. This implies that research into blockchain-specic technology
acceptance is needed, extending the established technology acceptance model [Venkatesh et al
.
2003].
4.5 Culture
Organizational culture is dened by the collective values of a group of people in an organiza-
tion [Rosemann and vom Brocke 2015]. Currently, BPM is discussed in relation to organizational
culture [vom Brocke and Sinnl 2011] from a perspective that emphasizes an anity with clan
and hierarchy culture [Štemberger et al
.
2017]. These cultural types are often found in the many
companies that use BPM as an approach for documentation. Blockchains are likely to inuence or-
ganizational culture towards a stronger emphasis on exibility and an outward-looking perspective.
In the competing values framework by [Cameron and Quinn 2005], these aspects are associated with
an adhocracy organizational culture. Furthermore, not only consequences of blockchain adoption
have to be studied, but also antecedants. These include organizational factors that facilitate early
and successful adoption.
5 SEVEN FUTURE RESEARCH DIRECTIONS
Blockchains will fundamentally shift how we deal with transactions in general, and therefore how
organizations manage their business processes within their network. Our discussion of challenges
in relation to the BPM lifecycle and beyond points to seven major future research directions. For
some of them we expect viable insights to emerge sooner, for others later. The order loosely reects
how soon such insights might appear.
(1)
Developing a diverse set of execution and monitoring systems on blockchain. Research in this
area will have to demonstrate the feasibility of using blockchains for process-aware informa-
tion systems. Among others, design science and algorithm engineering will be required here.
Insights from software engineering and distributed systems will be informative.
(2)
Devising new methods for analysis and engineering business processes based on blockchain
technology. Research in this topic area will have to investigate how blockchain-based pro-
cesses can be eciently specied and deployed. Among others, formal research methods and
6https://gendal.me/2016/04/05/introducing-r3-corda-a- distributed-ledger-designed- for-nancial-services/
7http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_{}.2016.119.01.0001.01.ENG
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:13
design science will be required to study this topic. Insights from software engineering and
database research will be informative here.
(3)
Redesigning processes to leverage the opportunities granted by blockchain. Research in this
context will have to investigate how blockchain may allow re-imagining specic processes
and the collaboration with external stakeholders. The whole area of choreographies may be
re-vitalized by this technology. Among others, design science will be required here. Insights
from operations management and organizational science will be informative.
(4)
Dening appropriate methods for evolution and adaptation. Research in this area will have
to investigate the potential guarantees that can be made for certain types of evolution and
adaptation. Among others, formal research methods will be required here. Insights from
theoretical computer science and verication will be informative.
(5)
Developing techniques for identifying, discovering, and analyzing relevant processes for the
adoption of blockchain technology. Research on this topic will have to investigate which
characteristics of blockchain as a technology best meet requirements of specic processes.
Among others, empirical research methods and design science will be required. Insights from
management science and innovation research will be informative here.
(6)
Understanding the impact on strategy and governance of blockchains, in particular regard-
ing new business and governance models enabled by revolutionary innovation based on
blockchain. Research in this topic area will have to study which processes in an enterprise
setting could be onoverganized dierently using blockchain and which consequences this
brings. Among others, empirical research methods will be required to investigate this topic.
Insights from organizational science and business research will be informative.
(7)
Investigating the culture shift towards openness in the management and execution of business
processes, and on hiring as well as upskilling people as needed. Research in this topic area
will have to investigate how corporate culture changes with the introduction of blockchains,
and in how far this diers from the adoption of other technologies. Among others, empirical
methods will be required for research in this area. Insights from organizational science and
business research will be informative.
The BPM and the Information Systems community have a unique opportunity to help shape this
fundamental shift towards a distributed, trustworthy infrastructure to promote inter-organizational
processes. With this paper we aim to provide clarity, focus, and impetus for the research challenges
that are upon us.
REFERENCES
Alistair Barros, Marlon Dumas, and Arthur HM ter Hofstede. 2005. Service interaction patterns. In International Conference
on Business Process Management. Springer, 302–318.
Iddo Bentov, Ariel Gabizon, and Alex Mizrahi. 2016. Cryptocurrencies Without Proof of Work. Springer Berlin Heidelberg,
Berlin, Heidelberg, 142–157. https://doi.org/10.1007/978-3-662- 53357-4_10
Giancarlo Bigi, Andrea Bracciali, Giovanni Meacci, and Emilio Tuosto. 2015. Validation of Decentralised Smart Contracts
Through Game Theory and Formal Methods. Springer International Publishing, 142–161.
