352 Int. J. Web and Grid Services, Vol. 14, No. 4, 2018
Blockchain challenges and opportunities: a survey
Zibin Zheng and Shaoan Xie
School of Data and Computer Science,
Sun Yat-sen University,
Guangzhou 510275, China
Faculty of Information Technology,
Macau University of Science and Technology,
Institute of Advanced Technology,
National Engineering Research Center of Digital Life,
Sun Yat-sen University,
Guangzhou 510275, China
National Laboratory for Parallel and Distributed Processing,
National University of Defense Technology,
Changsha 410073, China
Abstract: Blockchain has numerous beneﬁts such as decentralisation,
persistency, anonymity and auditability. There is a wide spectrum of blockchain
applications ranging from cryptocurrency, ﬁnancial services, risk management,
internet of things (IoT) to public and social services. Although a number
of studies focus on using the blockchain technology in various application
aspects, there is no comprehensive survey on the blockchain technology in
both technological and application perspectives. To ﬁll this gap, we conduct a
comprehensive surveyon the blockchain technology. In particular, this paper gives
the blockchain taxonomy, introduces typical blockchain consensus algorithms,
reviews blockchain applications and discusses technical challenges as well as
recent advances in tackling the challenges. Moreover, this paper also points out
the future directions in the blockchain technology.
Copyright © 2018 Inderscience Enterprises Ltd.
Blockchain challenges and opportunities: a survey 353
Keywords: blockchain; consensus algorithms; cryptocurrency; IoT; internet of
things; smart contract.
Reference to this paper should be made as follows: Zheng, Z., Xie, S.,
Dai, H-N., Chen, X. and Wang, H. (2018) ‘Blockchain challenges and
opportunities: a survey’, Int. J. Web and Grid Services, Vol. 14, No. 4, pp.352–375.
Biographical notes: Zibin Zheng is an Associate Professor at Sun Yat-sen
University, Guangzhou, China. He received PhD from the Chinese University of
Hong Kong in 2011. He received ACM SIGSOFT Distinguished Paper Award
at ICSE’10, Best Student Paper Award at ICWS’10, and IBM PhD Fellowship
Award. His research interests include blockchain, services computing, software
engineering, and data mining.
Shaoan Xie is a graduate student at Sun Yat-Sen University, China. He received
his Bachelor degree in Computer Science at Sun yat-sen University in 2016. His
current research interests include blockchain and data mining.
Hong-Ning Dai is an Associate Professor in Faculty of Information Technology
at Macau University of Science and Technology. He obtained his PhD in
Computer Science and Engineering from the Department of Computer Science
and Engineering at the Chinese University of Hong Kong in 2008. His research
interests include wireless networks, mobile computing, and distributed systems.
Xiangping Chen is a Research Associate at Sun Yat-sen University, Guangzhou,
China. She received her PhD from Peking University in 2010. Her research
interests include data-driven software engineering, program comprehension, and
Huaimin Wang received his PhD in Computer Science from the National
University of Defense Technology (NUDT) in 1992. He has been awarded
the Chang Jiang Scholars Professor by Ministry of Education of China, and
the National Science Fund for Distinguished Young Scholars, and so on. He
has published more than 100 research papers in international conferences and
journals. His current research interests include middleware, software agent,
This paper is a revised and expanded version of a paper entitled ‘An overview of
blockchain technology: architecture, consensus, and future trends’ presented at
2017 International Congress on Big Data, Honolulu, USA, 25–30 June, 2017.
Recently, cryptocurrency has attracted extensive attentions from both industry and
academia. Bitcoin that is often called the ﬁrst cryptocurrency has enjoyed a huge
success with the capital market reaching 10 billion dollars in 2016 (coindesk, 2016).
The blockchain is the core mechanism for the Bitcoin. Blockchain was ﬁrst proposed
354 Z. Zheng et al.
in 2008 and implemented in 2009 (Nakamoto, 2008). Blockchain could be regarded as
a public ledger, in which all committed transactions are stored in a chain of blocks.
This chain continuously grows when new blocks are appended to it. The blockchain
technology has the key characteristics, such as decentralisation, persistency, anonymity
and auditability. Blockchain can work in a decentralised environment, which is enabled by
integrating several core technologies such as cryptographic hash, digital signature (based
on asymmetric cryptography) and distributed consensus mechanism. With blockchain
technology, a transaction can take place in a decentralised fashion. As a result, blockchain
can greatly save the cost and improve the efﬁciency.
Although Bitcoin is the most famous application blockchain application, blockchain can
be applied into diverse applications far beyond cryptocurrencies. Since it allows payments
to be ﬁnished without any bank or any intermediary, blockchain can be used in various
ﬁnancial services such as digital assets, remittance and online payment (Peters et al., 2015;
Foroglou and Tsilidou, 2015). Additionally, blockchain technology is becoming one of the
most promising technologies for the next generation of internet interaction systems, such
as smart contracts (Kosba et al., 2016), public services (Akins et al., 2013), internet of
things (IoT) (Zhang and Wen, 2015), reputation systems (Sharples and Domingue, 2015)
and security services (Noyes, 2016a).
Despite the fact that the blockchain technology has great potential for the construction of
the future internet systems, it is facing a number of technical challenges. Firstly, scalability
is a huge concern. Bitcoin block size is limited to 1 MB now and a block is mined about every
10 min. Subsequently, the Bitcoin network is restricted to a rate of 7 transactions per second,
which is incapable of dealing with high-frequency trading. However, larger blocks mean
larger storage space and slower propagation in the network. This will lead to centralisation
gradually as users would like to maintain such a large blockchain. Therefore the tradeoff
between block size and security has become a challenge. Secondly, it has been proved
that miners can achieve larger revenue than their fair share through selﬁsh mining strategy
(Eyal and Sirer, 2014). Miners hide their mined blocks for more revenue in the future. In
that way, branches can take place frequently; this hinders blockchain development. Hence
some solutions need to be put forward to ﬁx this problem. Moreover, it has been shown
that privacy leakage can also happen in blockchain even when users only make transactions
with their public key and private key (Biryukov et al., 2014). User’s real IP address could
even be tracked. Furthermore, current consensus algorithms like proof of work (PoW) or
proof of stake (PoS) are facing some serious problems. For example, PoW wastes too much
electricity energy while the phenomenon that the rich get richer could appear in the PoS
consensus process. These challenges need to be addressed in the blockchain technology
There is a substantial body of literature on blockchain from various sources, such as
blogs, wikis, forum posts, codes, conference proceedings and journal papers. Tschorsch
and Scheuermann (2016) made a technical survey about decentralised digital currencies
including Bitcoin. Compared with (Tschorsch and Scheuermann, 2016), our paper focuses
on blockchain technology instead of digital currencies. Nomura Research Institute made
Blockchain challenges and opportunities: a survey 355
a technical report about blockchain (NRI, 2015). In contrast to (NRI, 2015), our paper
focuses on state-of-art blockchain studies including recent advances and future trends.
This paper is an extended version of the work published in Zheng et al. (2017) with the
substantial extensions on blockchain technical details, consensus algorithms, applications
of blockchains, research challenges and future directions.
The rest of this paper is organised as follows. Section 2 introduces blockchain
architecture. Section 3 shows typical consensus algorithms used in the blockchain. Section 4
introduces several typical blockchain applications. Section 5 summarises the technical
challenges and the recent advances in this area. Section 6 discusses some possible future
directions and Section 7 concludes the paper.
2 Blockchain architecture
The blockchain is a sequence of blocks, which holds a complete list of transaction records
like conventional public ledger (Lee Kuo Chuen, 2015). Figure 1 illustrates an example of
a blockchain. Each block points to the immediately previous block via a reference that is
essentially a hash value of the previous block called parent block. It is worth noting that
uncle blocks (children of the block’s ancestors) hashes would also be stored in ethereum
blockchain (Buterin, 2014). The ﬁrst block of a blockchain is called genesis block which
has no parent block. We then introduce the block structure in Section 2.1, a digital signature
mechanism in Section 2.2. We also summarise blockchain key characteristics in Section 2.3.
