ArticlePDF Available

Abstract and Figures

This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data involved in different patterns of blockchain use cases. We then argue that the implications of blockchains’ information exposure caused by replicated transaction storage and execution go well beyond the often-mentioned conflicts with the GDPR’s “right to be forgotten” and may be more problematic than anticipated. In particular, we illustrate the trade-off between protecting sensitive information and increasing process efficiency through smart contracts. We also explore to which extent permissioned blockchains and novel applications of cryptographic technologies such as self-sovereign identities and zero-knowledge proofs can help overcome the transparency challenge and thus act as catalysts for blockchain adoption and diffusion in organizations.
Content may be subject to copyright.
Vol.:(0123456789)
1 3
Electronic Markets
https://doi.org/10.1007/s12525-022-00536-0
POSITION PAPER
The transparency challenge ofblockchain inorganizations
JohannesSedlmeir1,2 · JonathanLautenschlager1,2 · GilbertFridgen3 · NilsUrbach4
Received: 14 August 2021 / Accepted: 22 February 2022
© The Author(s) 2022
Abstract
This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an
excessive degree of transparency. We first point out the types of sensitive data involved in different patterns of blockchain
use cases. We then argue that the implications of blockchains’ information exposure caused by replicated transaction stor-
age and execution go well beyond the often-mentioned conflicts with the GDPR’s “right to be forgotten” and may be more
problematic than anticipated. In particular, we illustrate the trade-off between protecting sensitive information and increasing
process efficiency through smart contracts. We also explore to which extent permissioned blockchains and novel applications
of cryptographic technologies such as self-sovereign identities and zero-knowledge proofs can help overcome the transpar-
ency challenge and thus act as catalysts for blockchain adoption and diffusion in organizations.
Keywords Confidentiality· Data protection· Digital wallet· Distributed ledger technology· Privacy· Verifiable
computation
JEL Classification 014
Introduction
In the past decade, Bitcoin, Ethereum, and other crypto-
currencies have swiftly made their way from a few cypher-
punks’ revolutionary vision to a now almost mainstream
family of financial assets and decentralized applications.
For instance, the investment bank Morgan Stanley recently
announced that it now offers their wealthy clients Bitcoin
or other crypto exposure, while the investment power-
houses Goldman Sachs and JP Morgan have even started
working on the full provisioning of cryptocurrency invest-
ments opportunities to their clients (Mason, 2021; Ponciano,
2021). Moreover, many blockchain-based digital assets or
tokens with, for instance, the purpose of low volatility (sta-
blecoins) and access to services (utility) (Oliveira etal.,
2018) are booming in what has become popular under the
term decentralized finance (DeFi) (Zetzsche etal., 2020).
In general, the opportunities related to blockchain-based
financial markets and tokenization are now regarded as a
key trend for the economy (Alt, 2020; Sunyaev etal., 2021).
IS researchers have early also investigated the opportuni-
ties of adopting blockchain technology beyond the finan-
cial sector and expected substantial improvements, e.g., in
terms of data immutability, interoperability, and traceabil-
ity (Beck etal., 2018; Ferdous etal., 2019). Moreover, the
opportunity to enforce rules between business parties on a
blockchain can facilitate a new level of trust and, to some
extent, make blockchains a substitute for intermediaries (Alt,
2020; Beck etal., 2017; Bons etal., 2020). Researchers and
Responsible Editor: Christian Matt
* Johannes Sedlmeir
johannes.sedlmeir@fit.fraunhofer.de
Jonathan Lautenschlager
jonathan.lautenschlager@fim-rc.de
Gilbert Fridgen
gilbert.fridgen@uni.lu
Nils Urbach
nils.urbach@fb3.fra-uas.de
1 Project Group Business & Information Systems
Engineering oftheFraunhofer FIT, Wittelsbacherring 10,
95447Bayreuth, Germany
2 FIM Research Center, University ofBayreuth,
Wittelsbacherring 10, 95447Bayreuth, Germany
3 Interdisciplinary Center forSecurity, Reliability andTrust,
University ofLuxembourg, LuxembourgCity, Luxembourg
4 Frankfurt University ofApplied Sciences, Frankfurt,
Germany
J.Sedlmeir et al.
1 3
practitioners have explored blockchains in numerous publi-
cations and prototypes within, among others, supply chain
management (Gonczol etal., 2020; Queiroz etal., 2019)
and the energy, health, mobility, and public sector (Andoni
etal., 2019; Fridgen etal., 2019; Shi etal., 2020; Warkentin
& Orgeron, 2020).
However, compared to the momentum of blockchain
applications in cryptocurrencies and DeFi, adoption in
industry and the public sector seems to move considerably
slower. For instance, besides a few successful, productive
solutions (Lacity & Van Hoek, 2021), we have not yet
observed the anticipated widespread disruption of digital
supply chain management. Considering the large number of
publications and businesses’ significant efforts to develop
blockchain-based solutions beyond the financial sector
(International Data Corporation, 2021), the visibility
of successful blockchain applications seems relatively
limited. During the Covid-19 pandemic, we also saw many
blockchain-related projects being placed on hold or quit,
possibly owing to a lack of success and the shift in priorities
toward other projects that promise short-term savings or
that open new business opportunities. Insights from large
consultancies support this observation. For instance,
Deloitte recently found that the mortality rate of blockchain
projects pursued by organizations is around 85%, and even
92% when taking into account all blockchain projects
on GitHub (Deloitte, 2021). Further, large technology
companies such as IBM and Microsoft have announced a
reduction in their blockchain engagements (Allison, 2021).
A high failure rate for large and complex IT projects is not
surprising per se (Whitney & Daniels, 2013), and an even
higher failure rate may be expected owing to a certain level
of blockchain hype associated with financial speculation in
the context of cryptocurrencies and DeFi. Nonetheless, the
observation of unexpectedly slow developments regarding
blockchain adoption beyond concepts and prototypes
has already led to disillusionment and nascent research
on why blockchain technology has to date failed to meet
the high initial expectations in the context of supply
chains (Sternberg etal., 2020). Given that particularly
the connecting of today’s fragmented information silos in
supply chains was regarded as one of the very promising use
cases for blockchains (Azzi etal., 2019; Queiroz & Wamba,
2019; Roeck etal., 2019; Saberi etal., 2018), the lack of
productive solutions there is particularly surprising.
Table1 features a summary of challenges that organiza-
tions face in blockchain adoption. In this paper, we argue
why we consider excessive transparency one of the key
reasons for the observable lack of blockchain adoption.
Building on previous work, we discuss why the repli-
cated processing of data inblockchains often conflicts
with organizations’ policies and regulations associated
with sensitive business and customer information (Kan-
nengiesser etal., 2021; Pedersen etal., 2019; Toufaily
etal., 2021). The impracticality of deleting data ex-post
from a close to immutable ledger further aggravates these
issues (Rieger etal., 2019). Initial calls for research into
the privacy implications of blockchains have pointed out
that researchers should explicitly consider issues associ-
ated with the exposure of sensitive information (Rossi
etal., 2019). In this context, Kannengießer etal. (2020),
for instance, have already contributed to a more detailed
understanding of the related trade-offs from a technical
perspective. Yet, we found that transparency-related dis-
cussions are often restricted to personal information and
the GDPR’s right to be forgotten (Schellinger etal., 2021)
or not considered a substantial challenge (e.g., Lacity &
Van Hoek, 2021). Some researchers even consider block-
chain as a suitable technology to increase privacy (e.g.,
see the overview in Karger, 2020). During our involve-
ment in more than 10 projects in the mobility, energy, and
public sector in the last three years in which we designed,
implemented, and evaluated blockchain-based solutions,
we initially encountered similar perspectives among stake-
holders, which also aligns with the findings by Platt etal.
(2021). In these projects, the exposure of sensitive infor-
mation often made scaling blockchain-based applications
from initial proofs of concept to larger ecosystems very
Table 1 Organizational challenges of blockchain adoption as pointed out by extant research
Challenges for blockchain adoption Example references
Alignment with business models and services Heines etal. (2021), Janssen etal. (2020), Toufaily etal. (2021)
Integration into organizations’ legacy systems Alt (2020), Babich and Hilary (2020), Sedlmeir etal. (2022)
Heterogeneous levels of digitalization Fridgen etal. (2018), Jensen etal. (2019)
Compliance with legal frameworks and institutional processes Janssen etal. (2020), Lacity (2018)
Governing collaboration among stakeholders Beck etal. (2018), Lacity and Van Hoek (2021)
Closing communication gapsregarding energy consumption Sedlmeir etal. (2020)
Scalability and performance Kannengießer etal. (2020), Sedlmeir etal. (2022), Toufaily etal. (2021)
Correctness and updatebility of code Kannengiesser etal. (2021), Köhler and Pizzol (2020)
Visibility of sensitive data Kannengiesser etal. (2021), Pedersen etal. (2019), Toufaily etal. (2021)
The transparency challenge ofblockchain inorganizations
1 3
difficult, required substantial architectural changes, and
caused increased complexity or restricted the originally
intended scope.
To provide a shared understanding of the application
areas of blockchain technology that we use to illustrate the
consequences of excessive transparency, we first introduce
some background on blockchain technology, derive common
use case patterns, and list examples for the sensitive infor-
mation involved. We then point out the fundamental trans-
parency challenge affecting many of these patterns and the
corresponding difficulties developers and decision-makers
face in businesses and institutions when conceptualizing or
scaling corporate blockchain applications. We also illustrate
to which extent permissioned blockchains and some recent
developments in the practical use of cryptographic tools
may help mitigate the transparency challenge. We close by
summarizing our main results and identifying avenues for
future research.
Background
A blockchain is a specific distributed ledger type that builds
on a peer-to-peer network where all data are replicated
across multiple servers (nodes) in a fault-tolerant way
(Butijn etal., 2020). Blockchains’ physically distributed and
organizationally decentralized yet logically synchronized
data management is achieved through an append-only
structure in which batches of transactions (blocks) are linearly
connected through hash-pointers (chain) (Beck etal., 2017).
Nodes decide which blocks to append and how to order the
transactions within a block through a consensus mechanism
(Wüst & Gervais, 2018). Provided a majority of the network
in a specific metric such as hash rate (proof of work), the share
of cryptocurrency (proof of stake), or the number or reputation
of nodes (voting-based or proof of authority consensus) is
honest, this guarantees the correct execution of transactions
and the practical immutability of the ledger. Transactions can
represent a simple payment or the execution of a program
(smart contract) whose code is specified through a previous
transaction (Butijn etal., 2020). The confidence that the
execution of a transaction has the intended consequences
and cannot retrospectively be altered without the need to rely
on the availability and honesty of a specific entity is often
referred to as digital trust (Nofer etal., 2017).
A common categorization distinguishes between permis-
sionless blockchains, where any entity can participate in con-
sensus, and permissioned blockchains, where only selected
entities can take this role, for instance, within a consortium
from industry or the public sector (Beck etal., 2018; Wüst &
Gervais, 2018). Permissionless blockchains are public, i.e.,
any entity can download and read the corresponding state of
the ledger. By contrast, permissioned blockchains are often
– but not always – private, i.e., only authorized entities have
read access (Rossi etal., 2019). As active participation in
consensus typically involves receiving, reading, storing, and
executing transactions and updating the local ledger accord-
ingly, the nodes participating in consensus are a subset of
the entities with read access. It is also important to note that
in this sense, many blockchains used in the public sector are
private and permissioned, as they are run by and accessible
to selected entities only (Rieger etal., 2019).
The enforcement of business logic through smart con-
tracts technically prevents misconduct by individual partici-
pants and creates trust in the correct handling of processes
(Bons etal., 2020). For instance, the Ethereum blockchain
can even be considered a platform of platforms, specifically
for financial applications (Buterin, 2013) but intended for
more general purposes. Blockchain-based information sys-
tems for use in organizations can also be seen as an alterna-
tive to a trusted third party – for instance, if stakeholders
cannot agree on a potential platform owner because they fear
its corresponding market power. Blockchains and smart con-
tracts hence provide the opportunity to implement a variety
of applications that involve multiple organizations on the
same neutral platform with strong guarantees on the cor-
rectness and non-repudiability of transactions (Bons etal.,
2020; Fridgen etal., 2019). Yet, it is unlikely that block-
chains represent a purely technical substitute for all services
established trusted intermediaries provide today (Fridgen
etal., 2021).