J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten. 2015. SoK: Research Perspectives and Challenges
for Bitcoin and Cryptocurrencies. In 2015 IEEE Symposium on Security and Privacy. 104–121. https://doi.org/10.1109/SP.
2015.14
Ruth Breu, Schahram Dustdar, Johann Eder, Christian Huemer, Gerti Kappel, Julius Köpke, Philip Langer, Jürgen Mangler,
Jan Mendling, Gustaf Neumann, Stefanie Rinderle-Ma, Stefan Schulte, Stefan Sobernig, and Barbara Weber. 2013.
Towards Living Inter-Organizational Processes. In 15th IEEE Conference on Business Informatics. IEEE, 363–366. https:
//doi.org/dx.doi.org/10.1109/CBI.2013.59
Diego Calvanese, Giuseppe De Giacomo, and Marco Montali. 2013. Foundations of data-aware process analysis: a database
theory perspective. In Proceedings of the 32nd ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database
Systems, PODS 2013, New York, NY, USA - June 22 - 27, 2013, Richard Hull and Wenfei Fan (Eds.). ACM, 1–12.
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:14 Mendling, J. et al
Kim S Cameron and Robert E Quinn. 2005. Diagnosing and changing organizational culture: Based on the competing values
framework. John Wiley & Sons.
Ugur Cayoglu, Remco M. Dijkman, Marlon Dumas, Peter Fettke, Luciano García-Bañuelos, Philip Hake, Christopher
Klinkmüller, Henrik Leopold, André Ludwig, Peter Loos, Jan Mendling, Andreas Oberweis, Andreas Schoknecht, Eitam
Sheetrit, Tom Thaler, Meike Ullrich, Ingo Weber, and Matthias Weidlich. 2014. Report: The Process Model Matching
Contest 2013. In Business Process Management Workshops - BPM 2013 International Workshops, Beijing, China, August 26,
2013, Revised Papers (Lecture Notes in Business Information Processing), Niels Lohmann, Minseok Song, and Petia Wohed
(Eds.), Vol. 171. Springer, 442–463.
Amit K. Chopra, Fabiano Dalpiaz, F. Başak Aydemir, Paolo Giorgini, John Mylopoulos, and Munindar P. Singh. 2014. Protos:
Foundations for Engineering Innovative Sociotechnical Systems. In Proceedings of the 18th IEEE International Requirements
Engineering Conference (RE). IEEE Computer Society, Karlskrona, Sweden, 53–62.
David Cohn and Richard Hull. 2009. Business Artifacts: A Data-centric Approach to Modeling Business Operations and
Processes. IEEE Data Eng. Bull. 32, 3 (2009), 3–9. http://sites.computer.org/debull/A09sept/david.pdf
Christian Decker and Roger Wattenhofer. 2013. Information propagation in the Bitcoin network.. In P2P. IEEE, 1–10.
Gero Decker and Mathias Weske. 2011. Interaction-centric modeling of process choreographies. Inf. Syst. 36, 2 (2011),
292–312.
Gurpreet Dhillon and James Backhouse. 2000. Technical opinion: Information system security management in the new
millennium. Commun. ACM 43, 7 (2000), 125–128.
Marlon Dumas, Marcello La Rosa, Jan Mendling, and Hajo A. Reijers. 2018. Fundamentals of Business Process Management.
Second Edition. Springer.
Jérôme Euzenat and Pavel Shvaiko. 2013. Ontology Matching, Second Edition. Springer.
Ittay Eyal and Emin Gün Sirer. 2014. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. Springer Berlin Heidelberg, Berlin,
Heidelberg, 436–454. https://doi.org/10.1007/978-3-662- 45472-5_28
Walid Fdhila, Conrad Indiono, Stefanie Rinderle-Ma, and Manfred Reichert. 2015. Dealing with change in process chore-
ographies: Design and implementation of propagation algorithms. Inf. Syst. 49 (2015), 1–24. https://doi.org/10.1016/j.is.
2014.10.004
Christopher K Frantz and Mariusz Nowostawski. 2016. From Institutions to Code: Towards Automated Generation of Smart
Contracts. In Workshop on Engineering Collective Adaptive Systems (eCAS), co-located with SASO, Augsburg.
Avigdor Gal. 2011. Uncertain schema matching. Morgan & Claypool Publishers.
Luciano García-Bañuelos, Alexander Ponomarev, Marlon Dumas, and Ingo Weber. 2017. Optimized Execution of Business
Processes on Blockchain. In BPM’17: International Conference on Business Process Management. Barcelona, Spain.
Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. 2016. On the
Security and Performance of Proof of Work Blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer
and Communications Security (CCS ’16). ACM, New York, NY, USA, 3–16. https://doi.org/10.1145/2976749.2978341
Ye Guo and Chen Liang. 2016. Blockchain application and outlook in the banking industry. Financial Innovation 2, 1 (2016),
24.
Richard Hull, Vishal S. Batra, Yi-Min Chen, Alin Deutsch, Fenno F. Terry Heath III, and Victor Vianu. 2016. Towards a
Shared Ledger Business Collaboration Language Based on Data-Aware Processes. In Service-Oriented Computing - 14th
International Conference, ICSOC 2016, Ban, AB, Canada, October 10-13, 2016, Proceedings (Lecture Notes in Computer
Science), Quan Z. Sheng, Eleni Stroulia, Samir Tata, and Sami Bhiri (Eds.), Vol. 9936. Springer, 18–36.
George Hurlburt. 2016. Might the Blockchain Outlive Bitcoin? I T Professional 18, 2 (2016), 12–16.
A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. 2016. Hawk: The Blockchain Model of Cryptography and
Privacy-Preserving Smart Contracts. In 2016 IEEE Symposium on Security and Privacy (SP). 839–858. https://doi.org/10.
1109/SP.2016.55
Orlenys López-Pintado, Luciano García-Bañuelos, Marlon Dumas, and Ingo Weber. 2017. Caterpillar: A Blockchain-Based
Business Process Management System. In Proceedings of the BPM Demo Track and BPM Dissertation Award co-located
with 15th International Conference on Business Process Modeling (BPM 2017), Barcelona, Spain, September 13, 2017. (CEUR
Workshop Proceedings), Robert Clarisó, Henrik Leopold, Jan Mendling, Wil M. P. van der Aalst, Akhil Kumar, Brian T.
Pentland, and Mathias Weske (Eds.), Vol. 1920. CEUR-WS.org. http://ceur-ws.org/Vol-1920
Mike Marin, Richard Hull, and Roman Vaculín. 2012. Data Centric BPM and the Emerging Case Management Standard: A
Short Survey. In Business Process Management Workshops, Tallinn, Estonia, September 3, 2012. Revised Papers. Springer,
24–30.
Jan Mendling and Michael Hafner. 2008. From WS-CDL choreography to BPEL process orchestration. J. Enterprise
Information Management 21, 5 (2008), 525–542.
W Mougayar. 2016. The Business Blockchain: Promise, Practice, and Application of the Next Internet Technology. Wiley.
Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
Blockchains for Business Process Management - Challenges and Opportunities 0:15
Christopher Natoli and Vincent Gramoli. 2017. The Balance Attack or Why Forkable Blockchains Are Ill-Suited for
Consortium. In The 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’17). IEEE.
Michael Nofer, Peter Gomber, Oliver Hinz, and Dirk Schiereck. 2017. Blockchain. Business & Information Systems Engineering
59, 3 (2017), 183–187. https://doi.org/10.1007/s12599-017-0467-3
Alex Norta. 2015. Creation of Smart-Contracting Collaborations for Decentralized Autonomous Organizations. In BIR’15:
International Conference on Perspectives in Business Informatics Research. 3–17.
Alex Norta. 2016. Designing a Smart-Contract Application Layer for Transacting Decentralized Autonomous Organizations.
In ICACDS’16: International Conference on Advances in Computing and Data Sciences.
Christoph Prybila, Stefan Schulte, Christoph Hochreiner, and Ingo Weber. 2017. Runtime Verication for Business Processes
Utilizing the Bitcoin Blockchain. arXiv report 1706.04404. arXiv. https://arxiv.org/abs/1706.04404
Jan Ramberg. 2011. ICC Guide to Incoterms 2010. ICC.
Manfred Reichert and Barbara Weber. 2012. Enabling Flexibility in Process-Aware Information Systems - Challenges, Methods,
Technologies. Springer. https://doi.org/10.1007/978-3-642-30409-5
Michael Rosemann and Jan vom Brocke. 2015. The six core elements of business process management. In Handbook on
Business Process Management 1. Springer, 105–122.
Andrei Shleifer and Robert W Vishny. 1997. A survey of corporate governance. The journal of nance 52, 2 (1997), 737–783.
M. Staples, S. Chen, S. Falamaki, A. Ponomarev, P. Rimba, A. B. Tran, I. Weber, X. Xu, and L. Zhu. 2017. Risks and opportunities
for systems using blockchain and smart contracts. Technical Report. Data61 (CSIRO), Sydney.
Mojca Indihar Štemberger, Brina Buh, Ljubica Milanovic Glavan, and Jan Mendling. 2017. Propositions on the Interaction of
Organizational Culture with other Factors in the context of BPM Adoption. Business Process Management Journal 23
(2017).