Blockchain taxonomy is showed in Section 2.4.
Figure 1 An example of blockchain which consists of a continuous sequence of blocks (see online
version for colours)
A block consists of the block header and the block body as shown in Figure 2. In particular,
the block header includes:
•Block version: indicates which set of block validation rules to follow.
•Parent block hash: a 256-bit hash value that points to the previous block.
•Merkle tree root hash: the hash value of all the transactions in the block.
•Timestamp: current timestamp as seconds since 1970-01-01T00:00 UTC.
•nBits: current hashing target in a compact format.
•Nonce: a 4-byte ﬁeld, which usually starts with 0 and increases for every hash
calculation (will be explained in details in Section 3).
356 Z. Zheng et al.
The block body is composed of a transaction counter and transactions. The maximum
number of transactions that a block can contain depends on the block size and the size
of each transaction. Blockchain uses an asymmetric cryptography mechanism to validate
the authentication of transactions (NRI, 2015). A digital signature based on asymmetric
cryptography is used in an untrustworthy environment. We next brieﬂy illustrate digital
Figure 2 Block structure (see online version for colours)
2.2 Digital signature
Each user owns a pair of private key and public key. The private key is used to sign the
transactions. The digital signed transactions are spread throughout the whole network and
then are accessed by public keys, which are visible to everyone in the network. Figure 3
shows an example of digital signature used in blockchain. The typical digital signature is
involved with two phases: the signing phase and the veriﬁcation phase. Take Figure 3 as
an example again. When a user Alice wants to sign a transaction, she ﬁrst generates a hash
value derived from the transaction. She then encrypts this hash value by using her private
key and sends to another user Bob the encrypted hash with the original data. Bob veriﬁes the
received transaction through the comparison between the decrypted hash (by using Alice’s
public key) and the hash value derived from the received data by the same hash function as
Alice’s. The typical digital signature algorithms used in blockchains include elliptic curve
digital signature algorithm (ECDSA) (Johnson et al., 2001).
Figure 3 Digital signature used in blockchain (see online version for colours)
Blockchain challenges and opportunities: a survey 357
2.3 Key characteristics of blockchain
In summary, blockchain has following key characteristics.
•Decentralisation. In conventional centralised transaction systems, each transaction
needs to be validated through the central trusted agency (e.g., the central bank)
inevitably resulting the cost and the performance bottlenecks at the central servers.
Differently, a transaction in the blockchain network can be conducted between any
two peers (P2P) without the authentication by the central agency. In this manner,
blockchain can signiﬁcantly reduce the server costs (including the development cost
and the operation cost) and mitigate the performance bottlenecks at the central server.
•Persistency. Since each of the transactions spreading across the network needs to be
conﬁrmed and recorded in blocks distributed in the whole network, it is nearly
impossible to tamper. Additionally, each broadcasted block would be validated by
other nodes and transactions would be checked. So any falsiﬁcation could be
•Anonymity. Each user can interact with the blockchain network with a generated
address. Further, a user could generate many addresses to avoid identity exposure.
There is no longer any central party keeping users’ private information. This
mechanism preserves a certain amount of privacy on the transactions included in the
blockchain. Note that blockchain cannot guarantee the perfect privacy preservation
due to the intrinsic constraint (details refer to Section 5).
•Auditability. Since each of the transactions on the blockchain is validated and
recorded with a timestamp, users can easily verify and trace the previous records
through accessing any node in the distributed network. In Bitcoin blockchain, each
transaction could be traced to previous transactions iteratively. It improves the
traceability and the transparency of the data stored in the blockchain.
2.4 Taxonomy of blockchain systems
Current blockchain systems can be roughly categorised into three types: public blockchain,
private blockchain and consortium blockchain (Buterin, 2015). We compare these three
types of blockchain from different perspectives. The comparison is listed in Table 1.
•Consensus determination. In public blockchain, each node could take part in the
consensus process. And only a selected set of nodes are responsible for validating the
block in consortium blockchain. As for private chain, it is fully controlled by one
organisation who could determine the ﬁnal consensus.
•Read permission. Transactions in a public blockchain are visible to the public while
the read permission depends on a private blockchain or a consortium blockchain. The
consortium or the organisation could decide whether the stored information is public
•Immutability. Since transactions are stored in different nodes in the distributed
network, so it is nearly impossible to tamper the public blockchain. However, if the
majority of the consortium or the dominant organisation wants to tamper the
blockchain, the consortium blockchain or private blockchain could be reversed or
358 Z. Zheng et al.
•Efﬁciency. It takes plenty of time to propagate transactions and blocks as there are a
large number of nodes on public blockchain network. Taking network safety into
consideration, restrictions on public blockchain would be much more strict. As a
result, transaction throughput is limited and the latency is high. With fewer
validators, consortium blockchain and private blockchain could be more efﬁcient.
•Centralised. The main difference among the three types of blockchains is that public
blockchain is decentralised, consortium blockchain is partially centralised and
private blockchain is fully centralised as it is controlled by a single group.
•Consensus process. Everyone in the world could join the consensus process of the
public blockchain. Different from public blockchain, both consortium blockchain
and private blockchain are permissioned. One node needs to be certiﬁcated to join the
consensus process in consortium or private blockchain.
Since public blockchain is open to the world, it can attract many users. Communities are also
very active. Many public blockchains emerge day by day. As for consortium blockchain, it
could be applied to many business applications. Currently, Hyperledger (hyperledger, 2015)
is developing business consortium blockchain frameworks. Ethereum also has provided
tools for building consortium blockchains (ethereum, n.d.). As for private blockchain, there
are still many companies implementing it for efﬁciency and auditability.
Table 1 Comparisons among public blockchain,consortium blockchain and private blockchain
Property Public blockchain Consortium blockchain Private blockchain
Consensus determination All miners Selected set of nodes One organisation
Read permission Public Could be public Could be public
or restricted or restricted
Immutability Nearly impossible Could be tampered Could be tampered
Efﬁciency Low High High
Centralised No Partial Yes
Consensus process Permissionless Permissioned Permissioned
3 Consensus algorithms
In blockchain, how to reach consensus among the untrustworthy nodes is a transformation
of the Byzantine Generals (BG) Problem (Lamport et al., 1982). In BG problem, a group
of generals who command a portion of Byzantine army circle the city. The attack would
fail if only part of the generals attack the city. Generals need to communicate to reach
an agreement on whether attack or not. However, there might be traitors in generals. The
traitor could send different decisions to different generals. This is a trustless environment.
How to reach a consensus in such an environment is a challenge. It is also a challenge for
blockchain as the blockchain network is distributed. In blockchain, there is no central node
that ensures ledgers on distributed nodes are all the same. Nodes need not trust other nodes.
Thus, some protocols are needed to ensure that ledgers in different nodes are consistent.
We next present several common approaches to reach consensus in the blockchain.
Blockchain challenges and opportunities: a survey 359
3.1 Approaches to consensus
Proof of work (PoW) is a consensus strategy used in Bitcoin network (Nakamoto, 2008).
POW requires a complicated computational process in the authentication. In POW, each
node of the network is calculating a hash value of the constantly changing block header.
The consensus requires that the calculated value must be equal to or smaller than a certain
given value. In the decentralised network, all participants have to calculate the hash value
continuously by using different nonces until the target is reached. When one node obtains
the relevant value, all other nodes must mutually conﬁrm the correctness of the value. After
that, transactions in the new block would be validated in case of frauds. Then, the collection
of transactions used for the calculations is approved to be the authenticated result, which
is denoted by a new block in the blockchain. The nodes that calculate the hashes are called
miners and the POW procedure is called mining. Since the calculation of the authentication
is a time-consuming process, an incentive mechanism (e.g., granting a small portion of
Bitcoins to the miner) is also proposed (Nakamoto, 2008).