Beyond this commonality, blockchain applications are
very heterogeneous and can be associated with many differ-
ent use cases. While research has already provided differ-
ent classifications, often with a fairly technical focus (e.g.,
see Xu etal., 2018), so far there has been no focus on the
types of sensitive data involved. We hence present some
use case patterns (payment, tamper-resistant documenta-
tion, cross-organizational workflow management, ubiqui-
tous services, digital identities, tokenization, and machine
economy) to illustrate what kind of sensitive information
they can involve. We will repeatedly use these use case pat-
terns, which we summarize in Table2, to illustrate related
transparency challenges and solution approaches in the sub-
sequent sections.
1. Payment
Likely the best-known application of blockchain
technology is digital payments. In this context, the
cryptocurrency Bitcoin is a popular and arguably the
foundational example (Nakamoto, 2008). Many stake-
holders also consider smart contract-enabled conditional
payments to be an appealing application. Blockchain
technology has also been tested to improve traditional
payment systems’ efficiency, for instance, by easing
inter-bank settlement, or for digital currencies directly
J.Sedlmeir et al.
1 3
issued by the central bank (Dashkevich etal., 2020).
These examples can involve sensitive information such
as individuals’ and businesses’ revenues, expenses, bal-
ances, turnover, or metadata that reveals the frequency
of interactions between businesses and individuals.
2. Tamper-resistant documentation
Trust plays a key role in payment transactions and is
facilitated through the practical immutability of infor-
mation stored on blockchains. However, tamper-resistant
data storage can enable applications beyond payments to
prevent – or at least make evident – the ex-post manipu-
lation of processed information. For instance, one of the
four core use cases for the European Blockchain Ser-
vices Infrastructure is notarization, seeking to provide a
service for creating trusted digital audit trails that allow
one to prove the integrity of diplomas or administra-
tive documents (European Commission, 2021). Another
application area for tamper-proof documentation is Car-
dossier, which allows one to collect and sell verifiable
data about used cars, thus reducing information asym-
metries in markets (Zavolokina etal., 2020) and increas-
ing consumer trust (Bauer etal., 2020). Therefore, the
recorded data can be personally identifiable or have
business value.
3. Cross-organizational workflow management
The availability of an infrastructure for tamper-
resistant documentation and the timely distribution
of information to many parties also enable the cross-
organizational coordination of business processes. Smart
contracts can enable event handling, facilitating process
control, and, in the long term, the automation of selected
process steps within cross-organizational business rela-
tionships (Fridgen etal., 2018; Sturm etal., 2019). The
coordination of such processes requires the visibility of
information such as the time, frequency, and utilization
of services or processes, to third-party organizations
to enable cross-organizational workflow management
(Kannengiesser etal., 2021). One prominent example in
the logistics sector is TradeLens, a blockchain-enabled
platform that aims to improve the scheduling along the
maritime logistics chain by communicating shipping
events while tracking shipping containers and digitizing
the related documentation (Jensen etal., 2019). Another
example of a permissioned blockchain is MediLedger,
which prevents the injection of fake medicals in phar-
maceutical supply chains through improved information
exchange between various stakeholders and preventing
the double-spending of authentic medicals (Mattke
etal., 2019).
4. Ubiquitous services
Many services on blockchain-based platforms are
available even without the need to interact with a busi-
ness or another organization. These ubiquitous services
are provided through smart contracts. Once published,
smart contracts typically remain available without fur-
ther maintenance by the original developer as long as the
underlying blockchain continues to be operated; thus,
they can offer services without service providers. One
prominent example is automated market makers that
facilitate decentralized exchanges through providing
a pricing mechanism in a smart contract, for instance,
Uniswap, or managing investment portfolios in DeFi
Table 2 Blockchain application patterns and examples for the sensitive information involved
# Pattern Example use cases References Types of sensitive information
1 Payment Bitcoin, central bank digital cur-
rencies
Nakamoto (2008), Dashkevich
etal. (2020)
Individuals’ and businesses’
revenues, expenses, balances,
turnover and business partners
2 Tamper-proof documentation Notarization, Cardossier EC (2021), Zavolokina etal.
(2020)
Content and validity status of docu-
ments, information that could be
sold on a market
3 Cross-organizational work-
flow management
Tradelens, MediLedger Jensen etal. (2019), Mattke etal.
(2019)
Frequency and type of processes,
relationships between organiza-
tions involved
4 Ubiquitous services Oracles (Chainlink), DeFi
(Uniswap)
Al-Breiki etal. (2020), Wang etal.
(2019), Werner etal. (2021)
Risk exposure associated with
financial investments
5 Digital identities Namecoin, German asylum case Kalodner etal. (2015), Amend
etal. (2021)
Individuals’ names, addresses,
health information, permissions
and achievements
6 Tokenization Ticketing (GUTs), investments and
fractional ownership
Regner etal. (2019), Sunyaev etal.
(2021), Whitaker and Kräussl
(2020)
Individuals’ and organizations
investment decisions and voting
behaviour
7 Machine economy Micropayments, economically
autonomous robots
Jöhnk etal. (2021), Schweizer
etal. (2020)
All of the above; machines are typi-
cally associated with organiza-
tions or individuals
The transparency challenge ofblockchain inorganizations
1 3
(Grigo etal., 2020; Werner etal., 2021). Another popu-
lar kind of ubiquitous services are oracles, which pro-
vide information from the external world, such as stock
prices, meteorological data, or flight delays, on-chain.
Oracles are also implemented via smart contracts and
often employ truth discovery methods that compare dif-
ferent inputs and involve combinations of incentives and
penalties to make the provided data reliable (Al-Breiki
etal., 2020).
5. Digital identities
The provision of digital identities can be regarded
as a particularly impactful application for ubiquitous
services. In many applications, digital representations
of physical entities are needed (Dietz & Pernul, 2019).
Blockchains’ transparency and tamper resistance have
been used early on to link entities to public keys (Kalod-
ner etal., 2015). On the other hand, blockchain technol-
ogy has also popularized the concept of a digital wallet
that organizations, users, and smart things can maintain
to claim not only the ownership of cryptocurrencies but
also of digital identities that verifiably attest their attrib-
utes and authorizations. Germany’s Federal Office for
Migration and Refugees is already active in this area and
is investigating the possibility of creating a unique digi-
tal identity for refugees that is suitable for administra-
tive purposes across organizational boundaries (Amend
etal., 2021).
6. Tokenization
Besides unique identities for persons, organizations,
and machines, blockchains can also create digital
representations of scarce physical and digital assets.
However, in this context, the emphasis is not on
allowing these objects to maintain their own identity
but rather to make them tradable with a global pool
of potential buyers. While fungible tokens, such as
units of a cryptocurrency, are interchangeable, non-
fungible tokens (NFTs) are digital representations of
unique physical or digital objects, such as collectibles,
artworks, or virtual gaming assets. The change of
ownership relationships and attributes of such tokens
are recorded on blockchains. NFTs can represent
tickets (Regner etal., 2019), real estate, services,
artwork, or other creative work. An illustrative example
is GUTS, an event ticketing system empowering
visitors to exercise full control over their tickets,
including reselling them, while giving the event
organizer secondary market control in terms of prices.
Tokenization also enables fractional ownership, thereby
potentially increasing previously illiquid markets
liquidity (Whitaker & Kräussl, 2020) and allowing
investors to vote on how the underlying asset should
be managed.
7. Machine economy
Ultimately, machines can maintain their own iden-
tity and exchange value through tokens. Micropayments
can improve processes between various machine entities.
Owing to rapid developments in artificial intelligence
and the Internet of Things, it is likely only a matter of
time before machines can interact autonomously with
one another (Jöhnk etal., 2021). With the absence of
centralized monitoring and decision-making, a block-
chain can serve as a trust-based technology and infra-
structure to enable the exchange of master data, dynamic
data but also digital assets between such autonomous
agents (Schweizer etal., 2020).
The transparency challenge
a) Problem statement
In public permissionless blockchains, every block,
including all transactions to be operated, is generally
disseminated to every node. Nodes then store and check
each transaction and compute the corresponding updates
to the world state – a running aggregate representation
of all previously executed transactions that is maintained
for efficiency reasons.1 This inherent redundancy of
data processing and storage in blockchains facilitates
fault-tolerance through cross-checking and forms the
backbone of blockchains’ promise of providing digital
trust. On the other hand, replication by a large number
of nodes, some of which may not be trustworthy, is a
double-edged sword: it inevitably leads to challenges
associated with the exposure of sensitive information
such as critical business data or personally identifiable
user data (Platt etal., 2021; Zhang etal., 2019).
So far, transparency concerns seem to play only a
minor role in cryptocurrencies and related financial
applications of blockchain. As it is known that users
pseudonymous blockchain addresses can often easily be
mapped to natural persons or organizations (Biryukov &
Tikhomirov, 2019), essentially, today individual users or
companies are deciding wittingly to reveal their transac-
tions and, thus, their payments, investments, strategies,
and risk exposure. Nonetheless, excessive transparency
is currently a major challenge for DeFi from another
perspective: block-producing nodes can not only decide
which transactions to include in the next block but also
1 Replication is also typical of many other kinds of distributed ledg-
ers with alternative data structures, like, for example, directed acyclic
graphs, and many aspects of our discussion hence extend to these,
too. However, for simplicity, we will stick to blockchains for the
remainder of this paper.
J.Sedlmeir et al.
1 3
in which order. Hence, they can make additional profit
by observing the transaction proposals that have not yet
been included in a block (the mempool) and selecting
and ordering them in their favour or even sandwiching
them between own transactions that are only conducted
for this reason to make arbitrage (Daian etal., 2020).
This is not only problematic from a regulatory per-
spective and typically forbidden in regulated markets
(McCann, 2000), it can also lead to misaligned incen-
tives in consensus that reduce the security of the under-
lying blockchain infrastructure.
In many applications, the disclosure of data to other
blockchain nodes by default often conflicts with com-
panies’ data policies, customers’ expectations, and anti-
trust and data protection regulations, and specifically
with the GDPR’s “right to be forgotten” (Schellinger
etal., 2021). While individuals can agree with the pro-
cessing and sharing of their data, they can demand dele-
tion at a later stage according to the GDPR. As organi-
zations expected benefits from the sharing of verifiable
personal information via digital identities to streamline
processes, this dilemma has resulted, for instance, in the
development of workarounds that allow one to remove
data retroactively despite the presumed immutability of
blockchains (e.g., Ateniese etal., 2017; Deuber etal.,
2019). Nonetheless, enforcing the deletion of all cop-
ies that nodes may have made is technically impossible.
Further, if it is necessary to undertake major efforts to
delete supposedly confidential data on a blockchain, it
may not have been a good idea to replicate them among
multiple nodes in the first place. On the other hand, the
GDPR also lists requirements such as purpose limitation
and privacy by default (Haque etal., 2021; Schellinger
etal., 2021) that makes already the initial replication
of data by multiple organizations – many of which are
unlikely involved in the associated process – question-
able. Thus, although Bélanger and Crossler (2011) gen-
erally advise that one study information privacy issues at
the “organization level,” it seems justified to specifically
consider the implications of using blockchain technol-
ogy on data visibility.
