Society has to shape technology
Dipl.-Ing. Helmut Leopold, PhD
AIT Austrian Institute of Technology
Head of Center for Digital Safety & Security
Giefinggasse 2, A-1210 Vienna
Vienna, June 15th, 2018
Basics – a blockchain implements “trust”
A blockchain is a general concept that comprises multiple technical functions. The
basic principle behind it is that data is not stored centrally, but is distributed to all par-
ticipants in a fully meshed peer-to-peer network. This creates a distributed ledger in
which all data and all transactions can be viewed at all times by all participants in a
blockchain in the same way. This enables each user to check the validity of his or her
data and the transactions that have been completed. This method uses specific func-
tions created to ensure that data and transactions cannot be modified. No one per-
son using the blockchain can alter the data or transactions without the other users
noticing. The technology thus inherently implements by technical means a level of
“trust” between the users of a blockchain.
Instead of storing the results of transactions, each individual transaction is preserved
in its entirety; i.e. calculating the balance of an account for a virtual currency like
Bitcoin, requires that the complete history of all Bitcoin transactions can be viewed in
Technical concepts underlying blockchains
The most basic structure of a blockchain is the block.
The block is a container for data values and transac-
tions and these blocks are connected to one another by
links forming a chain, i.e. one link to the previous block
and one link to the next block. This creates what is
known as a blockchain. (The very first block is called the
A block usually contains multiple transactions; e.g. in Bitcoin, which is a blockchain
application, a block is generated every 10 minutes. This process is also called “min-
ing” – this mechanism will be discussed in more detail below.
Presentation at the OSCE Conference, OSCE Asian contact group - Economic Connectivity – Fi-
nancial Technology Innovations: challenges to cyber security and opportunities for securing
SDGs, Hofburg, Vienna, June 15th, 2018.
Transaction chains – smart contracts
In addition to the blockchain there are also so-called trans-
action chains. There are three elements to each transaction:
• input rules,
• output rules, and
• signatures (by asymmetric encryption - see below
for more details)
In the example of a bitcoin application, as shown in the figure, we
have a 3 euro and a 2 euro transaction from two different sources
listed as inputs and a 4 euro and a 1 euro transaction listed as output rules.
These types of rules can be defined by software. In this way, so-called “smart con-
tracts” are realised; i.e. technical means ensure that specific transactions are per-
formed in absolutely the same way for all participants. This also ensures the implied
fairness between the participants in the blockchain.
Based upon the block structure described above, three essential functions determine
the blockchain technology:
• A hash function for each block: A hash value is generated in each block for
all information contained in a block. This protects the information in a block
from being changed. It is basically a computed “finger print” of each block. It
ensures the immutability of a data block. This hash value also includes the
links to the previous and following blocks. As a result, the blockchains cannot
be retroactively altered.
• An asymmetric encryption (public-private key concept) to ensure the authen-
ticity of a user in the blockchain. This means that each user generates his or
her own highly individual private key from a public key. This key clearly identi-
fies a user and is thus the basic tool for carrying out a transaction. If the key is
lost, there no longer any possibility of accessing one’s own data in the block-
• A consensus protocol to achieve a permanent consensus between all users
of a blockchain as to the correct state of the data (a so-called peer-to-peer
protocol). This protocol is the implementation of the solution to the “Byzantine
General” problem. Examples of such solutions are: Proof of work (virtual cur-
rency Bitcoin), Proof of Stake (virtual currency Etherium), Proof of Elapsed
Time (PoET) (Hyperledger), or Federated Byzantine Agreement (FBA) (Stel-
It is important to distinguish between the two kinds of peer-to-peer protocols
o open networks for an unknown and unlimited number of blockchain
users; e.g. Bitcoin is an open network; i.e. anyone can participate; and
o closed networks (private networks). Private networks only include
known actors who have been invited to participate in a blockchain.
Consensus mechanism for open networks are usually far more complex than
for closed network applications.
Implementing a blockchain
There are a wide range of software solutions (including open source) and service
platforms on the market for the functions described above. As a consequence, a
wide range of diverse applications can be implemented very easily, and quickly.
The technological method for exchanging data in a fully meshed network, between all
blockchain participants, now ensures a technically inherent immutability of the data
and transactions that have been executed.
As a result, a variety of applications can be realised without the existence of a cen-
tralised function for verifying processes and transactions. The most well-known is the
one used for virtual currencies which rely on open blockchain networks. These re-
quire a more sophisticated consensus mechanism (this will be described in greater
However, the technology is also being discussed for use in many other areas, such
as supply chain quality management. For more information on this, see the study
carried out by the AIT Austrian Institute of Technology (1). For such applications
closed blockchain networks are being used which allow the use of much simpler
Virtual currencies and blockchains
“Bitcoin” is a specific application, which is based on a blockchain to realise a global
virtual currency. Bitcoin is an open source project. Special features of the blockchain
application Bitcoin are:
• The maximum number of Bitcoins is limited to 21 million. This is determined
by the technology.
• The entire blockchain of the Bitcoin application currently has a size of approx.
70 GB. These 70 GB are stored on every user’s computer and are constantly
Virtual currencies rely on additional functions of an eco system:
• Digital currency exchanges to change virtual currencies with real currencies
• Service providers to administer digital currencies for end consumers (wallet
• Miners to generate data blocks and verify transactions by consensus proto-
cols (see below for more details)
• Blockchain users, who are identified by their private key. In this context, it is
important to note that a user is not identified by his real name in the block-
• Software developers in an open-source community to develop the technology
The execution of a new transaction is always stored in a block; i.e. multiple transac-
tions are collected to be stored in a block. The blockchain application Bitcoin calcu-
lates a block every 10 minutes. This calculation of a block is known as “mining” (for
Thus, there is no compliance with the Know Your Customer (KYC) principle as is common prac-
tice in real-world banking.
the Bitcoin application the “proof of work principle” is used for the consensus proto-
Mining thus describes the processes of storing executed transactions, calculating the
validated hash value
, which saves the executed transactions so that they cannot be
manipulated, and the generation of the consensus protocol with all participants in the
blockchain. In exchange for carrying out this calculation and generating a block the
user receives a reward; e.g. in the case of Bitcoin a certain portion of Bitcoins.