In the decentralised network, valid blocks might be generated simultaneously when
multiple nodes ﬁnd the suitable nonce nearly at the same time. As a result, branches (or forks)
may be generated as shown in Figure 4. However, it is unlikely that two competing forks will
generate next block simultaneously. In POW protocol, a chain that becomes longer thereafter
is judged as the authentic one. Take Figure 4 as an example again. Consider two forks
created by simultaneously validated blocks B11 and G11. Miners work on both the forks
and add the newly generated block to one of them. When a new block (say B12) is added to
block B11, the miners working on fork G11-G12 will switch to B12. Block G12 in the fork
G11-G12 becomes an orphan block since it is no longer increased. Generally, after a certain
number of new blocks are appended to the blockchain, it is nearly impossible to reverse
the blockchain to tamper the transactions. In Bitcoin blockchain, when approximately six
blocks are generated, the relevant blockchain is considered to be the authentic one (e.g., the
chain of blocks B11, B12, B13, B14, B15 and B16 in Figure 4). Block interval depends on
different parameter setting. Bitcoin block is generated about every 10 min while Ethereum
block is generated about every 17 s.
Figure 4 An scenario of blockchain branches (the longer branch would be admitted as the main
chain while the shorter one would be deserted) (see online version for colours)
!" !#$ !## !#% !#& !#' !#( !#)
Miners have to do a lot of computer calculations in PoW, yet these works waste too much
resources. To mitigate the loss, some PoW protocols in which works could have some side-
applications have been designed. For example, Primecoin (King, 2013) searches for special
prime number chains which can be used for mathematical research. Instead of burning
electricity for mining the POW block, proof of burn (P4Titan, 2014) asks miners to send
360 Z. Zheng et al.
their coins to addresses where they cannot be redeemed. By burning coins, miners get
chances for mining blocks and they do not need powerful hardwares as POW.
Proof of stake (PoS) is an energy-saving alternative to POW. Instead of demanding users
to ﬁnd a nonce in an unlimited space, POS requires people to prove the ownership of the
amount of currency because it is believed that people with more currencies would be less
likely to attack the network. Since the selection based on account balance is quite unfair
because the single richest person is bound to be dominant in the network. As a result, many
solutions are proposed with the combination of the stake size to decide which one to forge
the next block. In particular, Blackcoin (Vasin, 2014) uses randomisation to predict the next
generator. It uses a formula that looks for the lowest hash value in combination with the
size of the stake. Peercoin (King and Nadal, 2012) favours coin age-based selection. In
Peercoin, older and larger sets of coins have a greater probability of mining the next block.
Compared with PoW, PoS saves more energy and is more effective. Unfortunately, as the
mining cost is nearly zero, attacks might come as a consequence. Many blockchains adopt
PoW at the beginning and transform to PoS gradually. For instance, Ethereum is planning
to move from Ethash (a kind of PoW) (Wood, 2014) to Casper (a kind of PoS) (Zamﬁr,
2015). To combine the beneﬁts of POW and POS, proof of activity (Bentov et al., 2014) is
proposed. In proof of activity, a mined block needs to be signed by N miners to be valid.
In that way, if some owner of 50% of all coins exists, he/she cannot control the creation of
new blocks on his/her own. Sometimes stake could be other things, for example, in proof of
capacity (burstcoin, 2014), miners have to allocate large hard drive space to mine the block.
Practical byzantine fault tolerance (PBFT) is a replication algorithm to tolerate byzantine
faults (Miguel and Barbara, 1999). Hyperledger Fabric (hyperledger, 2015) utilises the
PBFT as its consensus algorithm since PBFT could handle up to 1/3 malicious byzantine
replicas. A new block is determined in a round. In each round, a primary would be selected
according to some rules. And it is responsible for ordering the transaction. The whole process
could be divided into three phase: pre-prepared,prepared and commit. In each phase, a node
would enter next phase if it has received votes from over 2/3 of all nodes. So PBFT requires
that every node is known to the network. Like PBFT, Stellar consensus protocol (SCP)
(Mazieres, 2015) is also a Byzantine agreement protocol. There is no hashing procedure in
PBFT. In PBFT, each node has to query other nodes while SCP gives participants the right
to choose which set of other participants to believe. Based on PBFT, Antshares (antshares,
2016) has implemented their delegated byzantine fault tolerance (dBFT). In dBFT, some
professional nodes are voted to record the transactions instead of all nodes.
Delegated proof of stake (DPOS). Similar to POS, miners get their priority to generate
the blocks according to their stake. The major difference between POS and DPOS is that
POS is a direct democratic while DPOS is representative democratic. Stakeholders elect
their delegates to generate and validate a block. With signiﬁcantly fewer nodes to validate
the block, the block could be conﬁrmed quickly, making the transactions conﬁrmed quickly.
Meanwhile, the parameters of the network such as block size and block intervals could
be tuned. Additionally, users do not need to worry about the dishonest delegates because
the delegates could be voted out easily. DPOS has already been implemented, and is the
backbone of Bitshares (bitshares, n.d.).
Ripple (Schwartz et al., 2014) is a consensus algorithm that utilises collectively-trusted
subnetworks within the larger network. In the network, nodes are divided into two types: a
server for participating consensus process and client for only transferring funds. In contrast
to that PBFT nodes have to ask every node in the network, each Ripple server has a Unique
Node List (UNL) to query. UNL is important to the server. When determining whether to
Blockchain challenges and opportunities: a survey 361
put a transaction into the ledger, the server would query the nodes in UNL. If the received
agreements have reached 80%, the transaction would be packed into the ledger. For a node,
the ledger will remain correct as long as the percentage of faulty nodes in UNL is less than
Tendermint (Kwon, 2014) is a byzantine consensus algorithm. A new block is
determined in a round. A proposer would be selected to broadcast an unconﬁrmed block in
this round. So all nodes need to be known for proposer selection. It could be divided into
•Prevote step. Validators choose whether to broadcast a prevote for the proposed
•Precommit step. If the node has received more than 2/3 of prevotes on the proposed
block, it broadcasts a precommit for that block. If the node has received over 2/3 of
precommits, it enters the commit step.
•Commit step. The node validates the block and broadcasts a commit for that block. if
the node has received 2/3 of the commits, it accepts the block.
The process is quite similar to PBFT, but Tendermint nodes have to lock their coins to
become validators. Once a validator is found to be dishonest, it would be punished.
3.2 Consensus algorithms comparison
Different consensus algorithms have different advantages and disadvantages. Table 2 gives
a comparison between different consensus algorithms and we use the properties given by
•Node identity management. PBFT needs to know the identity of each miner in order
to select a primary in every round while Tendermint needs to know the validators in
order to select a proposer in each round. For PoW, PoS, DPOS and Ripple, nodes
could join the network freely.
•Energy saving. In PoW, miners hash the block header continuously to reach the target
value. As a result, the amount of electricity required to process has reached an
immense scale. As for PoS and DPOS, miners still have to hash the block header to
search the target value but the work has been largely reduced as the search space is
designed to be limited. As for PBFT, Ripple and Tendermint, there is no mining in
the consensus process. So it saves energy greatly.
•Tolerated power of the adversary. Generally 51% of hash power is regarded as the
threshold for one to gain control of the network. But selﬁsh mining strategy (Eyal
and Sirer, 2014) in PoW systems could help miners to gain more revenue by only
25% of the hashing power. PBFT and Tendermint are designed to handle up to 1/3
faulty nodes. Ripple is proved to maintain correctness if the faulty nodes in a UNL is
less than 20%.
•Example. Bitcoin is based on PoW while Peercoin is a new peer-to-peer PoS
cryptocurrency. Further, Hyperledger Fabric utilises PBFT to reach consensus.
Bitshares, a smart contract platform, adopts DPOS as their consensus algorithm.
Ripple implements the Ripple protocol while Tendermint devises the Tendermint
362 Z. Zheng et al.
PBFT and Tendermint are permissioned protocols. Node identities are expected to be known
to the whole network, so they might be used in commercial mode rather than public. PoW
and PoS are suitable for public blockchain. Consortium or private blockchain might have
preference for PBFT, Tendermint, DPOS and Ripple.