Similar considerations apply for sensitive business
information: Enterprises that wish to lever a blockchain
for use case patterns such as cross-organizational work-
flow management to share data or to improve the coor-
dination of fragmented, multi-lateral business processes
hence need to think through the potential consequences
of exposing business-critical data on a blockchain in
detail. For instance, consider a cross-organizational
workflow process. If information such as a part ID asso-
ciated with this workflow is stored on a blockchain, at
least all participants that run a node will have access to
these data and often will be able to infer which entity
was involved in manufacturing steps related to this part
ID because transactions are digitally signed, and repeti-
tive patterns can help with the de-pseudonymization of
accounts. On the other hand, if data like part IDs are
not stored on-chain, the process cannot be coordinated
seamlessly through a smart contract owing to the lack
of information that each of the parties would need for
an end-to-end verification of provenance (Bader etal.,
2021). This includes qualitative proofs of provenance
that show that all the suppliers who contributed to a
composite part were certified, which relates to organiza-
tions’ digital identities. On the other hand – and arguably
even more complicated – there are quantitative proofs
of provenance, for instance, to demonstrate that a busi-
ness only uses ethically sourced precious metals or green
energy for a specific product. This topic is increasingly
relevant in the context of regulation like the novel Euro-
pean supply chain law, which was, for instance, recently
followed by the German Supply Chain Act (German
Federal Government, 2021), and the increasing demand
for holistically tracking carbon emissions that a specific
product has caused across its supply chain (Sundara-
kani etal., 2010). Research has already suggested to
use blockchain technology to monitor resource usage
in production and logistics (Manupati etal., 2019), and
representing resources by tokens seems to be a viable
approach to prevent double-usage. However, in both
cases, stakeholders will see a lot of information about
other entities and their actions in the supply chain who
are not their direct business partners.
b) Encryption and hashing only helps in limited scenarios
Many blockchain projects have decided to mitigate
privacy issues by putting the data on a blockchain only
in encrypted or hashed form. By this method, consen-
sus can be found on obfuscated data that can still be
used to prove the integrity of the original data with-
out the need to replicate it directly on the blockchain
(Schellinger etal., 2021). Yet, it is also risky to publish
specifically encrypted data on a blockchain: While con-
ventional software and databases can regularly update
their encryption algorithms to keep up with new devel-
opments and threat scenarios and also periodically
re-encrypt it with a new, more secure algorithm, the
immutability of a blockchain’s ledger implies that his-
toric encrypted data is exposed to all nodes without such
modifications. Consequently, blockchains may pose a
tempting target for future decryption attacks with brute
force (Xu etal., 2021) or quantum computers (Lindsay,
2020). Even hashed identity information on a blockchain
can be problematic, specifically if referred to repeatedly
(Finck, 2018; Marx etal., 2018).
Both encryption and hashing also make data largely
useless as inputs for smart contracts since checking
The transparency challenge ofblockchain inorganizations
1 3
conditions or performing other computations typically
conducted by smart contracts is generally not possible
on obfuscated data.2 To utilize the proclaimed benefits
of smart contracts, the code itself, input, and output
data need to be accessible to the other blockchain nodes
(Kannengiesser etal., 2021). For instance, looking at the
use case patterns of payment and cross-organizational
workflows, the approach to handle business logic such as
conditional payments or auctions using smart contracts
implies that the data that underlies these operations
(e.g., the variables on which conditional checks are per-
formed, or ownership relationships) need to be available
on-chain because otherwise, the nodes cannot validate
a new transaction by computing its impact on the world
state and cannot update their local ledger accordingly.
However, this data sharing with other nodes by default
may not be in the interest of a party writing the code or
holding the input data (Platt etal., 2021). Thus, while
tamper-resistant documentation can be achieved with-
out major privacy challenges and trade-offs, it is unclear
how coordinating or automating processes that require
the provision of multiple parties’ inputs in smart con-
tracts should be achieved without excessive transpar-
ency.
c) The fundamental tradeoff between restricted visibility
and efficiency
This dilemma inhibits many use cases in which the
information that is necessary to automate processes
on a blockchain may not be revealed to other parties
for corporate secret (need to know) or antitrust regula-
tion reasons. It also makes businesses such as suppliers
whose business model is based on information asym-
metries reluctant to join a blockchain-based platform
that would reveal their business relationships and pro-
cesses to upstream and downstream entities and com-
petitors. This issue is particularly unfortunate since the
collaboration between many potentially competing busi-
nesses on a neutral platform was thought to be one of
the areas where blockchain technology has the highest
economic potential. While reducing information asym-
metries can be beneficial, revealing potentially sensitive
business and customer information to competitors and
other third parties is often so problematic that it inhibits
uploading business-related data to a blockchain entirely.
Compared to other often-mentioned challenges of
blockchain diffusion, there is also an interesting abstract
argument why the transparency challenge seemsfunda-
mental: issues such as integration with legacy systems,
governance, or performance canarguably be solved
incrementally by gradually increasing the scope of pro-
cesses and the number of participants in the system, by
optimizing protocols and code, or by improving compute
power and bandwidth over time (Sedlmeir etal., 2021a).
In contrast, datashared on a blockchain have another
quality: either a piece of information is written to the
blockchain and therefore available to the other nodes, or
it is not. Beyond a few special cases of statistical infor-
mation disclosure techniques such as differential privacy
in big data (Dwork, 2006), it seems an open question
how data can be made incrementally less sensitive while
at the same time being useful as inputs of a smart con-
tract that, for instance, conducts a conditional check.
Thus, we observe a seemingly fundamental trade-off
between efficiency gains and excessive data visibility
issues (see Fig.1). A focus on the operation of business
logic and the automation of processes via smart con-
tracts requires storing related input and output data for
the smart contract on-chain, which causes issues with
the compliant handling of sensitive data. On the other
hand, reducing the amount of information that is avail-
able on-chain means that there is less information to
use in smart contracts and thus reduced utility from the
blockchain. This main privacy challenge can be regarded
as an economically oriented version of the trade-off
One of blockchains‘ core
characteristicsis replicated
storage and execution.
Data stored on-chain (e.g.,
inputs and outputsofa smart
contract) are visible to all
other blockchain nodes.
If data are stored off-chain, then smart
contractscannotaccess the data and
the scope of efficiency increaseas
promised by blockchainsisreduced.
If data are stored on-chain, then
in many applications this means
excessive visibility.
Fig. 1 The core argument why there is a transparency challenge for blockchains
2 We do not discuss homomorphic encryption(HE) here because at
the moment, we consider it too specific (partial HE) or too computa-
tionally intensive (fully HE) to be practical on blockchains as of today
beyond a few special cases.
J.Sedlmeir et al.
1 3
Turing-complete smart contracts versus data confiden-
tiality as presented in Kannengießer etal. (2020), and
has been acknowledged – albeit often with less emphasis
– by many research articles on blockchain technology
(e.g., Toufaily etal., 2021).
Solution approaches
In this Section, we illustrate three approaches – permis-
sioned blockchains, self-sovereign identities for individuals
and organizations, and verifiable computation focusing on
zero-knowledge proofs – that can help avoid excessive infor-
mation exposure on blockchains.
Permissioned blockchains
One natural reaction of businesses to challenges relating to
public permissionless blockchains, which besides excessive
data visibility include low throughput, relatively high con-
firmation latencies, and high and often volatile transaction
costs (Sedlmeir etal., 2022), is moving to private permis-
sioned blockchains that restrict read access and participation
in consensus and therefore provide better control of infor-
mation exposure. This approach has, therefore, often been
advised as a satisfactory solution to privacy issues (e.g. see
Lacity & Van Hoek, 2021). However, permissioned block-
chains can only partially mitigate the fundamental transpar-
ency challenge since exposing sensitive information only to
a few other stakeholders can still be an inhibiting problem.
For instance, Trade-Lens even levers multiple blockchains
(channels) to separate the large and competing shipment car-
riers from one another and to avoid that a large carrier can
count the events associated with another carrier and learn
about how its business is going. Nonetheless, within one
channel, there are still many potentially competing stake-
holders such as ports and logistics service providers, and
information that is sensitive from the perspective of clients
– such as the Bill of Lading – needs to be stored off-chain
(Jensen etal., 2019). Thus, for instance, the information reg-
istered in the Bill of Lading cannot be used for managing
escrows or market activity on the blockchain-based solution.
To further mitigate the negative consequences of exces-
sive transparency, popular permissioned blockchains such as
Hyperledger Fabric and Quorum support private transactions
(Consensys/GoQuorum, 2021; Guggenberger etal., 2021).
In these private transactions, hashed or encrypted data are
distributed to all nodes, and only selected nodes specified on
the smart contract or transaction level perform the execution
based on the original data that they can request through a
peer-to-peer messaging layer or read from the blockchain and
decrypt. Similar approaches can be made on permissionless
blockchains by specifying that for valid updates to a smart
contract state, only the signatures of selected parties on the
updated state or a commitment onto it are required. Involving
all parties affected by a specific transaction reduces infor-
mation exposure without a trade-off in trust. However, the
restricted access to information on-chain again implies that
a smart contract can only offer considerably less functional-
ity or that another communication layer needs to be added
to distribute the underlying data between the involved enti-
ties. For instance, if a blockchain is meant to be used for the
traceability of components in the automotive supply chain
such that all cars containing one part from a problematic
delivery of a Tier n supplier can be determined, this means
that all information about the fabrication of sub-components
and their provenance needs to be visible at least upstream.
Since information asymmetries in supply chains are essential
for most suppliers’ business models, it is not surprising that
blockchains have a tough time in such use cases where the
splitting and merging of components along the supply chain
are more complex than tracking the route of a container or
a charge of largely unprocessed groceries or products, as in
IBM’s seemingly successful Food Trust (Kamath, 2018).
Essentially, the core transparency challenge hence remains
also in the private permissioned setting: the more utility
smart contracts are supposed to offer, the more daunting the
challenges related to the disclosure of sensitive information.
Besides, switching to a permissioned blockchain also comes
at additional disadvantages, as setting up and maintaining nodes
for a domain-specific permissioned ledger requires skilled
employees, much coordination effort, and a sophisticated
governance mechanism that enterprises need to invest in.
Moreover, different permissioned blockchains are difficult to
connect, so using many fragmented permissioned blockchains
can substantially decrease the network effects that proponents
of blockchain technology have expected (Brody, 2019).
Indeed, the results of a recent study by Toufaily etal. (2021)
indicate that organizations tend to switch from permissioned
to permissionless blockchains. Consequently, permissioned
blockchains are not a general solution to the transparency
challenge.
Digital identities
a) Self-sovereign identities for individuals
As previously discussed, the replicated storage of
personal information does not comply with privacy
regulation like the GDPR and hence makes storing
digital identity information directly on a blockchain
practically impossible for organizations. Fortunately, the
immutability of identity-related information as one of the
core value propositions expected from blockchains can be
provided in many cases by third parties’ digital signatures
(Sedlmeir etal., 2021b). For instance, federal printers that
issue digital ID cards or universities that provide digital
The transparency challenge ofblockchain inorganizations
1 3
diplomas are typically trusted in their specific, limited
domain. Immutability alone is also often not sufficient
for identity documents, because also the authenticity
of the information at the time of writing is relevant; for
instance, that a Covid-19 vaccination credential was issued
by a certified doctor (Rieger etal., 2021). On this basis,
many projects that focus on privacy and user-oriented
identity management or the bilateral exchange ofverifiable
information don’t use a blockchain for the storage of
identity-related information or hashes thereof. Rather, they
only involve a distributed ledger as a substitute for specific,
ecosystem-related services that have so far been provided
by certificate authorities and that involve information that
is meant to be public (Schlatt etal., 2021). Early examples
of this approach are Canada’s Verifiable Organizations
Network and Germany’s IDunion consortium. This
decentralized or self-sovereign identity (SSI) paradigm
was largely motivated by the digital wallets that became
popular through blockchains and is also often affiliated
with blockchains (Čučko & Turkanovic, 2021; Soltani
etal., 2021). In this sense, despite the high sensitivity of
involved personal data, digital identities may be one of
the few blockchain application patterns with no significant
privacy challenges because the main data exchange
happens in bilateral communication in the form of digital
certificates, and the blockchain only provides a tamper-
resistant ledger for public data such as issuers’ signing
keys and implementing technical governance mechanisms.
The availability of digital and verifiable data for
users and institutions is not only a promising applica-
tion of blockchain that does not exhibit privacy issues
to the extent of other patterns, but also allows one to
transfer information and corresponding existing real-
world trust frameworks to blockchains in a verifiable
way. Many business-related use cases will require the
feed-in of verifiable off-chain data, such as a proof of
legal age or of accomplished tax payments, in the future.
Another application area is the verifiability of sensor
data utilizing a certificate that confirms the sensor’s
provenance and proper calibration. Here, digital iden-
tity management may offer an alternative approach to
oracles (Caldarelli, 2020) and replace truth discovery
mechanisms through the verifiability of cryptographic
proofs of provenance. Moreover, this also provides the
opportunity to selectively disclose information from a
larger, verifiable dataset: The privacy capabilities used
in many SSI implementations for the selective disclo-
sure of attributes can even provide the data minimiza-
tion or anonymization required for natural persons to
directly interact with smart contracts while complying
with regulation (Platt etal., 2021). Thus, approaches to
decentralized identity management where blockchain
technology only plays a moderate role can likely become
the key building block in many applications that were
thought to be a core blockchain case but may also help
to connect blockchains with real-world identity and trust
frameworks, extending their capabilities.
b) Self-sovereign identities for organizations
The availability of digital identities for organizations
also enables efficient cross-organizational identifica-
tion and, thus, authenticated bilateral data exchange.