Sattanathan Subramanian, Philippe Thiran, Nanjangud Narendra, Ghita Mostéfaoui, and Zakaria Maamar. 2008. On the
Enhancement of BPEL Engines for Self-Healing Composite Web Services. In Proc. SAINT Symposium. 33–39.
Melanie Swan. 2015. Blockchain: Blueprint for a new economy. O’Reilly Media, Inc.
Nick Szabo. 1997. Formalizing and securing relationships on public networks. First Monday 2, 9 (1997).
Gregory Tassey. 2000. Standardization in technology-based markets. Research policy 29, 4 (2000), 587–602.
Pankaj R. Telang and Munindar P. Singh. 2012. Comma: A Commitment-Based Business Modeling Methodology and its
Empirical Evaluation. IFAAMAS, Valencia, Spain, 1073–1080.
An Binh Tran, Xiwei Xu, Ingo Weber, Mark Staples, and Paul Rimba. 2017. Regerator: a Registry Generator for Blockchain.
In CAiSE’17: International Conference on Advanced Information Systems Engineering, Forum Track (demo).
Wil M. P. van der Aalst. 2016. Process Mining - Data Science in Action, Second Edition. Springer.
Wil M. P. van der Aalst, Marlon Dumas, Chun Ouyang, Anne Rozinat, and Eric Verbeek. 2008. Conformance checking of
service behavior. ACM Trans. Internet Techn. 8, 3 (2008).
Wil M. P. van der Aalst and Mathias Weske. 2001. The P2P Approach to Interorganizational Workows. In Proc. CAiSE.
140–156.
Rob J. B. Vanwersch, Khurram Shahzad, Irene T. P. Vanderfeesten, Kris Vanhaecht, Paul W. P. J. Grefen, Liliane Pintelon,
Jan Mendling, Godefridus G. van Merode, and Hajo A. Reijers. 2016. A Critical Evaluation and Framework of Business
Process Improvement Methods. Business & Information Systems Engineering 58, 1 (2016), 43–53. https://doi.org/10.1007/
s12599-015-0417-x
Viswanath Venkatesh, Michael G Morris, GordonB Davis, and Fred D Davis. 2003. User acceptance of information technology:
Toward a unied view. MIS quarterly (2003), 425–478.
Jan vom Brocke and Theresa Sinnl. 2011. Culture in business process management: a literature review. Business Process
Management Journal 17, 2 (2011), 357–378.
M Walport. 2016. Distributed Ledger Technology: Beyond Blockchain. UK Government Oce for Science, Tech. Rep 19, 2016
(2016).
Ingo Weber, Vincent Gramoli, Mark Staples, Alex Ponomarev, Ralph Holz, An Binh Tran, and Paul Rimba. 2017. On
Availability for Blockchain-Based Systems. In SRDS’17: IEEE International Symposium on Reliable Distributed Systems.
Ingo Weber, Jochen Haller, and Jutta Mülle. 2008. Automated Derivation of Executable Business Processes from Choreograpies
in Virtual Organizations. International Journal of Business Process Integration and Management (IJBPIM) 3, 2 (2008),
85–95.
Ingo Weber, Xiwei Xu, Regis Riveret, Guido Governatori, Alexander Ponomarev, and Jan Mendling. 2016. Untrusted Business
Process Monitoring and Execution Using Blockchain. In Business Process Management - 14th International Conference,
BPM 2016, Rio de Janeiro, Brazil, September 18-22, 2016. Proceedings (Lecture Notes in Computer Science), Vol. 9850. Springer,
329–347.
J Yli-Huumo, D Ko, S Choi, S Park, and K Smolander. 2016. Where Is Current Research on Blockchain Technology? – A
Systematic Review. PLoSONE 11, 10 (2016), e0163477.
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
0:16 Mendling, J. et al
Liangzhao Zeng, Boualem Benatallah, Anne Ngu, Marlon Dumas, Jayant Kalagnanam, and Henry Chang. 2004. QoS-Aware
Middleware for Web Services Composition. IEEE TSE 30, 5 (2004), 311–327.
ACM Transactions on Management Information Systems, Vol. 9, No. 0, Article 0. Publication date: 2018.
  • ... Based on its decentralized nature, structure, and use of cryptographic protocols, blockchain technology provides a modern platform for distributed applications with properties like high integrity, transparency, and resilience against censorship and tampering. This creates, among others, new opportunities and challenges for inter-organizational business processes [16]. These inherent properties make blockchain technology a good fit for use cases where data integrity is of crucial importance, e.g. ...