Table 2 Typical consensus algorithms comparison
Property PoW PoS PBFT DPOS Ripple Tendermint
Node identity Open Open Permissioned Open Open Permissioned
Energy saving No Partial Yes Partial Yes Yes
Tolerated <25% <51% <33.3% <51% <20% <33.3%
power computing stake faulty validators faulty nodes byzantine
of adversary power replicas in UNL voting power
Example Bitcoin Peercoin Hyperledger Bitshares Ripple Tendermint
3.3 Advances on consensus algorithms
A good consensus algorithm means efﬁciency, safety and convenience. Current common
consensus algorithms still have many shortages. New consensus algorithms are devised
aiming to solve some speciﬁc problems of the blockchain. The main idea of PeerCensus
(Decker et al., 2016) is to decouple block creation and transaction conﬁrmation so that
the consensus speed can be signiﬁcantly increased. Besides, Kraft (Kraft, 2016) proposed
a new consensus method to ensure that a block is generated in a relatively stable speed.
It is known that high blocks generation rate compromise Bitcoin’s security. So the
Greedy Heaviest-Observed Sub-Tree (GHOST) chain selection rule (Sompolinsky and
Zohar, 2013) is proposed to solve this problem. Instead of the longest branch scheme,
GHOST weights the branches and miners could choose the better one to follow. Chepurnoy et
al. (Chepurnoy et al., 2016) proposed a new consensus algorithm for peer-to-peer blockchain
systems where anyone who provides non-interactive proofs of retrievability for the past
state snapshots is agreed to generate the block. In such a protocol, miners only have to store
old block headers instead of full blocks.
4 Applications of blockchain
There is a diverse of applications of blockchain technology. In this section, we summarise
several typical applications of blockchain. We roughly categorise the applications of the
blockchain into ﬁnance in Section 4.1, IoT in Section 4.2, public and social services in
Section 4.3, reputation system in Section 4.4 and security and privacy in Section 4.5. Figure 5
illustrates 5 representative application domains of the blockchain.
Blockchain challenges and opportunities: a survey 363
Figure 5 Representative application domains of blockchain (see online version for colours)
xSafety and Privacy
xP2P Financial Market
•Financial services. The emergency of blockchain systems such as Bitcoin
(Nakamoto, 2008) and (hyperledger, 2015) has brought a huge impact on traditional
ﬁnancial and business services. Peters et al. (Peters and Panayi, 2015) discussed that
blockchain has the potential to disrupt the world of banking. Blockchain technology
could be applied to many areas including clearing and settlement of ﬁnancial assets
etc. Besides, Morini (2016) showed that there are real business cases like
collateralisation of ﬁnancial derivatives that could leverage blockchain to reduce
costs and risks. Blockchain has also caught tremendous attention in the eyes of large
software companies: Microsoft Azure (azure, 2016) and IBM (ibm, 2016) are
beginning to offer Blockchain-as-a-Service.
•Enterprise transformation. In addition to the evolution of ﬁnancial and business
services, blockchain can help traditional organisations to complete the enterprise
transformation smoothly. Consider an example of postal operators (POs). Since
traditional postal operators (POs) act as a simple intermediary between merchants
and customers, blockchain and cryptocurrency technology can help POs to extend
their simple roles with the provision of new ﬁnancial and un-ﬁnancial services. In
Jaag et al. (2016), Jaag and Bach explored opportunities of arising blockchain
technology for POs and claimed that each PO could issue their own postcoin which is
a kind of colored coin of Bitcoin. Since the POs are viewed as a trusted authority by
the public, postcoin could be prevailed quickly with their dense retail network. In
addition, it is also shown in Jaag et al. (2016) that blockchain technology offers
business opportunities for POs in identity services, device management and supply
•P2P ﬁnancial market. Blockchain could also help build a P2P ﬁnancial market in a
secure and reliable way. Noyes explored ways of combining peer-to-peer
364 Z. Zheng et al.
mechanisms and multiparty computation protocols to create a P2P ﬁnancial MPC
(Multiparty Computation) market (Noyes, 2016b). Blockchain-based MPC market
allows ofﬂoading computational tasks onto a network of anonymous peer-processors.
•Risk management. Risk management framework plays a signiﬁcant role in ﬁnancial
technology (FinTech) and now it can be combined with blockchain to perform better.
Pilkington (Pilkington, 2016) provided a novel risk-management framework, in
which blockchain technology is used to analyse investment risk in the
Luxembourgish scenario. Investors who nowadays hold securities through chains of
custodians tend to face the risk of any of these failings. With the help of blockchain,
investments and collaterals can be decided quickly instead of going through
long-term consideration. Micheler and Heyde indicated in Micheler and von der
Heyde (2016) that a new system combined with blockchain can reduce custody risk
and achieve the same level of transactional safety. Besides, blockchain-based smart
contract enables the decentralised autonomous organisations (DAO) to engage in
business-work collaborations. A highly dependable DAO-GaaS conﬂict model (Norta
et al., 2015) was proposed to safeguard business-semantics induced consistency rules.
4.2 Internet of things (IoT)
Internet of things (IoT), one of the most promising information and communication
technologies (ICT), is ramping up recently. IoT is proposed to integrate the things (also
named smart objects) into the internet and provides users with various services (Atzori
et al., 2010; Miorandi et al., 2012). The typical killer applications of IoT include the logistic
management with Radio-Frequency Identiﬁcation (RFID) technology (ISO, 2013), smart
homes (Dixon et al., 2012), e-health (Habib et al., 2015), smart grids (Fan et al., 2013),
Maritime Industry (Wang et al., 2015), etc.
Blockchain technologies can potentially improve the IoT sector.
•E-business. Zhang and Wen (2015) propose a new IoT E-business model and realise
the transaction of smart property based on blockchain and smart contract. In this
model, distributed autonomous corporations (DAC) is adopted as a decentralised
transaction entity. People trade with DACs to obtain coins and exchange sensor data
without any third party.
•Safety and privacy. Safety and privacy preservation is another important concern for
IoT industry. Blockchain can also help in improving privacy in IoT applications. In
particular, Hardjono and Smith (2016) proposed a privacy-preserving method for
commissioning an IoT device into a cloud ecosystem. More speciﬁcally, a new
architecture was proposed in Hardjono and Smith (2016) to help the device to prove
its manufacturing provenance without the authentication of the third party and it is
allowed to register anonymously. Besides, in IBM (2015), IBM unveiled its proof of
concept for Autonomous Decentralised Peer-to-Peer Telemetry (ADEPT), which is a
system using blockchain technologies to build a distributed network of devices. In
ADEPT, appliances in the home would be able to identify operational problems and
retrieve software updates on their own.
4.3 Public and social services
Blockchain can also be widely used in public and social services.
Blockchain challenges and opportunities: a survey 365
•Land registration. One of the typical blockchain applications in public services is the
land registration (NRI, 2015), in which the land information such as the physical
status and related rights can be registered and publicised on blockchains. Besides,
any changes made on the land, such as the transfer of land or the establishment of a
mortgage can be recorded and managed on blockchains consequently improve the
efﬁciency of public services.
•Energy saving. Besides, blockchains can be used in green energy. Gogerty and Zitoli
proposed the solarcoin (Gogerty and Zitoli, 2011) to encourage the usage of
renewable energies. In particular, solarcoin is a kind of digital currency rewarding
solar energy producers. In addition to the usual way of getting coins through mining,
solarcoins could be granted by the solarcoin foundation as long as you have
generated the solar energy.
•Education. Blockchain is originally devised to enable currency transactions to be
carried out in trustless environment. However, if we regard the learning and teaching
process as the currency, blockchain technology can potentially be applied to the
online educational market. in Devine (2015), blockchain learning was proposed. In
blockchain learning, blocks could be packed and placed into blockchain by teachers
and the learning achievements could be thought as coins.