This may improve the exchange of both master data and
dynamic data between enterprises (Hyperledger-Labs,
2021). Based on such solutions, organizations can man-
age other organizations’ permissions in a fine-grained
way, facilitating an access management for bilateral
(non-blockchain based) operational data exchange that
satisfies data sovereignty and interoperability require-
ments. For this reason, digital identities for organiza-
tions will likely play an important role in the European
cloud initiative GAIA-X.
The bilateral exchange of authentic information
between organizations should be considered as a pre-
requisite for blockchains rather than a consequence: it
allows stakeholders to communicate sensitive data that
are not suitable to store on a blockchain but that may be
necessary to make sense of otherwise obfuscated, block-
chain-based transactions and events (e.g., in the form of
hashes). Once there is a solid foundation for bilateral
communication, data related to relevant processes or the
need to interact with other stake-holders can selectively
be taken to higher transparency so as to add further util-
ity. An all-or-nothing approach can hardly be regarded as
suitable in a system in which the degree of transparency
needs to be well-balanced. Moreover, the anonymization
and selective disclosure features of SSI could also help
organizations coordinate workflows on-chain without
leaving a trace of sensitive information.
The situation that current SSI initiatives lever
cryptographic methods such as public key cryptography
that is also incorporated in blockchains and that require
sophisticated cryptographic key management, and
that most of them even build on a blockchain instead
of certificate authorities, may also allow enterprises to
become familiar with technical and organizational best
practices for wallet usability and the development and
governance of decentralized applications in production.
Further, if designed as discussed, the use cases of digital
identities on the one side and payment and tokenization
on the other side may be complementary: Blockchain
technology’s supposed initial core value proposition
was the transfer of value in the form of cryptocurrencies
or tokens across multiple stakeholders without an
intermediary. This transfer of value cannot be solved by
the digital certificates employed in SSI, since they can
be copied and used repeatedly. On the other hand, digital
J.Sedlmeir et al.
1 3
certificates allow stakeholders to exchange verifiable
data bilaterally and, thus, avoid the storage of sensitive
information on a blockchain. Yet, while SSI can provide
an additional, standardized information exchange
layer without intrinsic transparency issues and allows
persons and entities to selectively and verifiably reveal
authorizations and attributes as attested by third parties
also on-chain, many limitations do not make it a general
solution for the transparency challenge. For instance,
SSI cannot help in many scenarios where a third-party
attestation is not available or – as common in blockchain
applications – not trusted by all relevant stakeholders.
Verifiable computation
a) Validation is possible without full knowledge
In many use cases, blockchain nodes only need to
know selective information about what is being pro-
cessed in payments or smart contract operations to
verify a transaction’s validity. A simple example of a
cross-organizational workflow management case is
a logistics supply chain in which transactions should
be visible to only a small subset of nodes or clients.
This can be achieved, for instance, through attribute-
based encryption that offers a convenient way to allow
decryption only to a specific subset of participants on
the blockchain, based on their digital identities (Bader
etal., 2021). In permissioned blockchains, the previ-
ously discussed private transactions provide similar fea-
tures. However, if a transaction changes a variable that
may affect manyother parties, pure visibility restriction
through encryption-based access control becomes less
useful, and more complex privacy-enhancing technolo-
gies need to be applied. For instance, in a simple pay-
ment, if entity B wants to receive a payment from entity
A, entity B needs to be able to verify that it received the
intended amount, while all other stakeholders indirectly
affected by this transfer (i.e., owners of units of the same
kind of tokens) only need to be sure that entity As bal-
ance is high enough to cover the transaction and that
the total supply of token units is unchanged, since oth-
erwise, the value of their own assets may decrease as a
result. The transaction amount and A’s and B’s identities
are likelyirrelevant to the other stakeholders (excluding
the regulator in this simple example).
Similar patterns are present in industry, where stake-
holders or regulators want to be convinced that business
partners comply with specific rules, while many other
details are not relevant. A thriving cross-organizational
workflow example from supply chain management is
MediLedger, where pharmaceutical businesses (and
ultimately, the regulator) require a proof that a delivery
of medicals is authentic. If the sender can convince all
blockchain nodes that this is the case, no further infor-
mation is needed (Mattke etal., 2019). For proving
the invariance of a global variable (e.g., the number of
authentic medicals) under a transaction, it is sufficient to
prove local invariance in a transaction that only changes
local states. Consequently, a company that records all
the transactions it was involved in could demonstrate
to an auditor that more units of a specific good were
not sold than previously received at any time. Yet, as
there is typically no auditor that all participants on the
blockchain trust, SSI is not a viable solution, and purely
cryptographic technologies are often used in this con-
text.
b) Zero-knowledge proofs
One approach that has matured significantly over
the last years are zero-knowledge proofs (ZKPs). ZKPs
allow a prover to convince a verifier of the knowledge of
data with specific properties (Goldwasser etal., 1989).
One example could be that the prover proves to the veri-
fier that he or she knows the solution to a Sudoku puzzle,
without revealing any information that would make it
easier for the verifier to solve the Sudoku puzzle him−/
herself. A frequent type of proof that is relevant in the
context of blockchains is a proof of knowledge of a pre-
image of a hash (where the hash is public but the pre-
image remains private), and a proof of knowledge of
a digital signature that authorizes a transaction. More
generally, ZKPs can be used to prove that some public
data – which could itself be a hash – is the correct result
of the execution of an algorithm on private data, with-
out revealing any additional information (Ben-Sasson
etal., 2014). ZKPs hence allow to replace the replicated
execution of a transaction to ensure its integrity by the
replicated execution of a proof verification algorithm
that attests to the correctness of the result that was
computed only by one entity. ZKPs can thus decouple
the verifiability of data from their on-chain visibility
(Platt etal., 2021). In the cryptocurrency Zcash, fully
private (shielded) transactions are implemented with
ZKPs (Ben-Sasson etal., 2014); and since ZKPs have
also been used in many other blockchain-related pro-
jects to address data visibility challenges. For example,
MediLedger took large parts of the Zcash implemen-
tation and adapted the codebase to prove the authen-
ticity of pharmaceuticals (Mattke etal., 2019). Thus,
ZKPs can mitigate issues related to the confidentiality
versus integrity trade-off discussed by Kannengießer
etal., 2020 because they enable the replicated verifi-
cation of transactions and, thus, trust in their integrity
despite not disclosing sensitive information. Generally,
it may not be a coincidence that the early adoption of
new cryptographic technologies that were previously
successfully tested in a cryptocurrency may be adopted
The transparency challenge ofblockchain inorganizations
1 3
by businesses that pursue blockchain activitieswithout
requiring exceptionally high R&D expenditures.
c) Further verifiable computation technologies
However, caution is required: First, the practical adop-
tion of ZKPs is still in its infancy and has limitations.
To date, levering ZKP causes additional complexity and
requires experts from cryptography to translate business
logic into corresponding code. While the proof verifica-
tion conducted by every node is typically succinct, i.e., it
requires very little computational resources, the prover
still needs to provide expensive hardware (Bootle etal.,
2020). Second, ZKPs’ scope is naturally limited because
the prover locally needs all the information to perform
the original computation and to derive the associated
proof. Thus, ZKPs cannot be used generically for pri-
vacy in smart contracts if their execution is supposed to
compute on or modify private data from multiple enti-
ties, so other techniques are needed (Buterin, 2014).
One approach is to use trusted execution environments
(TEEs) like Intel’s Software Guard Extensions (SGX),
which ensures transactions can only be decrypted within
a secure domain within the CPU and generates attesta-
tions for the computation’s correctness. This approach
is already quite flexible and offers good performance.
However, in the past, researchers have frequently found
vulnerabilities of TEEs; and there is a single point of
failure (the manufacturer of the TEE), which can be par-
ticularly problematic for blockchains not only in terms
of trust but also considering lock-in effects. For example,
several projects that aim to establish privacy in block-
chains based on SGX (Bao etal., 2020), but recently,
Intel announced that they would not integrate SGX in
their new generation of CPUs (Pezzone, 2022). A pop-
ular trustless cryptographic alternative is multi-party
computation (MPC) which allows the joint evaluation
of a function of many variables, where each party only
knows their private variables and learns the result. MPC
has also been intensively researched but to date still
seems challenging from a complexity and performance
perspective to adopt in general settings (Šimuníc etal.,
2021), specifically if they need to be complemented,
for instance, by ZKPs to prove the result’s correctness
on-chain. Nonetheless, there have been some promising
explorations in selected blockchain applications already.
Thus, among the privacy-enhancing cryptographic
technologies at hand, verifiable computation with ZKPs
is often regarded as the currently most mature technol-
ogy to offer solutions to blockchains’ privacy challenges.
The Ethereum ecosystem has been particularly innova-
tive, and related projects should be closely observed by
enterprises that wish to be at the forefront of integrat-
ing innovative solutions. As the research progresses, in
the long run, all the aforementioned privacy-enhancing
technologies may contribute (and be required) to solve
the trade-off between privacy and efficiency in smart
contracts.
Summary
In sum, we found three main approaches to how organiza-
tional blockchain solutions can address the transparency
challenge, which we represent in Fig.2. In our view, all
three alternatives are valuable in practice. While the first
and second options seem quite easy to implement, they also
have a relatively restricted scope. On the other hand, the
third approach is still very complex to implement today, and
there is not yet a generic solution that allows organizations to
integrate verifiable computation as easily as other software
Process dataoff-chain with
privacy-enhancingtechnologies
and provide proofs of computa-
tional integrityon-chain.
Exchange sensitive information
off-chain with digital wallets
and coordinate workflows
on-chain.
Limit visibility (and scope) by
restricting participation on the
blockchain to selected entities.
Fig. 2 Main approaches to address the transparency challenge
J.Sedlmeir et al.
1 3
components. From a more abstract perspective, we learn that
– while consensus provides the backbone for stakeholders’
trust in blockchains – the replication of the underlying sensi-
tive information on all nodes is often more related to avail-
ability guarantees. Permissioned blockchains and, within
them, specifically private transactions, can customize the
entities that need to agree for consensus on the validity and
implications of a transaction, and verifiable computation can
allow for a separation between consensus on the correctness
of the transaction and the underlying transaction data.
Conclusion
Initially, blockchain technology was regarded as a promising
and disruptive solution beyond the financial sector, aiming
at facilitating the digitalization in business networks where
multiple potentially competing stakeholders need to operate
on a joint digital infrastructure and streamline workflows
(e.g. Alt, 2020; Frizzo-Barker etal., 2020). While public
blockchains in cryptocurrencies and the rich ecosystem of
smart contract-based solutions in DeFi have already been
remarkably successful, large-scale blockchain applications
in industry and the public sector are still rare. We consider
the privacy challenge a considerable reason for this. Block-
chains’ inherent degree of transparency often conflicts with
corporate confidentiality policies and data protection regu-
lation. Mitigating these privacy issues by moving data off-
the-chain comes with reduced functionality and increased
complexity since smart contracts can generally only operate
on availabledata to all parties affected by their implications.
Cryptographic solutions that address those main challenges
are not one-size-fits-all and are often not yet practical or
come with significantly increased complexity. This trade-
off can be difficult to detect in an initially successful, often
internal proof-of-concept that has disregarded privacy issues
but becomes painfully apparent when scaling the use case to
more business partners.
Consequently, the use of smart contracts – while appeal-
ing from a functional perspective – must be carefully con-
sidered owing to the trade-off between increased efficiency
on the one hand and confidentiality issues on the other.
Opportunities and risks associated with moving from a
permissionless to a permissioned blockchain must also be
pondered since permissioned blockchains can only partially
address privacy challenges while at the same time carrying
disadvantages in terms of additional efforts and a lack of
interoperability with other blockchain-based projects. The
need for increased global transparency may be the exception
rather than the default for organizations, being desirable only
where it complies with regulation or if its value outweighs
the negative implications of revealing potentially compe-
tition-relevant information. Thus, we emphasize the need
for a base layer for trustworthy and verifiable information
exchange. Decentralized digital identities can help with this
in two crucial ways: First, they can facilitate users’ or smart
devices’ direct interaction with a smart contract through
selective disclosure and make real-world trust frameworks
available for the verification on blockchain solutions, which
also provides verifiable data for a blockchain to address the
Oracle problem. Second, building on standardized, cross-
organizational identity management for businesses and
institutions allows one to implement fine-grained yet effi-
cient authentication and authorization policies and, there-
fore, to move the trustworthy exchange of sensitive data to
another layer. Blockchains can become a beneficial tool in
particular cases where bilateral data exchange needs to be
supplemented by multi-stakeholder coordination, transpar-
ency, or auditability. Thus, SSI can play a central role in
enabling blockchain adoption and its diffusion into practice.
Ultimately, privacy-enhancing and verifiable computation
technologies such as ZKPs that allow one to selectively
disclose properties of transactions or processes while keep-
ing data private could becomeil a keybuilding block of
many blockchain applications, and we recommend closely
following the progress made in DeFi in these areas and to
adopt mature approaches and implementation frameworks
in organizations.
The present discourse reflects the multidisciplinarity
that characterizes research into blockchain adoption in
practice. There are multiple challenges and opportunities,
and studying them provides many avenues for future IS
research. Scholars and practitioners in the field need to be
aware of developments in privacy-enhancing technologies
in cryptography and assess new solutions’ legal foundations
and their compliance with antitrust and data protection
regulations. The GDPR was often criticized as an inhibitor
to innovation by the blockchain community. Yet, the case
of identity management may suggest that strict privacy
regulationmay not only reflect practical requirements
regarding the processing of sensitive information but can
even contribute to finding a more appropriate technical
role for blockchain in applications than initially foreseen.
Nonetheless, the business perspective will ultimately
decide which projects potential savings and new business
opportunities justify investments in R&D and complex
implementations. Deciding where to use centralized and
decentralized components and how to complement them with
privacy-enhancing technologies hence seems considerably
more complex than what the early blockchain decision trees
(e.g., Pedersen etal., 2019; Wüst & Gervais, 2018) have
suggested; and designing guidelines is a promising avenue
for IS researchers. In our view, blockchain research that
considers technical, legal, and economic aspects is needed
now more than ever, and there are rich opportunities for
future work on blockchain diffusion.
The transparency challenge ofblockchain inorganizations
1 3
Acknowledgements We gratefully acknowledge the Luxembourg
National Research Fund (FNR) and PayPal for their support of the
PEARL Project P17/IS/13342933/PayPal-FNR/Chair in DFS/
Gilbert Fridgen and the Bavarian Ministry of Economic Affairs,
RegionalDevelopment and Energy for their funding of the project
Fraunhofer Blockchain Center (20-3066-2-6-14) that made thispaper
possible. We also thank the editor and the anonymous reviewers for
their highly valuable and constructive feedback.
Funding Open Access funding enabled and organized by Projekt
DEAL.
Declarations
Conflict of interest The authors declare that they have no conflict of
interest.
Open Access This article is licensed under a Creative Commons Attri-
bution 4.0 International License, which permits use, sharing, adapta-
tion, distribution and reproduction in any medium or format, as long
as you give appropriate credit to the original author(s) and the source,
provide a link to the Creative Commons licence, and indicate if changes
were made. The images or other third party material in this article are
included in the article's Creative Commons licence, unless indicated
otherwise in a credit line to the material. If material is not included in
the article's Creative Commons licence and your intended use is not
permitted by statutory regulation or exceeds the permitted use, you will
need to obtain permission directly from the copyright holder. To view a
copy of this licence, visit http:// creat iveco mmons. org/ licen ses/ by/4. 0/.
References
Al-Breiki, H., Rehman, M. H. U., Salah, K., & Svetinovic, D. (2020).
Trustworthy blockchain oracles: Review, comparison, and open
research challenges. IEEE Access, 8, 85675–85685. https:// doi.
org/ 10. 1109/ access. 2020. 29926 98.
Allison, I. (2021). IBM blockchain is a shell of its former self after rev-
enue misses, job cuts: Sources. Retrieved February 6, 2022, from
https:// www. coind esk. com/ ibm- bloc k chain- reven ue- misses- job-
cuts- sourc es.
Alt, R. (2020). Electronic markets on blockchain markets. Elec-
tronic Markets, 30(2), 181–188. https:// doi. org/ 10. 1007/
s12525- 020- 00428-1.
Amend, J., Fridgen, G., Rieger, A., Roth, T., & Stohr, A. (2021). The
evolution of an architectural paradigm – using blockchain to
build a cross-organizational enterprise service bus. Proceedings
of the 54th Hawaii International Conference on System Sciences,
4301–4310. https:// doi. org/ 10. 24251/ hicss. 2021. 522.
Andoni, M., Robu, V., Flynn, D., Abram, S., Geach, D., Jenkins, D.,
McCallum, P., & Peacock, A. (2019). Blockchain technology in
the energy sector: A systematic review of challenges and oppor-
tunities. Renewable and Sustainable Energy Reviews, 100, 143–
174. https:// doi. org/ 10. 1016/j. rser. 2018. 10. 014.
Ateniese, G., Magri, B., Venturi, D., & Andrade, E. (2017). Redactable
blockchain – or – rewriting history in bitcoin and friends. Euro-
pean Symposium on Security and Privacy, 111–126. https:// doi.
org/ 10. 1109/ eurosp. 2017. 37.
Azzi, R., Chamoun, R. K., & Sokhn, M. (2019). The power of a block-
chain-based supply chain. Computers & Industrial Engineering,
135, 582–592. https:// doi. org/ 10. 1016/j. cie. 2019. 06. 042.
Babich, V., & Hilary, G. (2020). OM forum – Distributed ledgers and
operations: What operations management researchers should
know about blockchain technology. Manufacturing & Service
Operations Management, 22(2), 223–240. https:// doi. org/ 10.
1287/ msom. 2018. 0752.
Bader, L., Pennekamp, J., Matzutt, R., Hedderich, D., Kowalski, M.,
Lücken, V., & Wehrle, K. (2021). Blockchain-based privacy
preservation for supply chains supporting lightweight multi-hop
information accountability. Information Processing & Manage-
ment, 58(3), 102529. https:// doi. org/ 10. 1016/j. ipm. 2021. 102529.
Bao, Z., Wang, Q., Shi, W., Wang, L., Lei, H., & Chen, B. (2020).
When blockchain meets SGX: An overview, challenges, and open
issues. IEEE Access, 8, 170404–170420. https:// doi. or g/ 10. 1109/
access. 2020. 30242 54.
Bauer, I., Zavolokina, L., & Schwabe, G. (2020). Is there a market for
trusted car data? Electronic Markets, 30(2), 211–225. https:// doi.
org/ 10. 1007/ s12525- 019- 00368-5.
Beck, R., Avital, M., Rossi, M., & Thatcher, J. B. (2017). Blockchain
technology in business and information systems research. Busi-
ness & Information Systems Engineering, 59(6), 381–384.
https:// doi. org/ 10. 1007/ s12599- 017- 0505-1.
Beck, R., Müller-Bloch, C., & King, J. L. (2018). Governance in the
blockchain economy: A framework and research agenda. Journal
of the Association for Information Systems, 19(10), 1020–1034.
https:// doi. org/ 10. 17705/ 1jais. 00518.
Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: A
review of information privacy research in information systems.
MIS Quarterly, 35(4), 1017–1041. https:// doi. org/ 10. 2307/ 41409
971.
Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I.,
Tromer, E., & Virza, M. (2014). Zerocash: Decentralized
anonymous payments from bitcoin. IEEE Symposium on
Security and Privacy, 459–474. https:// doi. org/ 10. 1109/ SP.
2014. 36.
Biryukov, A., & Tikhomirov, S. (2019). Deanonymization and link-
ability of cryptocurrency transactions based on network analy-
sis. European Symposium on Security and Privacy. https:// doi.
org/ 10. 1109/ eurosp. 2019. 00022.
Bons, R. W., Versendaal, J., Zavolokina, L., & Shi, W. L. (2020).
Potential and limits of blockchain technology for networked
businesses. Electronic Markets, 30(2), 189–194. https:// doi.
org/ 10. 1007/ s12525- 020- 00421-8.
Bootle, J., Chiesa, A., & Liu, S. (2020). Zero-knowledge succinct
arguments with a linear-time prover. https:// eprint. iacr. org/
2020/ 1527. pdf.
Brody, P. (2019). How public blockchains are making private block-
chains obsolete. EY. https:// www. ey. com/ engl/ innov ation/ how-
public- block chains- are- making- priva te- block chains- obsol ete.
Buterin, V. (2013). A next-generation smart contract and decentral-
ized application platform. Ethereum. https:// ether eum. org/ en/
white paper/.
Buterin, V. (2014). Secret sharing DAOs: The other crypto 2.0.
Ethereum. https:// blog. ether eum. org/ 2014/ 12/ 26/ secret- shari
ng- daos- crypto- 2–0/.
Butijn, B.-J., Tamburri, D. A., & van den Heuvel, W.-J. (2020).
Blockchains. ACM Computing Surveys, 53(3). https:// doi. org/
10. 1145/ 33690 52.
Caldarelli, G. (2020). Real-world blockchain applications under
the lens of the oracle problem. A systematic literature review.
IEEE International Conference on Technology Management,
Operations and Decisions. https:// doi. org/ 10. 1109/ ictmo
d49425. 2020. 93805 98.
Consensys/GoQuorum. (2021). Private transaction lifecycle. https://
docs. goquo rum. conse nsys. net/ en/ stable/ Conce pts/ Priva cy/
Priva teTra nsact ionLi fecyc le/.
Čučko, S., & Turkanovic, M. (2021). Decentralized and self-sov-
ereign identity: Systematic mapping study. IEEE Access, 9,
139009–139027. https:// doi. org/ 10. 1109/ access. 2021. 31175 88.
J.Sedlmeir et al.
1 3
Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Brei-
denbach, L., & Juels, A. (2020). Flash boys 2.0: Frontrunning
in decentralized exchanges, miner extractable value, and con-
sensus instability. IEEE Symposium on Security and Privacy.
https:// doi. org/ 10. 1109/ sp400 00. 2020. 00040.
Dashkevich, N., Counsell, S., & Destefanis, G. (2020). Blockchain
application for central banks: A systematic mapping study.
IEEE Access, 8, 139918–139952. https:// doi. org/ 10. 1109/
access. 2020. 30122 95.
Deloitte. (2021). Evolution of blockchain technology. https:// www2.
deloi tte. com/ us/ en/ insig hts/ indus try/ finan cial- servi ces/ evolu
tion- of- block chain- github- platf orm. html.
Deuber, D., Magri, B., & Thyagarajan, S. A. K. (2019). Redactable
blockchain in the permissionless setting. IEEE Symposium on
Security and Privacy. https:// doi. org/ 10. 1109/ sp. 2019. 00039.
Dietz, M., & Pernul, G. (2019). Digital twin: Empowering enter-
prises towards a system-of-systems approach. Business &
Information Systems Engineering, 62(2), 179–184. https:// doi.
org/ 10. 1007/ s12599- 019- 00624-0.
Dwork, C. (2006). Differential privacy. Automata, languages and
programming. Springer. https:// doi. org/ 10. 1007/ 11787 0061.
European Commission. (2021). European blockchain services infra-
structure. https:// digit al- strat egy. ec. europa. eu/ en/ polic ies/
europ ean- block chain- servi ces- infra struc ture.
Ferdous, M. S., Chowdhury, F., & Alassafi, M. O. (2019). In search
of self-sovereign identity leveraging blockchain technology.
IEEE Access, 7, 103059–103079. https:// doi. org/ 10. 1109/
access. 2019. 29311 73.
Finck, M. (2018). Blockchains and data protection in the European
Union. European Data Protection Law Review, 4(1), 17–35.
https:// doi. org/ 10. 21552/ edpl/ 2018/1/6.
Fridgen, G., Radszuwill, S., Urbach, N., & Utz, L. (2018). Cross-
organizational workflow management using blockchain tech-
nology – towards applicability, auditability, and automation.
Proceedings of the 51st Hawaii International Conference on
System Sciences, 3507–3517. https:// doi. org/ 10. 24251/ hicss.
2018. 444.
Fridgen, G., Guggenberger, N., Hoeren, T., Prinz, W., Urbach, N., Baur,
J., Brockmeyer, H., Gräther, W., Rabovskaja, E., Schlatt, V., Sch-
weizer, A., Sedlmeir, J., & Wederhake, L. (2019). Opportunities
and challenges of DLT (blockchain) in mobility and logistics.
https:// www. fim- rc. de/ Paper bibli othek/ Veroe ffent licht/ 1105/
wi- 1105. pdf.
Fridgen, G., Radszuwill, S., Schweizer, A., & Urbach, N. (2021).
Blockchain won’t kill the banks: Why disintermediation doesn’t
work in international trade finance. Communications of the Asso-
ciation for Information Systems, 49, 603–623. https:// doi. org/ 10.
17705/ 1CAIS. 04932.
Frizzo-Barker, J., Chow-White, P. A., Adams, P. R., Mentanko, J., Ha,
D., & Green, S. (2020). Blockchain as a disruptive technology
for business: A systematic review. International Journal of Infor-
mation Management, 51, 102029. https:// doi. org/ 10. 1016/j. ijinf
omgt. 2019. 10. 014.
German Federal Government. (2021). Supply chain act (lieferkettenge-
setz). https:// www. bunde sregi erung. de/ breg- en/ feder al- gover
nment/ supply- chain- act- 18720 76.
Goldwasser, S., Micali, S., & Rackoff, C. (1989). The knowledge com-
plexity of interactive proof systems. SIAM Journal on Comput-
ing, 18(1), 186–208. https:// doi. org/ 10. 1137/ 02180 12.
Gonczol, P., Katsikouli, P., Herskind, L., & Dragoni, N. (2020). Block-
chain implementations and use cases for supply chains-a survey.
IEEE Access, 8, 11856–11871. https:// doi. org/ 10. 1109/ access.
2020. 29648 80.
Grigo, J., Hansen, P., Patz, A., & von Wachter, V. (2020). Decentralized
finance (DeFi) – A new fintech revolution? The blockchain trend
explained. Bitkom. https:// www. bitkom. org/ sites/ defau lt/ files/
2020- 07/ 20072 9whit epape rdece ntral ized- finan ce. pdf.
Guggenberger, T., Sedlmeir, J., Fridgen, G., & Luckow, A. (2021). An
in-depth performance analysis of Hyperledger Fabric. https://
arxiv. org/ pdf/ 2102. 07731. pdf.
Haque, A. B., Islam, A. K. M. N., Hyrynsalmi, S., Naqvi, B., & Smo-
lander, K. (2021). GDPR compliant blockchains — A systematic
literature review. IEEE Access.
Heines, R., Kannengießer, N., Sturm, B., Jung, R., & Sunyaev, A.
(2021). Need for change: Business functions affected by the use
of decentralized information systems. Proceedings of the 42nd
International Conference on Information Systems.
Hyperledger-Labs. (2021). Business partner agent repository. GitHub.
https:// github. com/ hyper ledger- labs/ busin ess- partn er- agent.
International Data Corporation. (2021). Worldwide blockchain spend-
ing guide. Retrieved February 6, 2022, from https:// www. idc.
com/ track er/ showp roduc tinfo. jsp? conta inerId= IDCP3 7345.
Janssen, M., Weerakkody, V., Ismagilova, E., Sivarajah, U., & Irani,
Z. (2020). A framework for analysing blockchain technology
adoption: Integrating institutional, market and technical factors.
International Journal of Information Management, 50, 302–309.
https:// doi. org/ 10. 1016/j. ijinf omgt. 2019. 08. 012.
Jensen, T., Hedman, J., & Henningsson, S. (2019). How TradeLens
delivers business value with blockchain technology. MIS Quar-
terly Executive, 18(4), 221–243. https:// doi. org/ 10. 17705/ 2msqe.
00018.
Jöhnk, J., Albrecht, T., Arnold, L., Guggenberger, T., Lämmermann, L.,
Schweizer, A., & Urbach, N. (2021). The rise of the machines:
Conceptualizing the machine economy. Proceedings of the 23rd
Pacific Asia Conference on Information Systems.
Kalodner, H. A., Carlsten, M., Ellenbogen, P., Bonneau, J., & Naray-
anan, A. (2015). An empirical study of Namecoin and lessons for
decentralized namespace design. Workshop on the Economics
of Information Security.
Kamath, R. (2018). Food traceability on blockchain: Walmart’s pork
and mango pilots with IBM. The Journal of the British Block-
chain Association, 1 (1). https:// doi. org/ 10. 31585/ jbba-1- 1- (10)
2018.
Kannengießer, N., Lins, S., Dehling, T., & Sunyaev, A. (2020). Trade-
offs between distributed ledger technology characteristics. ACM
Computing Surveys, 53 (2). https:// doi. org/ 10. 1145/ 33794 63.
Kannengiesser, N., Lins, S., Sander, C., Winter, K., Frey, H., & Suny-
aev, A. (2021). Challenges and common solutions in smart con-
tract development. IEEE Transactions on Software Engineering.
https:// doi. org/ 10. 1109/ tse. 2021. 31168 08.
Karger, E. (2020). Combining blockchain and artificial intelligence
– literature review and state of the art. Proceedings of the 41st
International Conference on Information Systems.
Köhler, S., & Pizzol, M. (2020). Technology assessment of blockchain-
based technologies in the food supply chain. Journal of Cleaner
Production, 269, 122193. https:// doi. org/ 10. 1016/j. jclep ro. 2020.
122193.
Lacity, M. C. (2018). Addressing key challenges to making enterprise
blockchain applications a reality. MIS Quarterly Executive, 17(3),
202–222.
Lacity, M. C., & Van Hoek, R. (2021). What we’ve learned so far
about blockchain for business. MIT Sloan Management Review.
https:// sloan review. mit. edu/ artic le/ what- weve- learn ed- so- far-
about- block chain- for- busin ess/.
Lindsay, J. R. (2020). Demystifying the quantum threat: Infrastructure,
institutions, and intelligence advantage. Security Studies, 29(2),
335–361. https:// doi. org/ 10. 1080/ 09636 412. 2020. 17228 53.
Manupati, V. K., Schoenherr, T., Ramkumar, M., Wagner, S. M., Pabba,
S. K., & Singh, R. I. R. (2019). A blockchain-based approach for
a multi-echelon sustainable supply chain. International Journal
The transparency challenge ofblockchain inorganizations
1 3
of Production Research, 58(7), 2222–2241. https:// doi. org/ 10.
1080/ 00207 543. 2019. 16832 48.
Marx, M., Zimmer, E., Mueller, T., Blochberger, M., & Federrath,
H. (2018). Hashing of personally identifiable information is
not sufficient. In: Langweg, H., Meier, M., Witt, B. C. & Rein-
hardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für
Informatik e.V.. (S. 55-68). https:// doi. org/ 10. 18420/ SICHE
RHEIT 201804.
Mason, E. (2021). Bitcoin about-face: JPMorgan opens crypto trading
to all clients. Forbes. Retrieved February 6, 2022, from https://
www. forbes. com/ sites/ emily mason/ 2021/ 07/ 22/ bitco in- about-
face- jpmor gan- opens- crypto- tradi ng- to- all- clien ts/? sh= 66f27
14a44 a5.
Mattke, J., Maier, C., Hund, A., & Weitzel, T. (2019). How an enter-
prise blockchain application in the U.S. pharmaceuticals supply
chain is saving lives. MIS Quarterly Excecutive, 18(4), 245–261.
https:// doi. org/ 10. 17705/ 2msqe. 00019.
McCann, C. (2000). Detecting personal trading abuses. Retrieved
February 6, 2022, from https:// www. sec. gov/ rules/ other/ f4- 433/
mccan n1. htm.
Nakamoto, S. (2008). A peer-to-peer electronic cash system. https://
bitco in. org/ bitco in. pdf.
Nofer, M., Gomber, P., Hinz, O., & Schiereck, D. (2017). Blockchain.
Business & Information Systems Engineering, 59(3), 183–187.
https:// doi. org/ 10. 1007/ s12599- 017- 0467-3.
Oliveira, L., Zavolokina, L., Bauer, I., & Schwabe, G. (2018). To token
or not to token: Tools for understanding blockchain tokens. Inter-
national Conference of Information Systems (ICIS), San Fran-
cisco, USA. https:// doi. org/ 10. 5167/ UZH- 157908.
Pedersen, A. B., Risius, M., & Beck, R. (2019). A ten-step decision
path to determine when to use blockchain technologies. MIS
Quarterly Executive, 99–115. https:// doi. org/ 10. 17705/ 2msqe.
00010.
Pezzone, J. (2022). Intel’s SGX deprecation impacts DRM and Ultra
HD Bluray support. Techspot. Retrieved February 6, 2022, from
https:// www. techs pot. com/ news/ 93006- intel- sgx- depre cation-
impac ts- drm- ultra- hd- blu. html.
Platt, M., Bandara, R. J., Drăgnoiu, A.-E., & Krishnamoorthy, S.
(2021). Information privacy in decentralized applications.
Trust models for next-generation blockchain ecosystems (pp.
85–104). Springer International Publishing. https:// doi. org/ 10.
1007/ 978-3- 030- 75107- 44.
Ponciano, J. (2021). Goldman sachs to become second big bank
offering bitcoin to wealthy clients. Forbes. Retrieved February
6, 2022 from https:// www. forbes. com/ sites/ jonat hanpo nciano/
2021/ 03/ 31/ goldm an- sachs- to- become- second- big- bank- offer
ing- bitco in- to- wealt hy- clien ts/? sh= 25df6 d7772 2f.
Queiroz, M. M., Telles, R., & Bonilla, S. H. (2019). Blockchain
and supply chain management integration: A systematic
review of the literature. Supply Chain Management: An Inter-
national Journal, 25(2), 241–254. https:// doi. org/ 10. 1108/
scm- 03- 2018- 0143.
Queiroz, M. M., & Wamba, S. F. (2019). Blockchain adoption chal-
lenges in supply chain: An empirical investigation of the main
drivers in India and the USA. International Journal of Infor-
mation Management, 46, 70–82. https:// doi. org/ 10. 1016/j. i jinf
omgt. 2018. 11. 021.
Regner, F., Urbach, N., & Schweizer, A. (2019). NFTs in practice –
non-fungible tokens as core component of a blockchain-based
event ticketing application. Proceedings of the 40th International
Conference on Information Systems.
Rieger, A., Guggenmos, F., Lockl, J., Fridgen, G., & Urbach, N.
(2019). Building a blockchain application that complies with
the EU general data protection regulation. MIS Quarterly
Executive, 18(4), 263–279. https:// doi. org/ 10. 17705/ 2msqe.
00020.
Rieger, A., Roth, T., Sedlmeir, J., & Fridgen, G. (2021). The privacy
challenge in the race for digital vaccination certificates. Med,
2(6), 633–634. https:// doi. org/ 10. 1016/j. medj. 2021. 04. 018.
Roeck, D., Sternberg, H., & Hofmann, E. (2019). Distributed ledger
technology in supply chains: A transaction cost perspective.
International Journal of Production Research, 58(7), 2124–
2141. https:// doi. org/ 10. 1080/ 00207 543. 2019. 16572 47.
Rossi, M., Mueller-Bloch, C., Thatcher, J. B., & Beck, R. (2019).
Blockchain research in information systems: Current trends and
an inclusive future research agenda. Journal of the Association
for Information Systems, 20(9), 1388–1403. https:// doi. org/ 10.
17705/ 1jais. 00571.
Saberi, S., Kouhizadeh, M., Sarkis, J., & Shen, L. (2018). Blockchain
technology and its relationships to sustainable supply chain man-
agement. International Journal of Production Research, 57(7),
2117–2135. https:// doi. org/ 10. 1080/ 00207 543. 2018. 15332 61.
Schellinger, B., Völter, F., Sedlmeir, J., & Urbach, N. (2021). Yes, I do:
Marrying blockchain applications with GDPR. Proceedings of
the 55th Hawaii International Conference on System Sciences,
4631–4640. https:// doi. org/ 10. 24251/ hicss. 2022. 563.
Schlatt, V., Sedlmeir, J., Feulner, S., & Urbach, N. (2021). Designing a
framework for digital KYC processes built on blockchain-based
self-sovereign identity. Information & Management, 103553.
https:// doi. org/ 10. 1016/j. im. 2021. 103553.
Schweizer, A., Knoll, P., Urbach, N., von der Gracht, H. A., & Hard-
jono, T. (2020). To what extent will blockchain drive the machine
economy? Perspectives from a prospective study. IEEE Transac-
tions on Engineering Management, 67(4), 1169–1183. https://
doi. org/ 10. 1109/ tem. 2020. 29792 86.
Sedlmeir, J., Buhl, H. U., Fridgen, G., & Keller, R. (2020). The energy
consumption of blockchain technology: Beyond myth. Business
& Information Systems Engineering, 62(6), 599–608. https:// doi.
org/ 10. 1007/ s12599- 020- 00656-x.
Sedlmeir, J., Ross, P., Luckow, A., Lockl, J., Miehle, D., & Fridgen, G.
(2021a). The DLPS: A new framework for benchmarking block-
chains. Proceedings of the 54th Hawaii International Conference
on System Sciences, 6855–6864. https:// doi. org/ 10. 24251/ hicss.
2021a. 822.
Sedlmeir, J., Smethurst, R., Rieger, A., & Fridgen, G. (2021b). Digi-
tal identities and verifiable credentials. Business & Information
Systems Engineering, 63(5), 603–613. https:// doi. org/ 10. 1007/
s12599- 021- 00722-y.
Sedlmeir, J., Wagner, T., Djerekarov, E., Green, R., Klepsch, J., & Rao,
S. (2022). A serverless distributed ledger for enterprises. Pro-
ceedings of the 55th Hawaii International Conference on System
Sciences, 7382–7391. https:// doi. org/ 10. 24251/ hicss. 2022. 886.
Shi, S., He, D., Li, L., Kumar, N., Khan, M. K., & Choo, K.-K. R.
(2020). Applications of blockchain in ensuring the security and
privacy of electronic health record systems: A survey. Comput-
ers & Security, 97. https:// doi. org/ 10. 1016/j. cose. 2020. 101966.
Šimuníc, S., Bernaca, D., & Lenac, K. (2021). Verifiable computing
applications in blockchain. IEEE Access. https:// doi. or g/ 10. 1109/
access. 2021. 31293 14.
Soltani, R., Nguyen, U. T., & An, A. (2021). A survey of self-sovereign
identity ecosystem (C. Galdi, Ed.). Security and Communication
Networks, 2021. https:// doi. org/ 10. 1155/ 2021/ 88734 29.
Sternberg, H. S., Hofmann, E., & Roeck, D. (2020). The struggle is
real: Insights from a supply chain blockchain case. Journal of
Business Logistics, 42(1), 71–87. https:// doi. org/ 10. 1111/ jbl.
12240.
Sturm, C., Scalanczi, J., Schönig, S., & Jablonski, S. (2019). A block-
chain-based and resource-aware process execution engine. Future
Generation Computer Systems, 100, 19–34. https:// doi. org/ 10.
1016/j. future. 2019. 05. 006.
Sundarakani, B., de Souza, R., Goh, M., Wagner, S. M., & Manikan-
dan, S. (2010). Modeling carbon footprints across the supply
J.Sedlmeir et al.
1 3
chain. International Journal of Production Economics, 128(1),
43–50. https:// doi. org/ 10. 1016/j. ijpe. 2010. 01. 018.
Sunyaev, A., Kannengießer, N., Beck, R., Treiblmaier, H., Lacity, M.,
Kranz, J., Fridgen, G., Spankowski, U., & Luckow, A. (2021).
Token economy. Business & Information Systems Engineering,
63(4), 457–478. https:// doi. org/ 10. 1007/ s12599- 021- 00684-1.
Toufaily, E., Zalan, T., & Dhaou, S. B. (2021). A framework of block-
chain technology adoption: An investigation of challenges and
expected value. Information & Management, 58(3), 103444.
https:// doi. org/ 10. 1016/j. im. 2021. 103444.
Wang, S., Ding, W., Li, J., Yuan, Y., Ouyang, L., & Wang, F.-Y. (2019).
Decentralized autonomous organizations: Concept, model, and
applications. IEEE Transactions on Computational Social Sys-
tems, 6(5), 870–878. https:// doi. org/ 10. 1109/ tcss. 2019. 29381 90.
Warkentin, M., & Orgeron, C. (2020). Using the security triad to assess
blockchain technology in public sector applications. Interna-
tional Journal of Information Management, 52, 102090. https://
doi. org/ 10. 1016/j. ijinf omgt. 2020. 102090.
Werner, S. M., Perez, D., Gudgeon, L., Klages-Mundt, A., Harz, D., &
Knot-tenbelt, W. J. (2021). SoK: Decentralized finance (DeFi).
https:// arxiv. org/ abs/ 2101. 08778.
Whitaker, A., & Kräussl, R. (2020). Fractional equity, blockchain,
and the future of creative work. Management Science, 66(10),
4594–4611. https:// doi. org/ 10. 1287/ mnsc. 2020. 3633.
Whitney, K. M., & Daniels, C. B. (2013). The root cause of failure in
complex IT projects: Complexity itself. Procedia Computer Sci-
ence, 20, 325–330. https:// doi. org/ 10. 1016/j. procs. 2013. 09. 280.
Wüst, K., & Gervais, A. (2018). Do you need a blockchain? IEEE
Crypto Valley Conference on Blockchain Technology. https:// doi.
org/ 10. 1109/ cvcbt. 2018. 00011.
Xu, X., Pautasso, C., Zhu, L., Lu, Q., & Weber, I. (2018). A pattern
collection for blockchain-based applications. Proceedings of the
23rd ACM European Conference on Pattern Languages of Pro-
grams. https:// doi. org/ 10. 1145/ 32823 08. 32823 12.
Xu, X., Bandara, H. D., Lu, Q., Weber, I., Bass, L., & Zhu, L. (2021).
A decision model for choosing patterns in blockchain-based
applications. 18th IEEE International Conference on Software
Architecture, 47–57.
Zavolokina, L., Ziolkowski, R., & Bauer, I. (2020). Management, gov-
ernance, and value creation in a blockchain consortium. MIS
Quarterly Executive, 19(1). https:// doi. org/ 10. 17705/ 2msqe.
00022.
Zetzsche, D. A., Arner, D. W., & Buckley, R. P. (2020). Decentralized
finance. Journal of Financial Regulation, 6(2), 172–203. https://
doi. org/ 10. 1093/ jfr/ aa0 10.
Zhang, R., Xue, R., & Liu, L. (2019). Security and privacy on block-
chain. ACM Computing Surveys, 52(3). https:// doi. org/ 10. 1145/
33164 81.
Publisher's note Springer Nature remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.
... Noteworthy keywords include 'smart contracts' , 'distributed ledger' , 'secure' , 'business model innovation' , 'privacy' , and 'peer-to-peer computing' , reflecting diverse research interests and technological advancements over the years. The data highlights the increasing importance of governance, resource management, electric vehicles, transparency, and sustainable supply chains, pointing towards evolving priorities in the research community and industry (Sedlmeir et al., 2022). Figure 6 illustrates a detailed co-occurrence network of keywords in academic research, visualized using VOSviewer. ...
Article
Full-text available
The global port industry, known for its historical resistance to technological advancements, now faces a pivotal moment in the age of blockchain innovation. This systematic literature review provides an in-depth investigation into the adoption of blockchain technology within the port industry, aiming to assess the current state of knowledge, identify areas lacking research attention, and emphasize emerging research avenues by analyzing a corpus of 316 articles. Our review employs a robust framework centered around four key themes: barriers to adoption, the port’s role in global value chains, sustainability considerations, and practical implementations of blockchain technology in ports. By analyzing these themes, we can gain valuable insights into the distinctive nature of the port industry and its potential transformation through blockchain technology. Theoretical contributions from this review emphasize adopting a Practice-Based View (PBV) perspective to examine the intricate interplay between barriers and practices in blockchain adoption. Furthermore, our innovative synthesis of the Technology Acceptance Model (TAM) and the Technology-Organization-Environment (TOE) framework sheds light on internal and external obstacles shaping the adoption landscape. A noteworthy aspect of this review is the recognition of the critical need to align theoretical frameworks with the unique characteristics of the port industry, emphasizing the importance of contextual relevance in research pursuits. It also highlights the scarcity and fragmentation of research in the domain of the port industry, encouraging future scholars to investigate the identified research gaps and theoretical perspectives. This article reveals that utilizing blockchain technology within ports can enhance the sustainability performance of the port industry.
... This transparency is valuable in supply chains where multiple parties, from suppliers to regulators, need access to accurate and up-to-date information. In a blockchainbased system, all stakeholders can independently verify data without needing to rely on a central authority, which enhances trust and reduces the possibility of information asymmetry or data fraud (Sedlmeir, Lautenschlager, Fridgen, & Urbach, 2022). ...
Article
Full-text available
This review paper explores blockchain technology's transformative role in enhancing pharmaceutical supply chains' integrity and traceability. As the pharmaceutical industry grapples with challenges such as counterfeiting, fraud, and data discrepancies, blockchain emerges as a promising solution, offering a decentralized and immutable ledger that enhances transparency and security. Blockchain addresses critical issues that compromise patient safety and public health by enabling real-time monitoring and providing a single source of truth for all stakeholders. The paper highlights key findings on the benefits of blockchain, including improved traceability, automation through smart contracts, and enhanced collaboration among stakeholders. Additionally, it presents recommendations for pharmaceutical companies, regulators, and technology developers to facilitate the adoption and implementation of blockchain solutions in the pharmaceutical sector. Ultimately, this review underscores the potential of blockchain to revolutionize pharmaceutical supply chains, ensuring the delivery of safe and legitimate medications to consumers. Keywords: Blockchain Technology, Pharmaceutical Supply Chain, Traceability, Counterfeiting, Smart Contracts, Public Health.
... Blockchain is a scattered ledger system it enables one to store transactions or information records that can be considered safe, clear, and impervious to tampering [16]. It first came to light in 2008 as the basic technology behind Bitcoin, a system of decentralised digital currency. ...
Thesis
Full-text available
Enhanced Security and Performance in MANETs with Blockchain and Deep Learning
... Traditionally, it has been considered that, to control a blockchain, 51% of the computing power was necessary (thus performing what is called a '51% attack'), but researchers have demonstrated in the last years that, in a large blockchain like Bitcoin, it is sufficient with a percentage of 32% 10 . To prevent such attacks, permissioned blockchains can control the access to rogue participants 11 , but, in permissionless networks, where participant access is not restricted, complex mechanisms like PoW consensus protocols are needed. ...
Preprint
Full-text available
Although Blockchain has been successfully used in many different fields and applications, it has been traditionally regarded as an energy-intensive technology, essentially due to the past use of inefficient consensus algorithms that prioritized security over sustainability. However, in the last years, thanks to the significant progress made on key blockchain components, their energy consumption can be decreased noticeably. To achieve this objective, this article analyzes the main components of blockchains and explores strategies to reduce their energy consumption. In this way, this article delves into each component of a blockchain system, including consensus mechanisms, network architecture, data storage and validation, smart contract execution, mining and block creation, and outlines specific strategies to decrease their energy consumption. For such a purpose, consensus mechanisms are compared, recommendations for reducing network communications energy consumption are provided, techniques for data storage and validation are suggested and diverse optimizations are proposed both for software and hardware components. Moreover, the main challenges and limitations of reducing power consumption in blockchain systems are analyzed. As a consequence, this article provides a guideline for the future researchers and developers who aim to develop the next generation of Green Blockchain solutions.
... Zhang et al., (2022) discuss the impact of BCT on the strategic pricing of competitor retailers. Sedlmeir et al. (2022) discuss the challenges of BCT in the businesses and the public sector was bound by an inordinate level of transparency. Because BC's technology is not fully mature, it still has some security flaws and attacks, resulting in user privacy disclosure. ...