    ... In the context of blockchains, an oracle is a component that can transfer data between the outside world and the blockchain. However, the implementation of oracles provides considerable conceptual challenges as they can be regarded as a centralized point of failure or may introduce security and trust concerns [16]. Consequently, much of the research regarding oracles focuses on how to address these security and trust concerns, e.g., by using multiple independent oracle instances to form a decentralized oracle [25], extending trust properties to off-chain computation [10], or strengthening trust in incoming data [13]. ...
    Preprint
    Blockchain has evolved into a platform for decentralized applications, with beneficial properties like high integrity, transparency, and resilience against censorship and tampering. However, blockchains are closed-world systems which do not have access to external state. To overcome this limitation, oracles have been introduced in various forms and for different purposes. However so far common oracle best practices have not been dissected, classified, and studied in their fundamental aspects. In this paper, we address this gap by studying foundational blockchain oracle patterns in two foundational dimensions characterising the oracles: (i) the data flow direction, i.e., inbound and outbound data flow, from the viewpoint of the blockchain; and (ii) the initiator of the data flow, i.e., whether it is push or pull-based communication. We provide a structured description of the four patterns in detail, and discuss an implementation of these patterns based on use cases. On this basis we conduct a quantitative analysis, which results in the insight that the four different patterns are characterized by distinct performance and costs profiles.
  • ... Based on its decentralized nature, structure, and use of cryptographic protocols, blockchain technology provides a modern platform for distributed applications with properties like high integrity, transparency, and resilience against censorship and tampering. This creates, among others, new opportunities and challenges for inter-organizational business processes [16]. These inherent properties make blockchain technology a good fit for use cases where data integrity is of crucial importance, e.g. ...
    ... In the context of blockchains, an oracle is a component that can transfer data between the outside world and the blockchain. However, the implementation of oracles provides considerable conceptual challenges as they can be regarded as a centralized point of failure or may introduce security and trust concerns [16]. Consequently, much of the research regarding oracles focuses on how to address these security and trust concerns, e.g., by using multiple independent oracle instances to form a decentralized oracle [25], extending trust properties to off-chain computation [10], or strengthening trust in incoming data [13]. ...
    Conference Paper
    Full-text available
    Blockchain has evolved into a platform for decentralized applications, with beneficial properties like high integrity, transparency, and resilience against censorship and tampering. However, blockchains are closed-world systems which do not have access to external state. To overcome this limitation, oracles have been introduced in various forms and for different purposes. However so far common oracle best practices have not been dissected, classified, and studied in their fundamental aspects. In this paper, we address this gap by studying foundational blockchain oracle patterns in two foundational dimensions characterising the oracles: (i) the data flow direction, i.e., inbound and outbound data flow, from the viewpoint of the blockchain; and (ii) the initiator of the data flow, i.e., whether it is push or pull-based communication. We provide a structured description of the four patterns in detail, and discuss an implementation of these patterns based on use cases. On this basis we conduct a quantitative analysis, which results in the insight that the four different patterns are characterized by distinct performance and costs profiles.
  • ... Its immutability and non-repudiation properties make blockchain a widely applicable technology to securely manage data, logic, and digital assets among mutually distrustful entities [18]. Business Process Management (BPM) is no exception, and blockchain technology has proven to be a major force in the domain [13]. Blockchains have been shown to be advantageous in executing [11,14,16], monitoring [4], and mining [1] business processes. ...
    ... For blockchains to be useful in practice, they need to be a core component of an organization's Business Process Management System (BPMS) on a conceptual as well as a technological level [13], breaking up the monolithic and centralized architecture of traditional BPMSs [3,Ch. 9.1.2]. ...
    Chapter
    Full-text available
    An increasing number of organizations employ blockchain technology in their business process landscapes, especially when dealing with inter-organizational choreographies. Due to complex requirements with regard to data security and privacy in practice, however, no singular blockchain captures all use cases. Blockchains optimized for various levels of risk tolerance and confidentiality coexist in multi-chain environments, posing severe architectural challenges for blockchain-based Business Process Management Systems (BPMSs). Current state-of-the-art approaches lack the global perspective necessary, and focus on single-blockchain environments. In this paper, we alleviate these issues by developing a general architecture for multi-chain BPMSs for choreographies. We show the feasibility of our architecture by a prototypical implementation, and discuss future challenges using a concrete case study.
  • ... Especially monitoring data hosted at third-party entities poses challenges, which has been particularly evident in recent moves towards blockchain-based process execution [10,14]. Here, process specifications containing data descriptors and conditions are transformed into one or more smart contracts encoding the process logic. ...
