Blockchain: how can it help transactions be more secure?

Blockchain: how can it help transactions be more secure?

This blog post describes why ANote Music chose blockchain as a core technology to strengthen its system, how it is related to the end user, and potentially inspire other businesses, proving them that, used where it makes sense, the blockchain technology is a perfectly valid component of IT architecture.

Trust in transactions

When you issue a regular bank transfer, let’s say, on the online platform of your bank, or directly on a payment terminal, the bank that issued your card identifies you. In such cases you also identify your bank (directly, with HTTPS that you can verify on a website, indirectly, as the only entity capable of letting you know precisely the balance of your account). One could argue that this is already a pity that the user cannot beforehand verify the bank’s identity before to input his PIN in the second case.

But the real flaw comes in the fact that the bank is technically capable of generating and processing transactions without you involved. Isn’t this already happening with your account’s annual fees? As an end user selecting a bank over another, you MUST have some blind trust in the bank not to debit your account and then hide their actions; actually we wouldn’t be able to tell if that were to happen to us.

Any transaction requires trust between parties. It’s been a long time bank have our de facto trust, but’s it’s much harder for smaller businesses. Blockchain allows us to create trustful transactions without the need for huge two-way audits beforehand.

Blockchain allows for a direct link between investors without a central authority to trust
A general reminder on blockchain

So what’s blockchain anyways? To keep it short, we can stick to the fact that it is a series of blocks, linked together, containing information every (well, most) of the players involved agree upon. The algorithm allowing to reach this consensus is out of scope here, but even if we see it as a blackbox, we might be interested in its inputs/outputs: a bunch of data, whatever it is, is submitted by an actor to be added to the chain, after review by all the peers, it is cryptographically linked to the previous end of the chain, making it unchangeable.

At first, this technique was solely used to exchange money on the chain, recording direct transactions between actors. As the time passed, engineers found other ways to exploit this feature, nowadays known as smart contracts: smart contracts are entities on the chain, such as physical actors, to which one can send messages to alter their state. As such, they represent a distributed database that no one can alter – but everyone can read too.

Today, in Europe, one of the most prominent problems of the blockchain remains GDPR: this new EU regulation forbids all companies to use personal data in unattended ways, and furthermore to distribute it to unadvertised partners. As such, storing any personal information on a blockchain which is not completely held within the company bearing the GDPR rights would probably not comply, forcing to use some legal tricks, or restrain the use case, as a purely private blockchain rarely makes sense.

Also, blockchain is actually still quite slow. While the consensus algorithm we referred to is strongly secure, and allows to build immutable chains, it takes time to reach this consensus, and often much more time that what a user would deem acceptable. That’s why, in private environments where trust can be assumed (which is not always the case!), blockchains should still remain an exception.

ANote and the Blockchain, the love story

ANote does not particularly act differently from your bank to generate transactions (except that it actually uses a third party – trusted by the Luxembourgish government – that can be instructed to create transactions). The difference lies in the fact that it may not yet be perceived as trustworthy as major banks by its end users.

To make operations auditable from day one, ANote Music chose to use a blockchain. Each user has his own anonymized smart contract, allowing him to sign electronically transactions. This smart contract activation cannot be triggered by ANote, as it requires some derivative of the user’s password, which ANote does not have access to – this is also the reason why, except from the fact that it is very sound practice, ANote requires users to have a strong password. Furthermore, each listing has its own smart contract, capable to persist for eternity all transaction requests it receives.

When a user issues a transaction on ANote (a transaction can be a bid on the first market or a second-market order, or an expressed will to import or export fiat money), the platform asks for his password. That allows ANote to sign the request, register it in the blockchain, and execute it straight away, in order not to have the user wait. If any state of the platform has to be proven, would it be users’ balances or the holders of a song’s shares, one can easily “unfold” the blockchain to recover the current state.

Obviously, the blockchain is only immutable if we are not the only ones to operate it. That is why, every major listing open gives the right to operate a node of our blockchain, reinforcing trust for all actors of the ecosystem.

Next time ANote asks you for your password again before allowing your order to go through, you’ll realize the whole chain put into place to ensure your money is securely transferred, and be actually glad to have to confirm!

Grégoire Mathonet

Grégoire is CTO of ANote Music. Atfer having worked with several startups and financial institutions in Luxembourg, Grégoire was seduced by ANote's project and decided to join to make it run. Versatile with the cloud and blockchain, he ensures business continuity day to day.

Leave a Reply