•Free-speech right. Moreover, blockchain can be used to secure internet infrastructure
such as DNS and identities. For example, Namecoin (namecoin, 2014) is an
experimental open-source technology that improves decentralisation, security,
censorship resistance, privacy, and speed of DNS and identities (namecoin, 2014). It
protects free-speech rights online by making the web more resistant to censorship.
Blockchains can also be used for other public services such as marriage registration, patent
management and income taxation systems (Akins et al., 2013). In the new public services
integrated with blockchains, mobile devices with digital signature embedded may replace
seals to be afﬁxed on documents, which are submitted to administrative departments. In this
way, extensive paperwork can be greatly saved.
4.4 Reputation system
Reputation is an important measure on how much the community trusts you. The greater
your reputation, the more trustworthy you are regarded by others. The reputation of a person
can be evaluated on his or her previous transactions and interactions with the community.
There is a rising number of cases of personal reputation records falsiﬁcation. For example,
in e-commerce, many service-providers enroll a huge number of fake customers to achieve
a high reputation. Blockchain can potentially solve this problem.
•Academics. Reputation is important to academics. Sharples and Domingue (2015)
proposed a blockchain-based distributed system for educational record and
reputation. At the beginning, each institution and intellectual worker would be given
an initial award of educational reputation currency. An institution could award a staff
by transferring some reputation records to the staff. Since transactions are stored on
blockchain, all the reputation change could be detected easily.
•Web community. The ability to assess the reputation of a member in a web
community is very important. Carboni (2015) proposed a reputation model based on
366 Z. Zheng et al.
blockchain, in which a voucher will be signed if customer is satisﬁed with the service
and would like to give a good feedback. After signing a voucher, a service provider
needs to take extra 3% of the payment to the network as the voting fee to discourage
the Sybil attack. A service provider’s reputation is calculated based on the amount of
the voting fee. Dennis and Owen (2015) proposed a new reputation system that is
practically applicable to multiple networks. In particular, they created a new
blockchain to store single dimension reputation value (i.e., 0 or 1) from the
completed transactions. Take the ﬁle sharing as an example. Entity Asends a ﬁle to
entity B. Upon receiving the ﬁle, Bsends a transaction consists of the score, the hash
of ﬁle and private key of Bto verify the identity. Then, the miners contact Aand Bto
conﬁrm that the transaction happens with no suspicion. Since transactions are stored
on blockchain, reputation records are nearly impossible to tamper.
4.5 Security and privacy
•Security enhancement. We have seen the proliferation of various mobile devices and
various mobile services, which are also exhibiting their vulnerability to malicious
nodes. There are a number of anti-malware ﬁlters proposed to detect the suspected
ﬁles through pattern matching schemes, which a central server to store and update
the virus patterns. However, these centralised countermeasures are also vulnerable to
malicious attackers. Blockchain can potentially help to improve the security of
distributed networks. In particular, Charles (Noyes, 2016a) proposed a novel
anti-malware environment named BitAV, in which users can distribute the virus
patterns on blockchain. In this way, BitAV can enhance the fault tolerance. It is shown
in Noyes (2016a) that BitAV can improve the scanning speed and enhance the fault
reliability (i.e., less susceptible to targeted denial-of-service attacks). Blockchain
technologies can also be used to improve the reliability of security infrastructure. For
example, conventional public key infrastructures (PKIs) are often susceptible to
single point of failure due to the hardware and software ﬂaws or malicious attacks.
As shown in Axon (2015), blockchain can be used to construct a privacy-aware PKI
while simultaneously improving the reliability of conventional PKIs.
•Privacy protection. In addition to the increasing risk of the exposure of our private
data to malwares, various mobile services and social network providers are collecting
our sensitive data. For example, Facebook has collected more than 300 petabytes of
personal data since its inception (Vagata and Wilfong, 2014). Usually, the collected
data are stored on central servers of service providers, which are susceptible to
malicious attacks. Blockchain has the potential to improve the security of privacy
sensitive data. in Zyskind et al. (2015), Zyskind et al. propose a decentralised
personal data management system that ensures the user ownership of their data. This
system is implemented on the blockchain. The system can protect the data against
these privacy issues:
•data transparency and auditability
•ﬁne-grained access control.
A similar system based on blockchain technology was also proposed to securely
distribute sensitive data in a decentralised manner in ethos (2014).
Blockchain challenges and opportunities: a survey 367
5 Challenges and recent advances
As an emerging technology, blockchain is facing multiple challenges and problems. We
summarise three typical challenges: scalability in Section 5.1, privacy leakage in Section 5.2
and selﬁsh mining in Section 5.3.
With the amount of transactions increasing day by day, the blockchain becomes heavy.
Currently, Bitcoin blockchain has exceeded 100 GB storage. All transactions have to be
stored for validating the transaction. Besides, due to the original restriction of block size
and the time interval used to generate a new block, the Bitcoin blockchain can only process
nearly 7 transactions per second, which cannot fulﬁl the requirement of processing millions
of transactions in a real-time fashion. Meanwhile, as the capacity of blocks is very small,
many small transactions might be delayed since miners prefer those transactions with a high
transaction fee. However, large block size would slow down the propagation speed and lead
to blockchain branches. So scalability problem is quite tough.
There are a number of efforts proposed to address the scalability problem of the
blockchain, which could be categorised into two types:
•Storage optimisation of blockchain. To solve the bulky blockchain problem, a novel
cryptocurrency scheme was proposed in (Bruce, 2014). In the new scheme, old
transaction records are removed by the network and a database named account tree is
used to hold the balance of all non-empty addresses. In this way, nodes do not need
to store all transactions to check whether a transaction is valid or not. Besides
lightweight client could also help ﬁx this problem. A novel schem named VerSum
(van den Hooff et al., 2014) was proposed to provide another way allowing
lightweight clients to exist. VerSum allows lightweight clients to outsource expensive
computations over large inputs. It ensures that the computation result is correct by
comparing results from multiple servers.
•Redesigning blockchain. in Eyal et al. (2016), Bitcoin-NG (Next Generation) was
proposed. The main idea of Bitcoin-NG is to decouple conventional block into two
parts: key block for leader election and microblock to store transactions. Miners are
competing to become a leader. The leader would be responsible for microblock
generation until a new leader appears. Bitcoin-NG also extended the heaviest
(longest) chain strategy where only key blocks count and microblocks carry no
weight. In this way, blockchain is redesigned and the tradeoff between block size and
network security has been addressed.
5.2 Privacy leakage
The blockchain is believed to be very safe as users only make transactions with generated
addresses rather than real identity. Users also could generate many addresses in case of
information leakage. However, it is shown in Meiklejohn et al. (2013) and Kosba et al.
(2016) that blockchain cannot guarantee the transactional privacy since the values of all
transactions and balances for each public key are publicly visible. Besides, the recent study
(Barcelo, 2014) has shown that a user’s Bitcoin transactions can be linked to reveal user’s
information. Moreover, Biryukov et al. (2014) presented a method to link user pseudonyms
368 Z. Zheng et al.
to IP addresses even when users are behind network address translation (NAT) or ﬁrewalls.
in Biryukov et al. (2014), each client can be uniquely identiﬁed by a set of nodes it connects
to. However, this set can be learned and used to ﬁnd the origin of a transaction. Multiple
methods have been proposed to improve anonymity of blockchain, which could be roughly
categorised into two types:
•Mixing (Möser, 2013). In blockchain, users addresses are pseudonymous. But it is
still possible to link addresses to user real identity as many users make transactions
with the same address frequently. Mixing service is a kind of service which provides
anonymity by transferring funds from multiple input addresses to multiple output
addresses. For example, user Alice with address A wants to send some funds to Bob
with address B. If Alice directly makes a transaction with input address A and output
address B, the relationship between Alice and Bob might be revealed. So Alice could
send funds to a trusted intermediary Carol. Then Carol transfer funds to Bob with
multiple inputs c1, c2, c3, etc., and multiple output d1, d2, B, d3, etc. Bob’s address
B is also contained in the output addresses. So it becomes harder to reveal the
relationship between Alice and Bob. However, the intermediary could be dishonest
and reveal Alice and Bob’s private information on purpose. It is also possible that
Carol transfers Alice’s funds to her own address instead of Bob’s address. Mixcoin
(Bonneau et al., 2014) provides a simple method to avoid dishonest behaviours. The
intermediary encrypts users’ requirements including funds amount and transfer date
with its private key. Then if the intermediary did not transfer the money, anybody
could verify that the intermediary cheated. However, theft is detected but still not
prevented. Coinjoin (Maxwell, 2013) depends on a central mixing server to shufﬂe
output addresses to prevent theft. And inspired by Coinjoin, CoinShufﬂe (Rufﬁng
et al., 2014) uses decryption mixnets for address shufﬂing.
•Anonymous. In Zerocoin (Miers et al., 2013), a zero-knowledge proof is used. Miners
do not have to validate a transaction with digital signature but to validate coins belong
to a list of valid coins. Payment’s origin is unlinked from transactions to prevent
transaction graph analyses. But it still reveals payments’ destination and amounts.
Zerocash (Sasson et al., 2014) was proposed to address this problem. In Zerocash,
zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs) is
leveraged. Transaction amounts and the values of coins held by users are hidden.
5.3 Selﬁsh mining
The blockchain is susceptible to attacks of colluding selﬁsh miners. Generally,it is convinced
that nodes with over 51% computing power could reverse the blockchain and reverse the
happened transaction. However, recent research shows that even nodes with less 51% power
are still dangerous. In particular, Eyal and Sirer (2014) showed that the network is vulnerable
even if only a small portion of the hashing power is used to cheat. In selﬁsh mining strategy,
selﬁsh miners keep their mined blocks without broadcasting and the private branch would
be revealed to the public only if some requirements are satisﬁed. As the private branch is
longer than the current public chain, it would be admitted by all miners. Before the private
blockchain publication, honest miners are wasting their resources on a useless branch while
selﬁsh miners are mining their private chain without competitors. So selﬁsh miners tend to
get more revenue. Rational miners would be attracted to join the selﬁsh pool and the selﬁsh
could exceed 51% power quickly.
Blockchain challenges and opportunities: a survey 369
Based on selﬁsh mining, many other attacks have been proposed to show that blockchain
is not so secure. In stubborn mining (Nayak et al., 2016), miners could amplify its gain
by non-trivially composing mining attacks with network-level eclipse attacks. The trail-
stubbornness is one of the stubborn strategies that miners still mine the blocks even if the
private chain is left behind. Yet in some cases, it can result in 13% gains in comparison with
a non-trail-stubborn counterpart. Sapirshtein et al. (2015) show that there are selﬁsh mining
strategies that earn more money and are proﬁtable for smaller miners compared with simple
selﬁsh mining. But the gains are relatively small. Furthermore, it shows that attackers with
less than 25% of the computational resources can still gain from selﬁsh mining. To help ﬁx
the selﬁsh mining problem, Heilman (Billah, 2015) presented a novel approach for honest
miners to choose which branch to follow. With random beacons and timestamps, honest
miners would select more fresh blocks. However, (Billah, 2015) is vulnerable to forgeable
timestamps. ZeroBlock (Solat and Potop-Butucaru, 2016) builds on the simple scheme:
Each block must be generated and accepted by the network within a maximum time interval.
Within ZeroBlock, selﬁsh miners cannot achieve more than its expected reward.
6 Possible future directions
The blockchain has shown its potential in industry and academia. We discuss possible future
directions with respect to ﬁve areas: blockchain testing,stop the tendency to centralisation,
big data analytics,smart contract and artiﬁcial intelligence.
6.1 Blockchain testing
Recently different kinds of blockchains appear and over 700 cryptocurrencies are listed
in coindesk (2017) up to now. However, some developers might falsify their blockchain
performance to attract investors driven by the huge proﬁt. Besides, when users want
to combine blockchain into business, they have to know which blockchain ﬁts their
requirements. So blockchain testing mechanism needs to be in place to test different
Blockchain testing could be separated into two phases: standardisation phase and testing
phase. In standardisation phase, all criteria have to be made and agreed. When a blockchain
is born, it could be tested with the agreed criteria to valid if the blockchain works ﬁne
as developers claim. As for testing phase, blockchain testing needs to be performed with
different criteria. For example, a user who is in charge of online retail business cares about
the throughput of the blockchain, so the examination needs to test the average time from a
user sending a transaction to the transaction being packed into the blockchain, capacity for
a blockchain block and etc.
6.2 Stop the tendency to centralisation
Blockchain is designed as a decentralised system. However, there is a trend that miners are
centralised in the mining pool. Up to now, the top 5 mining pools together owns larger than
51% of the total hash power in the Bitcoin network (bitcoinwrldwide, n.d.). Apart from
that, selﬁsh mining strategy (Eyal and Sirer, 2014) showed that pools with over 25% of
total computing power could get more revenue than a fair share. Rational miners would
be attracted into the selﬁsh pool and ﬁnally, the pool could easily exceed 51% of the total
370 Z. Zheng et al.
power. As the blockchain is not intended to serve a few organisations, some methods should
be proposed to solve this problem.
6.3 Big data analytics
Blockchain could be well combined with big data. Here we roughly categorised the
combination into two types: data management and data analytics. As for data management,
blockchain could be used to store important data as it is distributed and secure. Blockchain
could also ensure the data is original. For example, if blockchain is used to store patients
health information, the information could not be tampered and it is hard to steal those private
information. When it comes to data analytics, transactions on blockchain could be used for
big data analytics. For example, user trading patterns might be extracted. Users can predict
their potential partners’ trading behaviours with the analysis.
6.4 Smart contract
A smart contract is a computerised transaction protocol that executes the terms of a contract
(Szabo, 1997). It has been proposed for a long time and now this concept can be implemented
with blockchain. In blockchain, the smart contract is a code fragment that could be executed
by miners automatically. Nowadays, more and more smart contract develop platforms are
emerging and smart contract could achieve more and more functionalities. Blockchain could
be used in many areas, such as IoT (Christidis and Devetsikiotis, 2016) and banking services
(Peters and Panayi, 2015).
We categorise smart contract researches into two types: development and evaluation. The
development could be smart contract development or smart contract platform development.
Now many smart contracts are deployed on Ethereum (Wood, 2014) blockchain. As for
platform development, many smart contract develop platforms like Ethereum (Wood,
2014) and Hawk (Kosba et al., 2016) are emerging. Evaluation means code analysis
and performance evaluation. Bugs in smart contract could bring disastrous damages. For
instance, owing to the recursive call bug, over 60 million dollars are stolen from a smart
contract- the DAO (Jentzsch, 2016). So smart contract attack analysis is very important. On
the other hand, smart contract performance is also of vital importance to smart contract.
With blockchain technology developing quickly, more and more smart contract based
applications would be put into use. Companies need to take the application performance
6.5 Artiﬁcial intelligence
Recent developments in blockchain technology are creating new opportunities for artiﬁcial
intelligence (AI) applications (Omohundro, 2014). AI technologies could help solve many
blockchain challenges. For instance, there is always an oracle who is responsible for
determining whether the contract condition is satisﬁed. Generally, this oracle is a trusted
third party. AI technique may help build an intelligent oracle. It is not controlled by any
party, it just learns from the outside and train itself. In that way, there would be no argues
in he smart contract and the smart contract can become smarter. On the other hand, AI
is penetrating into our lives now. Blockchain and smart contract could help to restrict
misbehaviours done by AI products. For instance, laws written in smart contract could help
to restrict misbehaviours done by driverless cars.
Blockchain challenges and opportunities: a survey 371
The blockchain is highly appraised and endorsed for its decentralised infrastructure
and peer-to-peer nature. However, many researches about the blockchain are shielded
by Bitcoin. But blockchain could be applied to a variety of ﬁelds far beyond Bitcoin.
Blockchain has shown its potential for transforming the traditional industry with its key
characteristics: decentralisation, persistency, anonymity and auditability. In this paper,
we present a comprehensive survey on the blockchain. We ﬁrst give an overview of the
blockchain technologies including blockchain architecture and key characteristics of the
blockchain. We then discuss the typical consensus algorithms used in the blockchain.
We analyse and compare these protocols in different respects. We also investigate typical
blockchain applications. Furthermore, we list some challenges and problems that would
hinder blockchain development and summarise some existing approaches for solving these
problems. Some possible future directions are also discussed. Nowadays smart contract is
developing fast and many smart contract applications are proposed. However, as there are
still many defects and limits in smart contract languages, many innovative applications are
hard to implement currently. We plan to take an in-depth investigation on smart contract in
The work described in this paper was supported by the National Key Research and
Development Program (2016YFB1000101), the National Natural Science Foundation of
China (61722214, 61472338), the Program for Guangdong Introducing Innovative and
Entrepreneurial Teams(2016ZT06D211), the Pearl River S&T Nova Program of Guangzhou
(201710010046), and Macao Science and Technology Development Fund under Grant No.
0026/2018/A1. The authors would like to thank Gordon K-T. Hon for his constructive
Akins, B.W., Chapman, J.L. and Gordon, J.M. (2013) A Whole New World: Income Tax Considerations
of the Bitcoin Economy.
antshares (2016) Antshares Digital Assets for Everyone, https://www.antshares.org.
Atzori, L., Iera, A. and Morabito, G. (2010) ‘The internet of things: a survey’, Computer Networks,
Vol. 54, No. 15, pp.2787–2805.
Axon, L. (2015) Privacy-Awareness in Blockchain-based PKI, CDT Technical Paper Series.
azure (2016) Microsoft Azure: Blockchain as a Service, https://azure.microsoft.com/en-
Barcelo, J. (2014) User Privacy in the Public Bitcoin Blockchain.
Bentov, I., Lee, C., Mizrahi, A. and Rosenfeld, M. (2014) ‘Proof of activity: extending Bitcoin’s proof
of work via proof of stake [extended abstract]’, ACM SIGMETRICS Performance Evaluation
Review, Vol. 42, No. 3, pp.34–37.
Billah, S. (2015) One Weird Trick to Stop Selﬁsh Miners: Fresh Bitcoins, A Solution for the Honest
372 Z. Zheng et al.
Biryukov, A., Khovratovich, D. and Pustogarov, I. (2014) ‘Deanonymisation of clients in bitcoin p2p
network’, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications
Security, New York, NY, USA, pp.15–29.
bitcoinwrldwide (n.d.) The Biggest Mining Pools, https://bitcoinworldwide.com/mining/pools/
bitshares (n.d.) Bitshares – Your Share in the Decentralized Exchange, https://bitshares.org/
Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A. and Felten, E.W. (2014) ‘Mixcoin:
Anonymity for bitcoin with accountable mixes’, Proceedings of International Conference on
Financial Cryptography and Data Security, Berlin, Heidelberg, pp.486–504.
Bruce, J. (2014) The Mini-Blockchain Scheme, http://cryptonite.info/ﬁles/mbc-scheme-rev3.pdf
burstcoin (2014) Burstcoin.
Buterin, V. (2014) A Next-Generation Smart Contract and Decentralized Application Platform, White
Buterin, V. (2015) On Public and Private Blockchains, https://blog.ethereum.org/2015/08/07/on-
Carboni, D. (2015) Feedback based Reputation on Top of the Bitcoin Blockchain, arXiv preprint
Chepurnoy, A., Larangeira, M. and Ojiganov, A. (2016) A Prunable Blockchain Consensus Protocol
based on Non-Interactive Proofs of Past States Retrievability, arXiv preprint arXiv:1603.07926.
Christidis, K. and Devetsikiotis, M. (2016) ‘Blockchains and smart contracts for the internet of things’,
IEEE Access, Vol. 4, pp.2292–2303.
coindesk (2016) State of Blockchain q1 2016: Blockchain Funding Overtakes Bitcoin,
coindesk (2017) Crypto-Currency Market Capitalizations, https://coinmarketcap.com
Decker, C., Seidel, J. and Wattenhofer, R. (2016) ‘Bitcoin meets strong consistency’, Proceedings of
the 17th International Conference on Distributed Computing and Networking (ICDCN), ACM,
Singapore, Singapore, p.13.
Dennis, R. and Owen, G. (2015) ‘Rep on the block: A next generation reputation system based
on the blockchain’, 2015 10th International Conference for Internet Technology and Secured
Transactions (ICITST), IEEE, pp.131–138.
Devine, P. (2015) ‘Blockchain learning: can crypto-currency methods be appropriated to enhance
online learning?’, ALT Online Winter Conference.
Dixon, C., Mahajan, R., Agarwal, S., Brush, A., Saroiu, B.L.S. and Bahl, P. (2012) An Operating
System for the Home,NSDI, USENIX.
ethereum (n.d.) Consortium Chain Development, https://github.com/ethereum/wiki/wiki/Consortium-
ethos (2014) Ethos, http://viral.media.mit.edu/projects/ethos/
Eyal, I. and Sirer, E.G. (2014) ‘Majority is not enough: Bitcoin mining is vulnerable’, Proceedings
of International Conference on Financial Cryptography and Data Security, Berlin, Heidelberg,
Eyal, I., Gencer, A.E., Sirer, E.G. and Van Renesse, R. (2016) ‘Bitcoin-ng: a scalable blockchain
protocol’, Proceedings of 13th USENIX Symposium on Networked Systems Design and
Implementation (NSDI 16), Santa Clara, CA, USA, pp.45–59.
Fan, Z., Kulkarni, P., Gormus, S., Efthymiou, C., Kalogridis, G., Sooriyabandara, M., Zhu, Z.,
Lambotharan, S. and Chin, W.H. (2013) ‘Smart grid communications: overview of research
challenges, solutions, and standardization activities’, IEEE Communications Surveys and
Tutorials, Vol. 15, No. 1, pp.21–38.
Foroglou, G. and Tsilidou, A-L. (2015) Further Applications of the Blockchain.
Gogerty, N. and Zitoli, J. (2011) ‘Deko: an electricity-backed currency proposal’, Social Science
Blockchain challenges and opportunities: a survey 373
Habib, K., Torjusen, A. and Leister, W. (2015) ‘Security analysis of a patient monitoring system for the
internet of things in eHealth’, The Seventh International Conference on eHealth, Telemedicine,
and Social Medicine (eTELEMED).
Hardjono, T. and Smith, N. (2016) ‘Cloud-based commissioning of constrained devices using
permissioned blockchains’, Proceedings of the 2nd ACM International Workshop on IoT Privacy,
Trust, and Security, ACM, pp.29–36.
hyperledger (2015) Hyperledger Project, https://www.hyperledger.org/
IBM (2015) IBM ADEPT Practictioner Perspective – Pre Publication Draft.
ibm (2016) IBM Blockchain, http://www.ibm.com/blockchain/
ISO (2013) ISO/IEC 18000.
Jaag, C., Bach, C. et al. (2016) Blockchain Technology and Cryptocurrencies: Opportunities for Postal
Financial Services, Technical Report.
Jentzsch, C. (2016) The History of the DAO and Lessons Learned.
Johnson, D., Menezes, A. and Vanstone, S. (2001) ‘The elliptic curve digital signature algorithm
(ECDSA)’, International Journal of Information Security, Vol. 1, No. 1, pp.36–63.
King, S. (2013) Primecoin: Cryptocurrency with Prime Number Proof-of-Work, 7 July.
King, S. and Nadal, S. (2012) Ppcoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake, Self-
Published Paper, August.
Kosba, A., Miller, A., Shi, E., Wen, Z. and Papamanthou, C. (2016) ‘Hawk: the blockchain model
of cryptography and privacy-preserving smart contracts’, Proceedings of IEEE Symposium on
Security and Privacy (SP), San Jose, CA, USA, pp.839–858.