    ... Blockchain-based process execution is a promising topic in BPM research [10]. Many implementation aspects are being worked on, and some virtually production-ready process engines have emerged. ...
    Conference Paper
    Full-text available
    In blockchain-based process execution, operational aspects of business processes are encoded in smart contracts on blockchains, enabling powerful auditing and compliance capabilities due to the platforms' trust and integrity guarantees. However, smart contracts are subject to the blockchain's conceptual limitations, which particularly restrict the real-time integration of external data. This potentially leads to non-compliant runtime behavior of process instances when data updates are missed and conditional constraints are wrongly evaluated. In this paper, we analyze the semantics of established external data interaction patterns in business processes with regards to their support on blockchain platforms. We extend and propose various oracle-based implementation strategies to alleviate conceptual issues independent of the concrete blockchain used, and discuss their properties and merits.
  • ... Its immutability and non-repudiation properties make blockchain a widely applicable technology to securely manage data, logic, and digital assets among mutually distrustful entities [18]. Business Process Management (BPM) is no exception, and blockchain technology has proven to be a major force in the domain [13]. Blockchains have been shown to be advantageous in executing [11,14,16], monitoring [4], and mining [1] business processes. ...
    ... For blockchains to be useful in practice, they need to be a core component of an organization's Business Process Management System (BPMS) on a conceptual as well as a technological level [13], breaking up the monolithic and centralized architecture of traditional BPMSs [3,Ch. 9.1.2]. ...
    Conference Paper
    Full-text available
    An increasing number of organizations employ blockchain technology in their business process landscapes, especially when dealing with inter-organizational choreographies. Due to complex requirements with regard to data security and privacy in practice, however, no singular blockchain captures all use cases. Blockchains optimized for various levels of risk tolerance and confidentiality coexist in multi-chain environments, posing severe architectural challenges for blockchain-based Business Process Management Systems (BPMSs). Current state-of-the-art approaches lack the global perspective necessary, and focus on single-blockchain environments. In this paper, we alleviate these issues by developing a general architecture for multi-chain BPMSs for choreographies. We show the feasibility of our architecture by a prototypical implementation, and discuss future challenges using a concrete case study.
  • ... The challenges are mainly associated with the social, technical, adoption and regulatory areas [32]. Adoption of new technology as such is a challenge as it depends on different factors such as acceptance by the employees, proper knowledge of the technology, proper analysis as for what specific purpose the technology has to be used and many such things [25]. Reluctance of the employees to adopt new technologies has always been a concern for the management when thinking of adopting modern technologies [10]. ...
  • Chapter
    We study blockchain-based integrity-protected smart contracts as an implementation mechanism for municipal government processes. To this end, we attempted a prototype implementation of such a process in collaboration with a Danish Municipality. We find that such an implementation is possible, despite the obvious confidentiality requirements, and that it does provide benefits: integrity guarantees, verifiability, direct collaboration and payments between the parties. These benefits come at the cost of latency, pr. transactions charges, immutability of errors, and a very concerning single point of failure the municipal government: losing blockchain private keys means losing control over municipal government casework, with no recourse. Our municipal government partner felt that altogether no immediately pressing problem was solved by the implementation, and that the latter risk clearly outweighed any benefits. We note that smart contract implementations of government processes needs to be immutable and outside of the government’s control when running; however, they also need to be updatable when laws change, and provide an “out” for the rare case when errors in the contract implementation result in unlawful behaviour. We propose these conflicting requirements as a foundational research challenge for blockchain to be applicable to governmental processes.
  • Article
    The construction industry has long faced the challenge of introducing collaborative systems among multiple stakeholders. This challenge creates a high level of rigidity in terms of processing shared information related to different processes, robust holistic regulations, payment actualizations, and resource utilization across different nodes. The need for a digital platform to cross-connect all stakeholders is necessary. A blockchain-based platform is a prime candidate to improve the industry in general and the construction supply chain (CSC) in particular. In this paper, a literature review is presented to establish the main challenges that CSC faces in terms of its effects on productivity and efficiency. In addition, the effect of applying blockchain platforms on a case study is presented and analyzed from performance and security level. The analysis aims to emphasize that blockchain, as presented in this paper, is a viable solution to the challenges in the CSC regardless of the risks associated with the security and robustness of the flow of information and data protection. Moreover, a threat analysis of applying a blockchain model on the CSC industry is introduced. This model indicates potential attacks and possible countermeasures to prevent the attacks. Future work is needed to expand, quantify, and optimize the threat model and conduct simulations considering proposed countermeasures for the different blockchain attacks outlined in this study.
