Auditing blockchain and eIDAS

Auditing blockchain and eIDAS

The anonymity provided by some blockchains is one of the largest attractions about this technology. For business adoption though identity on and off the chain is crucial, legally and logistically. On an entirely distributed, decentralized blockchain such as Bitcoin or Ethereum, this anonymity serves a purpose and encourages individual use. For business adoption however it poses problems.

eIDAS are EU regulations for member states to accept legally binding electronic signatures and identities. They ease cross boarder transactions in multiple industries, including finance, health care, and logistics. In this article we’ll be looking at the need for identity on blockchains in business adoption, and explore how eIDAS could help meet that need.

Why do we need identity on blockchain?

Auditing businesses is how it is verified that they are meeting regulations to ensure company integrity and the security of customers’ sensitive data. While auditing blockchains is certainly doable, the lack of identity is a barrier. Public and private keys are used extensively on blockchains, but there is no inherent linkage between them and any legally identifying information. This makes auditing difficult and can facilitate illegal activity. For example, the 2016 DAO hacker’s public address is known, but that address isn’t linked to anything that could identify him/her/them. In order for blockchain to be more business friendly, there needs to be a way to manage identities on the chain, and link them to other identifying information for multiple reasons, including auditability. 

How could eIDAS help?

The EU eIDAS regulations are legally binding and allow for the use of electronic signatures across boarders in the internal EU market. They provide authentication, ensure integrity, and ease usage by removing the need for physical handwritten signatures. Processes such as voting, taxes, and opening bank accounts can all be done easily and virtually using digital signatures.

Physical signatures are also less secure than digital signatures. Generally you have to use the same handwritten signature for every type of document, from signing a contract to a marriage license. This means that the one, handwritten signature can be taken from nearly anywhere and easily replicated. It is also the same no matter what the document's content is, so someone with your signature could change the contents of what you signed, and there is no way of proving that documents with a physical signature haven’t been altered.

Blockchain already has digital signatures and encryption built in, so merging this technology with eIDAS to ease business adoption across the EU is only a natural process. Under eIDAS advanced electronic signatures have several requirements. These include a private key controlled only by the signatory being used to create a signature, data integrity being verifiable with the signature (if the data has been changed the signature will not be the same), and others.

Blockchain’s digital signature features and cryptography are extensive, so it would not be difficult for it to work with eIDAS.

Conclusion

Auditing blockchains is necessary for large scale business adoption, but it has many difficulties, and ensuring identity of individuals on chain is a major one. Integrating blockchain with eIDAS could put us one step closer to wider use of this emerging technology across the EU. The fact that this regulation is already implemented is an excellent opportunity to integrate a juvenile technology with an existing regulation and propel businesses into the future.

This series tries to shed light on important security related aspects of blockchains and discusses some of the currently emerging loopholes. The first article looks at expected developments in the blockchain technology during the next 10 years. In the 2nd article we argue why blockchains will need to be auditable for successful business adoption. This 3rd article discusses how the digital signature regulation eIDAS can help making blockchains auditable.

About the author

Ulrich Scholten is an internationally active entrepreneur and scientist. He holds a PhD in information technology and owns several patents on cloud-based sensors. His research on cloud computing is regularly published in highly rated journals and conference papers. From 2008 - 2015, he was associated research scientist at the Karlsruhe Service Research Institute (KSRI), a partnership by KIT and IBM, where he researched network effects around web-platforms together with SAP Research.

To find more press releases related with below topics, click on one of the keywords:

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.