Fast, Secure Blockchain Tech From An Unexpected Source: Microsoft
The networks behind cryptocurrencies like bitcoin and Ethereum were built with mistrust in mind. After all, virtual currency users have every reason to believe that others on the network are trying to defraud them–claiming to send money when they haven’t done so, or trying to spend the same money multiple times.
Yet the safeguards that underly most cryptocurrency transactions have some real drawbacks. The system used to verify and permanently log transactions, for example, is slow and uses an enormous amount of power. (The bitcoin network consumes enough energy to power 1.5 million households, according to the Digiconomist Bitcoin Energy Consumption Index.) And while transferring funds on these networks is infamously anonymous, every transaction is still logged to a public ledger–which can make it possible to suss out who’s doing business with whom.
For a growing number of big companies interested in using blockchain technologies, these problems are a deal breaker. So it is perhaps fitting that the solution to this problem is coming from an old reliable in the technology business: Microsoft.
As part of an overall push into blockchain technology, the software giant has released easy-to-deploy blockchain services for Azure and is even collaborating with Bank of America to develop a blockchain-based method for managing trade finance. More recently, the company announced a new framework called Coco, which aims to help banks, insurers, and manufacturers establish shared, multi-company digital ledgers and automated smart contracts using blockchain software like Ethereum without sacrificing efficiency or confidentiality.
Coco relies on so-called trusted execution environments built into modern computing hardware and operating systems, like Virtual Secure Mode in Windows. These environments segregate data and code from other processes on a computer, so that it can’t be read or tampered with by other programs running on the machine. They’re often used for handling data encryption or software licensing management, where digital keys are deliberately kept secret.
When computers are communicating to form a blockchain, Coco creates trusted environments on each machine that certifies they are running the official, unaltered version of the network’s code. As a result, they skip many of the steps that slow down traditional blockchain networks, significantly boosting speed.
To show off the advantages, Microsoft took real transactions from the public Ethereum network and ran them through two in-house networks running two different versions of the Ethereum software. One set was run through an off-the-shelf cryptocurrency software, and the other was run through software adapted for use with Coco. The garden-variety software could execute about 10 to 20 transactions per second, with transactions sometimes taking close to a minute to process, while the Coco network could handle about 1,600 transactions in a second, according to Mark Russinovich, CTO of Microsoft Azure, the cloud computing platform.
Future versions may well do better as the software improves, he says. (Participants in Coco networks will be able to vote according to predefined rules on when their network should upgrade software versions or change other policies).
“The technology is interesting because it both enhances security and performance in parallel,” says Jeremy Millar, chief of staff at ConsenSys, an Ethereum-focused software startup that collaborates with Microsoft on cloud-based blockchain services. “Typically when you secure software and networks with encryption you degrade performance, but their approach and how they leverage what’s called the secure execution environment, or the secure enclave, means we have the opportunity to both improve security and performance in the same approach.”
Millar says Coco is the first project he’s aware of from a major software vendor to rely on networks of secure execution environments. And since data is accessed through the secure environment, it’s possible to control who has access to see the details of various transactions and smart contracts, so participants in a blockchain can keep some data confidential from uninvolved parties.
“The various members [of a multi-company blockchain] do not want all of the other members to see their transactions, or their smart contract state changes,” says Russinovich,. “Unfortunately today, the distributed ledger technologies all require all the members to see anything in order for them to validate the updates to the ledger.”
Users will even be able to set up smart contracts that define who has access to what data, like letting some blockchain users only see their own transactions while allowing auditors a greater purview, Russinovich says.
“The rules can be arbitrarily complex,” he says.
Microsoft plans to release an open source version of Coco next year, and JPMorgan Chase, Intel, and financial blockchain company R3 have announced plans to integrate their own blockchain software with the framework. Russinovich says he imagines customers will use the software in their own networks and on Azure cloud machines, where it will be integrated with existing cloud management software.
Amazon Web Services still dominates the cloud computing industry with a roughly 34% market share, while Azure is in distant second place with 11%, according to a July report from Synergy Research Group. But a December survey commissioned by cloud analytics provider Sumo Logic found that among companies with more than 500 employees, 66% reporting using the Microsoft cloud service compared to 55% using AWS. And more than 80% of “the world’s largest banks” use Azure, Microsoft said in 2016, making Coco an attractive offering as blockchain technology attracts increasingly serious interest from more highly regulated companies.