  • Conference Paper
    This demonstration introduces Caterpillar, an open-source Business Process Management System (BPMS) that runs on top of the Ethereum blockchain. Like any BPMS, Caterpillar supports the creation of instances of a process model (captured in the Business Process Model and Notation – BPMN) and allows users to track the state of process instances and to execute tasks thereof. The specificity of Caterpillar is that the state of each process instance is maintained on the Ethereum blockchain, and the workflow routing is performed by smart contracts generated by a BPMN-to-Solidity compiler. The compiler supports a wide array of BPMN constructs, including user, script and service tasks, parallel and exclusive gateways, subprocesses, multi-instance activities and event handlers. The target audience of this demonstration includes researchers in the area of business process management and blockchain technology.
  • Article
    Purpose The paper investigates differences in the success of business process management (BPM) initiatives and their connection with organizational culture. The purpose of this paper is to identify propositions on characteristics of BPM initiative that are favorable for its success according to dominant organizational culture. Therefore, the authors’ aim was to identify connections of organizational commitment to BPM and dimensions of business process orientation (BPO) with dominant organizational culture. Design/methodology/approach As a research design, the authors used a questionnaire to collect data on the BPM adoption practices of organizations in Austria, Croatia and Slovenia with more than 50 employees. BPM adoption was measured with BPO and organizational culture with Competing Values Framework (CVF). Non-parametric tests have been applied for the analysis. On this survey data, the authors conducted statistical tests to identify those factors that discriminate successful from unsuccessful BPM initiatives. Findings The study revealed empirical insights about characteristics of successful BPM initiatives in different organizational cultures. There are several statistically significant differences with respect to the success of BPM adoption. The chance of success appears to be higher: when the BPM initiative is rolled out in the entire organization if the organization has Clan, Market or Hierarchy culture; when the BPM is run on a continuous basis in Hierarchy culture and repeatedly in Adhocracy culture; when a top-down approach is used in organizations with Market or Hierarchy dominant culture; when the BPM initiative has a strategic role and formal responsibilities are defined in Clan and Hierarchy cultures. Originality/value The authors’ empirical findings provide the basis for the formulation of detailed propositions on the interaction of various factors and their impact on BPM adoption in connection to organizational culture. In this way, the authors’ contribution is situated in the inductive research cycle and informs theory building for BPM adoption.
  • Article
    Business Process Management (BPM) is the art and science of how work should be performed in an organization in order to ensure consistent outputs and to take advantage of improvement opportunities, e.g. reducing costs, execution times or error rates. Importantly, BPM is not about improving the way individual activities are performed, but rather about managing entire chains of events, activities and decisions that ultimately produce added value for an organization and its customers. This textbook encompasses the entire BPM lifecycle, from process identification to process monitoring, covering along the way process modelling, analysis, redesign and automation. Concepts, methods and tools from business management, computer science and industrial engineering are blended into one comprehensive and inter-disciplinary approach. The presentation is illustrated using the BPMN industry standard defined by the Object Management Group and widely endorsed by practitioners and vendors worldwide. In addition to explaining the relevant conceptual background, the book provides dozens of examples, more than 100 hands-on exercises – many with solutions – as well as numerous suggestions for further reading. The textbook is the result of many years of combined teaching experience of the authors, both at the undergraduate and graduate levels as well as in the context of professional training. Students and professionals from both business management and computer science will benefit from the step-by-step style of the textbook and its focus on fundamental concepts and proven methods. Lecturers will appreciate the class-tested format and the additional teaching material available on the accompanying website fundamentals-of-bpm.org.