Article
Full-text available
Objectives: Blockchain technology (BCT) is an advance technical solution incorporating many technologies, with the capacity to overcome governance's limitations. As a consequence, our study aims to analyzing how BCT applications affect governance performance (GP), testing the mediating role of operational efficiency (OE) in the ministry of transport in Palestine (MTP). This study was conducted during the period from 2022 to 2024. Methods: A paper applied research design (Survey), and a study unit consisting of 90 participants at MTP was used out of the target population (110). In contrast, simple random and stratified sampling techniques were applied for the determination of the research sample. Data collected via questionnaires and the study's hypotheses were evaluated using PLS-SEM. Results:. The main results showed that BCT and their impact on GP from the perspective of employees were high. Until the period of the research, Palestine lacked a clear strategy and policy for the usage of BCT. There was an impact of BCT dimensions on GP at the level of significance. OE has a fully mediating role in the effect of decentralization & traceability and a partial mediating role in the effect of transparency on GP. Conclusions: The paper advises MTP management to start a sound BCT and invest in it concurrently in order to materialize OE and achieve GP efficiency. Future studies can apply the study model to other sectors to verify the reliability of the model.
Article
As organizations increasingly adopt cloud computing, ensuring data compliance has become a critical priority. Cloud environments pose unique challenges in meeting regulatory requirements due to their distributed and often multi-tenant nature. This review presents a comprehensive model for achieving data compliance in cloud computing, addressing essential aspects such as data privacy, security, sovereignty, and governance. The model emphasizes a structured, layered approach to compliance, integrating risk assessment, data governance, continuous monitoring, and incident management to ensure compliance throughout the data lifecycle. Key components of the proposed model include robust data privacy and protection mechanisms aligned with global regulations such as GDPR and CCPA, data security protocols for safeguarding confidentiality and access control, and data sovereignty policies to handle jurisdictional requirements and cross-border data flows. Additionally, continuous monitoring and automated auditing tools enhance real-time compliance management, while incident management procedures prepare organizations to respond promptly to breaches or policy violations. The framework also incorporates advanced technological solutions, including compliance automation, data loss prevention, and blockchain for traceability, to streamline compliance tasks and improve transparency. By addressing both the technical and governance aspects of data compliance, this model supports organizations in navigating complex regulatory landscapes across multi-cloud and hybrid environments. The review highlights best practices for ensuring compliance, such as regular policy updates, employee training, and third-party compliance management, to sustain long-term adherence. As the regulatory landscape evolves and new privacy-preserving technologies emerge, this model offers a scalable and adaptive approach, positioning organizations to manage data compliance effectively within dynamic cloud infrastructures. This comprehensive approach ensures secure, compliant data operations, fostering trust and accountability in cloud computing environments.
Chapter
The creation of a blockchain website for student certificate verification is a project designed to answer rising concerns about the legitimacy and security of academic credentials. This project intends to establish a trustworthy and efficient platform for certifying student credentials by exploiting the decentralized and tamper-resistant properties of blockchain technology. The project's goals include creating a transparent, fraud-resistant system that protects the integrity of certificate data. The blockchain website will simplify the verification process, allowing educational institutions, future employers, and other stakeholders to readily validate students' credentials. Implementing a blockchain website for student credential verification provides increased trust, security, and efficiency. The blockchain maintains the integrity and dependability of certificates by removing the potential of manipulation or fraud.
Article
Blockchain has emerged as an innovative solution for organizations’ data-sharing. This paper utilizes bibliometric content analysis to identify key keywords (identity management, privacy, and security issues) related to developments in blockchain adoption. We analyzed 105 studies using VOSviewer software, which revealed three significant clusters. Our focus was primarily on the cluster of identity management and data sharing. While the existing literature has addressed privacy and security concerns, our study revealed a major emphasis on privacy issues, with less attention being given to the security aspects associated with potential blockchain consideration. Our discussion delineated the major themes that have arisen, around identity management, data sharing, privacy, security, and consortium blockchain. This paper reveals the link between enterprise blockchain and identity management, including the underlying factors and their interrelationships that highlight the significance of knowledge worthy of attention. These findings have implications for advancing the adoption of enterprise blockchain in a variety of businesses and promote further research. Keywords: blockchain; identity management; data sharing; privacy and security.
Article
This paper presents a comprehensive analysis of the benefits, obstacles, and ramifications of integrating blockchain technology into public sector functions, specifically focusing on economic and legal aspects. The discussion commences with an examination of the societal relevance of blockchain technology, as it is poised to dramatically enhance procedural efficiency within public sector organizations. Subsequently, the paper delineates the primary research objectives, which encompass identifying the multitude of benefits of blockchain technology for the public sector, investigating its legal and economic consequences, and scrutinizing the challenges that public sector organizations might face during implementation. Research methodologies employed to attain these objectives consist of an extensive literature review and qualitative primary data acquisition from field experts. Findings reveal that blockchain technology holds the potential to augment the swiftness and dependability of administrative procedures while bolstering data security within public sector organizations, albeit some legal and economic apprehensions persist. Regardless of these challenges, the authors maintain that the public sector is poised to reap significant rewards from blockchain technology deployment due to its capacity to modernize and streamline operations, as well as its capabilities for precise and verifiable data storage. Research limitations include a scarcity of available primary data and reliance on a singular data collection method. Suggestions for future research involve conducting additional studies addressing the questions raised in this research and supplementing the findings with user perspectives.
Article
Full-text available
Cryptocurrency has set intriguing and innovative trends in investment amidst the fluctuating global economy following government policies. This research aims to investigate the trends of policies of cryptocurrency in Indonesia, seen from the perspective of taxation and investment laws. Low tax charged in Indonesia is seen as relaxation by investors and cryptocurrency users, while the trends in legal policies concerning investment are experiencing hyper regulations in legislative products set to assure investors, in comparison to those of other countries. These trends attract some attention from investors and cryptocurrency users from abroad. This research is a unique offering that will illustrate which countries are suitable and friendly for businesspeople to carry out crypto business activities. The methodology used in this study is normative research with a conceptual approach and comparative law. The research results are expected to shed light on foreign investors wishing to invest their money in cryptocurrency businesses by considering the low tax from the perspective of current taxation law in Indonesia compared to those in Canada, the United States, and Singapore. According to the details of taxation in Canada, the United States, and Singapore, it is obvious that Indonesia gives ease to foreign cryptocurrency investors in Indonesia from the aspect of taxation law. The countries compared seem to charge very high taxes for cryptocurrency users and businesses in investment cryptocurrency. This comparison gives easier access to foreign investors to invest their assets for the development of cryptocurrency businesses and companies in Indonesia by considering the amounts of taxes imposed on cryptocurrency businesses and users. Indonesia makes it easier for foreign cryptocurrency investors in Indonesia compared to Canada, the United States, and Singapore from a tax law perspective. In terms of investment regulations, Indonesia has broader laws and regulations compared to other countries, where the investment process involving cryptocurrency businesses in Indonesia receives sufficient attention from these laws and regulations.KEYWORDS: Cryptocurrency, Investment Law, Taxation Law.
Article
Full-text available
From weak clients outsourcing computational tasks to more powerful machines, to distributed blockchain nodes needing to agree on the state of the ledger in the presence of adversarial nodes, there is a growing need to efficiently verify the results of computations delegated to untrusted third parties. Verifiable computing is a new and interesting research area that addresses this problem. Recently, new applications of verifiable computing techniques have emerged in blockchain technology for secure key management, sybil-resistance and distributed consensus, and smart contracts, while providing desired performance and privacy guarantees. In this paper, we provide an overview of common methods for verifying computation and present how they are applied to blockchain technology. We group the presented verifiable computing applications into five main application areas, i.e., multiparty approval for secure key management, sybil-resistance and consensus, smart contracts and oracles, scalability, and privacy. The main contribution of this survey is to answer two research questions: 1) what are the main application areas of verifiable computing in blockchain technology, and 2) how are verifiable computing techniques used in major blockchain projects today.
Article
Full-text available
Know your customer (KYC) processes place a great burden on banks, because they are costly, inefficient, and inconvenient for customers. While blockchain technology is often mentioned as a potential solution, it is not clear how to use the technology’s advantages without violating data protection regulations and customer privacy. We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchain’s role for SSI.
Article
Full-text available
Self-Sovereign Identity is an emerging, user-centric, decentralized identity approach utilizing some form of decentralized technology. It provides a means for digital identification without reliance on any external authority, enabling entities to control their identity and data flow during digital interactions while enhancing security and privacy. With the rise of blockchain technology, Self-Sovereign Identity is gathering momentum in academia and industry while the number of research papers increases rapidly. Yet Self-Sovereign Identity is still in a young unstructured field in its early stages of research. Thus, a systematic mapping methodology was adopted to provide a coarse-grained overview of decentralized and Self-Sovereign Identity and structure the research area by identifying, analyzing, and classifying the research papers according to predefined parameters, precisely according to their contribution, application domain, IT field, research type, research method, and place of publication. Furthermore, the nature and scope of the research are determined, meanwhile existing research topics, gained insights into trends, demographics, challenges, gaps, and opportunities for future research are also presented.
Conference Paper
Full-text available
Driven by economic advantages and the idea of disintermediation of business processes, the decentralization of technical and economic systems has become a highly discussed topic in recent years. Extant research primarily investigated the technical implementations of decentralized information systems (IS) and their use by firms in business networks. It became clear that inter-organizational relationships and business functions must be transformed to enable the use of decentralized IS (e.g., those related to how firms can be involved in the design, instantiation, operation, and governance of decentralized IS). However, the impact of transforming business functions of individual firms remains largely unclear, obfuscating a comprehensive understanding of the implication of decentralized IS use on internal organizational structures of firms. In this work, we focus on the identification of challenges for firms in using distributed ledger technology (DLT as a representative for decentralized IS) and their effects on the business functions of firms.
Conference Paper
Full-text available
Due to blockchains' intrinsic transparency and immutability, blockchain-based applications are challenged by privacy regulations, such as the EU General Data Protection Regulation. Hence, scaling blockchain use cases to production often fails to owe to a lack of compliance with legal constraints. As current research mainly focuses on specific use cases, we aim to offer comprehensive guidance regarding the development of blockchain solutions that comply with privacy regulations. Following the action design research method, we contribute a generic framework and design principles to the research domain. In this context, we also emphasize the need for distinguishing between applications based on blockchains' data integrity and computational integrity guarantees.
Article
Full-text available
Self-sovereign identity is the next evolution of identity management models. This survey takes a journey through the origin of identity, defining digital identity and progressive iterations of digital identity models leading up to self-sovereign identity. It then states the relevant research initiatives, platforms, projects, and regulatory frameworks, as well as the building blocks including decentralized identifiers, verifiable credentials, distributed ledger, and various privacy engineering protocols. Finally, the survey provides an overview of the key challenges and research opportunities around self-sovereign identity.
Article
Full-text available
In the financial services industry, blockchain is assumed to have significant impacts. From research and practice, we observe two main paradigms of how organizations interact with blockchain. First, organizations use blockchain to optimize existing processes (blockchain-based business process optimization – BPO). Second, organizations use blockchain to disrupt existing processes, foster disintermediation, and enable disruptive business models (blockchain-based business process disruption – BPD). However, scientific research that evaluates its de facto potential is scarce. We bridge this gap by following a design science research approach aiming at a blockchain-based business process re-engineering (BPRE) for a letter of credit that combines the advantages of BPO and BPD. We conduct three design cycles and develop three artefacts: a BPO, a BPD, and a BPRE approach. Our BPRE approach combines the advantages of partial disintermediation, i.e. increased efficiency and transparency, with the advantages of intermediaries, i.e. process flexibility, provision of liquidity and mediation of dispute.
Chapter
Numerous reviews of decentralized applications using Blockchain have been published in recent years. However, these have predominantly focused on how applications map to the characteristics of underlying protocols and discuss privacy only in passing. This chapter takes a more focused perspective by analyzing recently proposed prominent decentralized applications, categorizing them according to information privacy requirements. Three dimensions emerge as key differentiators: accessibility requirements (i.e., whether an application needs to be publicly accessible), hierarchicality requirements (i.e., the notion of different types of participants with fundamentally different permissions), and requirements on joint verifiability of transaction data (i.e., which subset of an application’s data model needs to be verifiable by others). Grouping applications along these dimensions, it becomes clear that use cases with closed accessibility requirements are most dominant in the market today. These use cases can establish information privacy through governance, deliberate data modeling, and role-based access management.