译文/Translated:
人们提到区块链,经常会说它是解决存在数年或者数十年以上的问题的特效药。这种误区是因为对该技术了解不够。以下是关于区块链的几个常见误区及其说明。
误区一:“区块链是数据库。”
账本和数据库不同。数据库的作用是快速获取信息,账本则是为了安全和稳定。两者都有显著的优缺点。
小知识:区块链节点内部有数据库储存区块链数据以供索引获得信息(区块链的索引和其它索引一样也可能受到黑客攻击)
误区二:区块链把以前不能交流的实体联系起来
区块链不能解决联系的问题。区块链网络需要物理设备和(互联网提供的提供)网络基础设备才能应用(至少现在如此)。区块在参与某个特定交易的不同团体(机构)中产生连接/认证。不能因为数据在参与双方的相同的区块链网络中就认为数据会在双方自动传输。同样,也不能说该数据是双方都可以操作的。
误区三:区块链上的所有数据都被加密。
区块链技术基于加密技术,但是认为账本上的数据就因此会被自动加密,或者数据隐私就因此得到保护,这都是错误的。
误区四:区块链能避免数据损坏和丢失。
我们不需要区块链保证数据损坏或者丢失问题。电子签名和不同权限的备份就可以解决该问题。
误区五:区块链能够解决互操作性问题。
数据互操作性不强的原因是缺少统一的数据标准,而不是数据库不足。医药界的IT技术供应商更倾向于私密的数据标准,因为它们能带来供应商锁定。由此,数据被锁定在数据仓中,人们就不可能使用该数据的次要价值从而改善病人护理或者用于研究目的。
误区六:只要把数据放到区块链中,数据自然就安全了。
数据安全由多种预防措施构成,其中包括:
- 避免数据丢失、损毁、篡改、损坏
- 未授权访问
把数据储存在区块链中只能解决数据篡改的问题,因为一旦数据放在区块链中,他就不能被任意改变。
这不意味着我们需要直接把数据储存在区块链中获得稳定性。我们可以利用散列算法做出电子数据指纹,并将数据散列储存在区块链中获得相同的结果。
误区七:把加密数据存放在区块链中就能解决区块的数据隐私问题。
把加密数据存放在账本中不是什么好想法。区块链是“永恒的”但加密却不是。每隔十年二十年,加密算法就需要被升级,因为依靠现存的计算机永远算不出来(因此也就不能抵挡攻击)的数学问题那时候都可以被解决了。
此外,和所有的软件编码一样,加密算法也包含了一些缺陷。如果这些缺陷被黑客发现了,有时候黑客甚至在不知道密钥的情况下也能破解信息。所以加密算法总是需要被升级,同时,使用这些算法加密的数据也需要用新的版本重新加密。因为区块链上的数据不能被改变,它也就不能用新的加密算法重新加密,因此这些数据初始加密时存在的算法缺陷就会一直暴露出来。
(阅读更多关于加密软件失效,请参考该博客blog post)
误区八:医疗记录应该被储存在区块链中
参考误区一到七。
误区九:私链比公链更安全。
区块链真正的作用是一个公共账本。一个私链则是数据结构被微调之后的数据块。在任何时候,如果没有公众或者第三方核实真实性的内幕交易都可能被改变。查看更具体的解释,参考Public vs. Permissioned (Private) Blockchains
原文/Original:
Blockchain is often mentioned as a silver bullet solution for issues that have existed for years or even decades. It is generated by a lack of understanding of the technology. Here’s what we keep hearing, and why the claims are false.
- “Blockchain is a database.”
A ledger is not the same as a database. A database is designed for fast access, a ledger for security and immutability. Both have significant advantages and disadvantages.
Fun fact: blockchain nodes have their internal databases to hold the copy of the blockchain data indexed for better access (and that index is as hackable as any other).
- “Blockchain connects entities that before have not been able to communicate with each other.”
Blockchain does not solve the connectivity issue. Blockchain networks need physical and network infrastructure (which the internet provides) to piggyback on (at least for now). Blockchain creates links/permissions between different parties (institutions) involved in a specific transaction. Just because the data is on the same blockchain network that both parties are a part of, it does not mean the data is automatically transferred between these two parties. It also does not mean that the data in question is interoperable.
- “All data on the blockchain is encrypted.”
Blockchain tech is based on encryption, but assuming data on the ledger is therefore automatically encrypted, or that the privacy of that data is somehow protected, is false.
- “Blockchain prevents corruption and loss of data.”
We do not need blockchain to safeguard data against loss or corruption. Digital signatures and backups within different jurisdictions solve that.
- “Blockchain will solve interoperability.”
A lack of data interoperability derives from a lack of common data standards, not from inadequacies of databases. Healthcare IT vendors love proprietary data standards as they provide vendor lock-in. Consequently, data is locked in data silos with little hope for unlocking the secondary value of that data to improve patient care or for research purposes.
- “By putting data on the blockchain, data is automatically secure.”
Data security is a variety of measures that prevent:
- Data getting lost, destroyed, tampered with, corrupted,
- Unauthorised access to data.
Storing data on the blockchain only solves the issue of data tampering because once it’s stored on the blockchain, it cannot be readily changed.
This does not mean we need to store data directly on the blockchain to ensure immutability. We can use hashing algorithms to produce digital fingerprints of data and store the hashes of the data on the blockchain and achieve the same results.
- “Storing encrypted data on the blockchain is the solution to data privacy on the blockchain.“
Storing encrypted data on the ledger is ill-conceived. Blockchain is “eternal” while encryption is not. Every decade or two, encryption algorithms need to be upgraded because the mathematical problems that take forever to compute on current computers (and therefore provide protection against attacks) become solvable.
Also, encryption algorithms contain bugs and vulnerabilities just like any piece of software code. When they are discovered, they sometimes allow the attacker to decrypt the messages even without knowing the private keys. That’s why encryption algorithms need to constantly be upgraded and the data that was encrypted using these algorithms needs to be re-encrypted with the newer version. Because the data on the blockchain cannot be changed, it cannot be re-encrypted with newer encryption algorithms, thereby being forever exposed to inadequacies of the encryption algorithm it was originally encrypted with.
(Read more about how encryption software can fail in this great blog post.)
- “Medical records should be put on the blockchain.”
See points 1–7.
- “Permissioned private blockchains offer better security than public ones.”
Blockchain only really works as a public ledger. A permissioned private blockchain is just a database with slightly modified data structure. At any point, transactions behind closed doors can be changed without the public or 3rd party ability to verify its authenticity. For more in-depth explanation, see the post Public vs. Permissioned (Private) Blockchains.
原文链接/Original URL:
