Enhanced Distributed Ledger Technology

Project Overview

The blockchain data structure and proof-of-work protocol were designed to solve the problem of double spending in cryptocurrencies.  But conventional blockchains are hard to use in many distributed system applications.  Although blockchain has found many applications outside of cryptocurrency, many of its features are not well suited to common data management applications.  The added trust of distributed ledgers is a valuable feature, providing greatly simplified auditability and verification of actions among multiple parties in applications such as supply chain and others, but there are tradeoffs.

We have designed and implemented a new form of distributed ledger technology (DLT), known as a data block matrix, which provides the integrity assurance of blockchain but allows for controlled revision or deletion of data. This is an essential property for using DLT in applications that must support privacy requirements for deletion of private data at a user's request.  The block matrix data structure has been implemented with an API for practical use in distributed database applications, and is now included in the open source release of Next Generation Database Access Control (NDAC).

 

Capabilities

Blockchain's hash-based integrity verification provides trust, at the cost of an inability to delete or update records, leading to design complications that would not arise with conventional database management systems.  Similarly, the sequencing guarantees of blockchain consensus protocols are needed for cryptocurrency in the absence of a universal timestamp.  Moreover, actions within the distributed ledger must be connected with other actions in the real world, through accurate timestamps.  We are developing a new architecture that provides the trust features of blockchains, with characteristics that allow for simpler designs and greater practicality in conventional data management problems.  This alternative can lead to new approaches to incorporating trust into distributed systems applications. The data blockmatrix data structure provides key capabilities:

  • Trust and integrity of data - In the same manner as blockchain, hash computations are used to ensure data integrity
  • Editability - GDPR and other privacy regulations require that users have the ability to remove data, making blockchain incompatible with privacy in many applications.  The data blockmatrix makes it possible to meet privacy requirements while retaining the assurance of data integrity provided by blockchain.
  • Performance - Maintaining integrity-assured local copies of data, especially for security and access control, drastically reduces the need for communication among networked nodes in a distributed system.  This feature of the blockmatrix is now being used in the Next Generation Database Access Control (NDAC) system (open source link below).  

Do you need a blockchain?  NIST flowchart
 

Key Capabilities

  • Modifiable blocks -a data block matrix structure that provides hash-based integrity while allowing controlled deletion or modification of data.  This capability can support privacy requirements that are difficult or impossible to meet with conventional DLT.
  • Verified time - a high-resolution time protocol that allows guaranteed time stamps to be used in place of consensus algorithms to ensure record ordering, making possible much higher throughput and higher precision timestamps that possible with conventional blockchain. 

Publications

  • J.F. DeFranco, D.F. Ferraiolo, D. R. Kuhn, and J.D. Roberts, "A Trusted Federated System to Share Granular Data Among Disparate Database Resources", IEEE Computer, Mar, 2021.  
  • D.F. Ferraiolo, J.F. DeFranco, D. R. Kuhn, and J.D. Roberts, "A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case", IEEE Network, Jan, 2021. 
  • Kuhn, R., Yaga, D., & Voas, J. (2019). Rethinking Distributed Ledger TechnologyComputer52(2), 68-72.
  • Stavrou, A., & Voas, J. (2017). Verified TimeComputer50(3), 78-82.
  • Kuhn, D. R. (2018). A Data Structure for Integrity Protection with Erasure Capability. NIST Cybersecurity Whitepaper.  

Briefings

Open source code  

Team
Rick Kuhn, NIST
Jeff Voas, NIST
Dylan Yaga, NIST
Josh Roberts, NIST
Temur Saidkhodjaev, Univ of Maryland

Additional resources

 

Contacts

Rick Kuhn
kuhn@nist.gov

Jeff Voas
jeff.voas@nist.gov

Dylan Yaga
dylan.yaga@nist.gov

Created September 24, 2019, Updated January 19, 2021