Kraft, D. (2016) ‘Difﬁculty control for blockchain-based consensus systems’, Peer-to-Peer
Networking and Applications, Vol. 9, No. 2, pp.397–413.
Kwon, J. (2014) Tendermint: Consensus without Mining.
Lamport, L., Shostak, R. and Pease, M. (1982) ‘The byzantine generals problem’, ACM Transactions
on Programming Languages and Systems (TOPLAS), Vol. 4, No. 3, pp.382–401.
Lee Kuo Chuen, D. (Ed.) (2015) Handbook of Digital Currency, 1st ed., Elsevier.
Maxwell, G. (2013) Coinjoin: Bitcoin Privacy for the Real World, Post on Bitcoin Forum.
Mazieres, D. (2015) The Stellar Consensus Protocol: A Federated Model for Internet-Level Consensus,
Stellar Development Foundation.
Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M. and Savage, S.
(2013) ‘A ﬁstful of bitcoins: Characterizing payments among men with no names’, Proceedings
of the 2013 Conference on Internet Measurement Conference (IMC’13), New York, NY, USA.
Micheler, E. and vonder Heyde, L. (2016) ‘Holding, clearing and settling securities through blockchain
technology creating an efﬁcient system by empowering asset owners’, Social Science Research
Miers, I., Garman, C., Green, M. and Rubin, A.D. (2013) ‘Zerocoin: Anonymous distributed e-cash
from bitcoin’, Proceedings of IEEE Symposium Security and Privacy (SP), Berkeley, CA, USA,
Miguel, C. and Barbara, L. (1999) ‘Practical byzantine fault tolerance’, Proceedings of the Third
Symposium on Operating Systems Design and Implementation, Vol. 99, New Orleans, USA,
Miorandi, D., Sicari, S., Pellegrini, F.D. and Chlamtac, I. (2012) ‘Internet of things: vision, applications
and research challenges’, Ad Hoc Networks, Vol. 10, No. 7, pp.1497–1516.
Morini, M. (2016) ‘From’blockchain hype’to a real business case for ﬁnancial markets’, Social Science
Möser, M. (2013) ‘Anonymity of bitcoin transactions: An analysis of mixing services’, Proceedings
of Münster Bitcoin Conference, Münster, Germany, pp.17, 18.
374 Z. Zheng et al.
Nakamoto, S. (2008) Bitcoin: A Peer-to-Peer Electronic Cash System, https://bitcoin.org/bitcoin.pdf
namecoin (2014) Namecoin, https://www.namecoin.org/
Nayak, K., Kumar, S., Miller, A. and Shi, E. (2016) ‘Stubborn mining: generalizing selﬁsh mining and
combining with an eclipse attack’, Proceedings of 2016 IEEE European Symposium on Security
and Privacy (EuroSandP), Saarbrucken, Germany, pp.305–320.
Norta, A., Othman, A.B. and Taveter, K. (2015) ‘Conﬂict-resolution lifecycles for governed
decentralized autonomous organization collaboration’, Proceedings of the 2015 2nd
International Conference on Electronic Governance and Open Society: Challenges in Eurasia,
Noyes, C. (2016a) Bitav: Fast Anti-Malware by Distributed Blockchain Consensus and Feedforward
Scanning, arXiv preprint arXiv:1601.01405.
Noyes, C. (2016b) Efﬁcient Blockchain-Driven Multiparty Computation Markets at Scale, Technical
NRI (2015) Survey on Blockchain Technologies and Related Services, Technical Report.
Omohundro, S. (2014) ‘Cryptocurrencies, smart contracts, and artiﬁcial intelligence’, AI Matters,
Vol. 1, No. 2, pp.19–21.
P4Titan (2014) Slimcoin a Peer-to-Peer Crypto-Currency with Proof-of-Burn.
Peters, G.W. and Panayi, E. (2015) ‘Understanding modern banking ledgers through blockchain
technologies: Future of transaction processing and smart contracts on the internet of money’,
Social Science Research Network.
Peters, G.W., Panayi, E. and Chapelle, A. (2015) Trends in Crypto-Currencies and Blockchain
Technologies: A Monetary Theory and Regulation Perspective.
Pilkington, M. (2016) Does the Fintech Industry need a New Risk Management Philosophy? A
Blockchain Typology for Digital Currencies and e-money Services in Luxembourg, Social Science
Rufﬁng, T., Moreno-Sanchez, P. and Kate, A. (2014) ‘Coinshufﬂe: Practical decentralized coin mixing
for bitcoin’, Proceedings of European Symposium on Research in Computer Security, Cham,
Sapirshtein, A., Sompolinsky, Y. and Zohar, A. (2015) Optimal Selﬁsh Mining Strategies in Bitcoin,
arXiv preprint arXiv:1507.06183.
Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E. and Virza, M. (2014) ‘Zerocash:
Decentralized anonymous payments from Bitcoin’, Proceedings of 2014 IEEE Symposium on
Security and Privacy (SP), San Jose, CA, USA, pp.459–474.
Schwartz, D., Youngs, N. and Britto, A. (2014) The Ripple Protocol Consensus Algorithm, Ripple
Labs Inc White Paper.
Sharples, M. and Domingue, J. (2015) ‘The blockchain and kudos: A distributed system for educational
record, reputation and reward’, Proceedings of 11th European Conference on Technology
Enhanced Learning (EC-TEL 2015), Lyon, France, pp.490–496.
Solat, S. and Potop-Butucaru, M. (2016) ZeroBlock: Timestamp-FreePrevention of Block-Withholding
Attack in Bitcoin, Technical Report, Sorbonne Universites, UPMC University of Paris 6.
Sompolinsky, Y. and Zohar, A. (2013) Accelerating Bitcoin’s Transaction Processing. Fast Money
Grows on Trees, not Chains, IACR Cryptology ePrint Archive.
Szabo, N. (1997) The Idea of Smart Contracts.
Tschorsch, F. and Scheuermann, B. (2016) ‘Bitcoin and beyond: a technical survey on decentralized
digital currencies’, IEEE Communications Surveys Tutorials, Vol. 18, No. 3, pp.2084–2123.
Vagata, P. and Wilfong, K. (2014) Scaling the Facebook Data Warehouse to 300 PB, Technical Report.
van den Hooff, J., Kaashoek, M.F. and Zeldovich, N. (2014) ‘Versum: Veriﬁable computations
over large public logs’, Proceedings of the 2014 ACM SIGSAC Conference on Computer and
Communications Security, New York, NY, USA, pp.1304–1316.
Blockchain challenges and opportunities: a survey 375
Vasin, P. (2014) Blackcoin’s Proof-of-Stake Protocol v2, https://blackcoin.co/blackcoin-pos-protocol-
Vukoli´c, M. (2015) ‘The quest for scalable blockchain fabric: Proof-of-work vs. BFT replication’,
International Workshop on Open Problems in Network Security, Zurich, Switzerland,
Wang, H., Osen, O., Li, G., Li, W., Dai, H-N. and Zeng, W. (2015) ‘Big data and industrial internet
of things for the maritime industry in northwestern Norway’, IEEE Region 10 Conference
Wood, G. (2014) Ethereum: A Secure Decentralised Generalised Transaction Ledger, Ethereum
Project Yellow Paper.
Zamﬁr, V. (2015) Introducing Casper the Friendly Ghost.
Zhang, Y. and Wen, J. (2015) ‘An IoT electric business model based on the protocol of bitcoin’,
Proceedings of 18th International Conference on Intelligence in Next Generation Networks
(ICIN), Paris, France, pp.184–191.
Zheng, Z., Xie, S., Dai, H., Chen, X. and Wang, H. (2017) ‘An overview of blockchain technology:
Architecture, consensus, and future trends’, Proceedings of the 2017 IEEE BigData Congress,
Honolulu, Hawaii, USA, pp.557–564.
Zyskind, G., Nathan, O. et al. (2015) ‘Decentralizing privacy: Using blockchain to protect personal
data’, Security and Privacy Workshops (SPW), 2015 IEEE, IEEE, pp.180–184.