Bitcoins and energy consumption
In the case of the Bitcoin application, the mining computation requires considerable
processing power and hence very high energy consumption. The specific consensus
mechanism used by the Bitcoin application follows the principle whereby the block
that is calculated fastest is the one that is used for the blockchain. Consequently, a
competition among the miners takes place. This can be achieved by investing in
more computing power, i.e. hardware, which in turn leads to greater energy con-
sumption. If the energy costs are lower than the value received for the computation it
creates a business model for miners.
It should be noted that different consensus protocols are used for different blockchain
applications. For closed blockchain applications far less energy-intensive systems
are in use.
However, seeing in the case of Bitcoin that the energy consumption is quite consid-
erable, it is very difficult to do this in an economically feasible way taking into account
actual energy prices. Thus, only very few organisations are able to operate such a
service for Bitcoin; e.g. if some have specific access to dedicated power plants. Min-
ing activities in the Bitcoin system mainly take place nowadays in China. At present,
more than 50% of all blocks are generated by just 4-5 miners
Global energy consumption for the Bitcoin currency in the first quarter of 2018 was
approx. 72 TWh. This is equivalent to the entire annual energy consumption of a
country like Chile or Austria.
In this context, it should be noted that only a very small number of transactions
worldwide are carried out using virtual currencies. E.g. Bitcoins have currently less
than 1% of all VISA transactions.
Virtual currencies and crime
Money laundering, drugs and arms
According to a Europol study, virtual currencies are a preferred financial method for
organised crime. According to this study 40% of all criminal-to-criminal transactions
are carried out using virtual currencies. In addition, certain cyber-crime methods, e.g.
the widespread ransomware attacks, have only become possible through virtual cur-
AIT Austrian Institute of Technology has achieved a leading international role in the
field of forensics in virtual currencies, heading multiple national and international pro-
The hash value is calculated for each block by simply trying out an arbitrary number (nonce).
This process requires a great deal of computing power and is referred to as “mining”. The num-
ber of zeros in front of the hash value shows how much computing power was invested in gener-
ating a suitable nonce.
This jeopardize the principle of immutability. If more than 50% of the mining process is con-
trolled, the consensus protocol can be influenced.
jects including: Bitcrime, Virtcrime, Graphsense and Titanium (see the list of refer-
ence projects below). AIT is now able to offer high performance analytical tools to
support law enforcement agencies for the detection of criminal activities and assist in
the prosecution of crimes in the area of virtual currencies.
Cyber-attacks on virtual currency systems
Although virtual currencies are basically protected from alterations and manipulations
through the blockchain technology, they nevertheless remain vulnerable to conven-
tional cyber-attacks. Cyber-attacks on digital currency exchanges, digital wallets, and
user PCs take place irrespective of the blockchain technology being used.
Manipulations in the blockchain
The consensus mechanisms follow differing strategies to prevent illicit manipulation.
The “random” choice of a miner to verify the transactions is a key fundamental prin-
ciple here. However, if more than 50% of the miners collude with one another it is
possible for them to manipulate the blockchain, thus imposing a significant threat.
Blockchain technologies entail a degree of complexity that must be reckoned with.
The real added value in using blockchain technology only exists if a central control
function is replaced by a distributed network of stakeholder. The most prevalent ap-
plication of blockchain technologies today are in the area of virtual currencies. The
replacement of bank functions is one of the most important motivations for the suc-
cess of virtual currencies.
It should be noted that the valuation appreciation of virtual currencies involves a
great deal of speculative gain effects. Furthermore, the business models of mining
must be weighed against both the high value of current Bitcoin prices and the espe-
cially high energy requirements of the technology. The enormous quantity of energy
wasted is generally not taken into consideration, but inspires new business ideas of
many start-ups. These energy consumption-driven business models of the virtual
currency bitcoin cannot really be considered as sustainable business models.
At this time, many aspects of new virtual currencies are not being sufficiently consid-
ered and discussed. In many areas there is a great deal of incomprehension and the
different effects of the technology are currently being accepted without reflection. The
application of blockchain technologies in general, but above all the disruptive effects
of virtual currencies, requires a comprehensive discourse in our society.
(1) Application of Blockchain technologies for commerce and supply chains, AIT
(2) A book about Blockchain and different applications:
(4) Europol 2015 Internet Organized Crime Threat Assessment Report, 2015
• EU H2020 Project TITANIUM Tools for the Investigation of
Transactions in Underground Markets, https://www.titanium-
• KIRAS Project VIRTCRIME tracing criminal transactions in
projekte/detail/d/virtcrime/ (funded by the Austrian security research pro-
• KIRAS Project BITCRIME, http://kiras.at/gefoerderte-
projekte/detail/d/bitcrime/ (funded by the Austrian security
research programme KIRAS)
• Graphsense, http://graphsense.info/ (funded by the Austri-
an ICT for the future research programme)
• Data Market Austria, https://datamarket.at/en, Austrian lighthouse project of
BMVIT (The Data Market Austria Project is creating a Data-Services Ecosys
tem in Austria by advancing technology foundations for secure data markets
and cloud interoperability, and creating an environment encouraging data-
centred innovation) - funded by the Austrian BMVIT.