  • Technical Report
    Full-text available
    Blockchain technologies originally emerged to support new forms of digital currency, but now hold promise as a new foundation for transactions in society. A blockchain is both a database recording transactions between parties, and also a computational platform to execute small programs (called ‘smart contracts’) as transactions. A blockchain is a distributed database, replicated across many locations and operated jointly by a collective. Blockchains transactions can support services for payments, escrow, notarisation, voting, registration, and process coordination. These are key in the operation of government and industry. Conventionally, these services are provided by speci c trusted third-parties such as banks, legal rms, accountancy rms, government agencies, and service providers in speci c industries. With a blockchain-based system, rather than relying on third-party organisations, we could instead choose to rely on the blockchain software and on a majority of the collective that jointly operates the blockchain system. The report describes some of the technical risks and opportunities in the application of blockchain technologies within government and industry, and how to assess whether blockchain-based systems will meet critical requirements. The project explores this primarily through the description and analysis of high-level design alternatives for illustrative ‘use cases’. Three use cases have been selected after a number of initial workshops and preliminary research: remittance payments, open data registries, and agricultural supply chain. These provide reasonable coverage of various kinds of requirements and regulatory concerns, against which we can evaluate design alternatives, and in turn learn more general lessons about blockchain technologies. In addition to this design-based analysis, we also report on some empirical results from testing prototype implementations. Compared to conventional centralised databases and computational platforms (on-premises or cloud), blockchains can reduce some counter-party and operational risks by providing neutral ground between organisations. Blockchain technologies may provide advantages for integrity and non-repudiation. However, they also currently have limitations for con dentiality, privacy, and scalability. For latency and availability, reading is improved but writing is worsened. Blockchains are also subject to a di erent cost model. Digital currency transfer and long-term storage of transactional data may be less expensive. However, program execution and storage of big data may be more expensive. Public blockchains provide very low barriers to entry for new participants, which can facilitate competition, innovation, and productivity. However, they do not mandate authentication of those participants, which creates challenges for regulation of money laundering, terrorism nancing, and tax avoidance. Private blockchains can impose more controls on authentication and access, which can partly address those regulatory concerns. Still, for competitors within an industry consortium, private blockchains may not be private enough to provide normal levels of commercial con dentiality for business operations, competitive position, and customer relationships. When assessing business risk, regulatory acceptance, and assurance arguments for a blockchain-based system, we need to consider not just the blockchain, but also all of the other components that are integrated in the design of the whole system. Other components will provide user interfaces, cryptographic key management, and o -chain databases, communications, and processing. Judicious use of these other components may mitigate blockchain’s risks while still leveraging blockchain’s opportunities. Finally, blockchains are still a rapidly evolving technology, with ongoing developments especially to improve scalability and con dentiality. Globally, governments, enterprises, and startups are exploring the technology/ market t in a wide variety of use cases and for a wide variety of requirements and regulatory demands. There is still much that is unknown about the development of trustworthy blockchain-based systems. Further research is required to improve our knowledge about how to create blockchain-based systems that work, and how to create evidence that blockchain-based systems will work as required.
  • Chapter
    This article presents an overview of the unified theory of acceptance and use of technology. I trace its origins, which relates back to the technology acceptance model, and discuss related models. I share some of my experiences, as an author, editor, and reviewer, to identify some common problems in current research investigations in this area. Drawing on these lessons, I make suggestions for future research on this topic.
  • Article
    Full-text available
    The usage of process choreographies and decentralized Business Process Management Systems has been named as an alternative to centralized business process orchestration. In choreographies, control over a process instance is shared between independent parties, and no party has full control or knowledge during process runtime. Nevertheless, it is necessary to monitor and verify process instances during runtime for purposes of documentation, accounting, or compensation. To achieve business process runtime verification, this work explores the suitability of the Bitcoin blockchain to create a novel solution for choreographies. The resulting approach is realized in a fully-functional software prototype. This software solution is evaluated in a qualitative comparison. Findings show that our blockchain-based approach enables a seamless execution monitoring and verification of choreographies, while at the same time preserving anonymity and independence of the process participants. Furthermore, the prototype is evaluated in a performance analysis
  • Conference Paper
    Full-text available
    A registry is a list of information recorded by a trusted authority. Registries have security requirements for data integrity and availability , and for the ability to connect with other registries. Building registries on a blockchain leverages key properties of blockchains, including data integrity, immutability, and availability. By using a blockchain as uniform infrastructure, different registries can also more easily interact with each other. In this paper, we present a browser-based tool for the model-driven generation and deployment of registries as smart contracts on blockchain. The tool also generates web-based RESTful APIs and user interfaces to interact with the generated registries. We evaluate the feasibility and transaction costs for this approach using metadata from data.gov.au, stored on a decentralised derivative of CKAN (a web-based open-source data registration system) built on the Ethereum blockchain 3 .
  • Most blockchain systems are forkable in that they require participants to agree on a chain out of multiple possible branches of blocks. In this paper, we identify a new form of attack, called the Balance attack, against these forkable blockchain systems. The novelty of this attack consists of delaying network communications between multiple subgroups of nodes with balanced mining power. Our theoretical analysis captures the tradeoff between the network delay and the mining power of the attacker needed to double-spend in the GHOST protocol with high probability. We quantify our analysis in the settings of the Ethereum testnet of the R3 consortium where we show that a single machine needs to delay messages for 20 minutes to double spend while a coalition with a third of the mining power would simply need 4 minutes to double spend with 94% of success. We experiment the attack in our private Ethereum chain before arguing for a non-forkable blockchain design to protect against Balance attacks.