DARPA’s Perfect Encryption App and the Folly of Blockchains for Everything

Imagine ordering a powerful new pneumatic nail gun. You aren’t a roofer; you bought it mostly as a toy because you like power tools. The first thing you would do after unpackaging it is start looking around for things to nail and nail you would: walls, your workbench, walls, boards, and walls. You have a new toy- a new technology- and you want to use it wherever you can justify using it.

Seven years ago blockchains were invented as part of Bitcoin. For year one, almost no one knew the project existed. In year two, people learned how to make use of the currency. During year three, people started using a different blockchain, Namecoin, to hold domain name information in a system which was academically interesting but not widely used. Since then people have started trying to hold all kinds of things in blockchains: deeds, contracts, and all sorts of documents. On the outside, it sounds sensible: a censor-proof fully distributed persistent data storage system.

An Organization Finds a Fun Power Tool

Last week DARPA, the U.S. Defense Department’s Advanced Research Projects Agency, put out a request for prototypes for a secure messaging platform. Potential participants are tasked with creation of a platform which uses “a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger.” In particular, they want a blockchain. It’s rare that DARPA demonstrates much misunderstanding of new technology but this RFP makes it clear that DARPA has jumped on the “Just use a blockchain!” bandwagon without regard to their huge downsides. DARPA has found a nail gun and by God, it wants to use it.

The problem is that blockchains are bad at storing data. They aren’t even intended to be a data storage system- they’re a consensus mechanism and that’s it. A consensus mechanism is a way for a bunch of entities who don’t trust each other to come to a consensus about the order of events. An event may be the transfer of money or the creation of a document. Everything else that DARPA wants, blockchains cannot do. They want a system where “Regulators with access to the ledger [can] read the correspondence and thus easily verify that a transaction didn’t violate Federal Acquisition Regulations,” despite the fact that blockchains will not help with access control nor will they help to guarantee transparency. If officials and contractors don’t want a contract to be stored where regulators will review it, blockchains will not help.

DARPA wants a system to work such that “Troops on the ground in denied communications environments would have a way to securely communicate back to HQ,” despite the fact that blockchains by themselves aren’t encrypted and do nothing to help you if you have no way to communicate already. Encryption and the other features DARPA wants could certainly be layered on top but then the blockchain only serves one purpose: decentralization. According to the document, decentralization comes with two benefits: security and cost.

Two problems: Blockchains don’t secure data and they are very expensive.

“Legacy messaging and backoffice infrastructures, traditionally based on centralized, unencrypted hub-and spoke database architecture,” the document states, “are expensive, inefficient, brittle and subject to cyber attack.” Except concerning cyber attacks which I will address later, this is wrong. Centralized infrastructures are vastly cheaper and more efficient than any known decentralized system. In Amazon’s cloud, AWS, renting a pair of redundant medium-sized database servers, 100 GB of storage, 5 medium sized communication servers, and a load balancer costs $2800 per year [1]. That comes with a base performance of 300 input/output operations per second with the ability to burst if needed. In ClearChat, when one person sends a message to three people in a group, our server must do 15 database operations including the work for acknowledgments so this server setup could handle 20 messages and small files per second or 631 million per year. That’s 0.4 cents per 1000 messages. Bitcoin, on the other hand, costs about $8 per transaction, or 1.8 million times more.

The Cheaper Option

“So what?” you might ask. “Maybe the benefits are worth being 1.8 million times more expensive. Or maybe we can make a cheaper blockchain.” We can actually. Bitcoin is expensive, ultimately, because a lot of useless work is done when adding blocks to the blockchain. But this work is self-imposed- a trade-off for not having to trust anyone. But if there is a central agency, like the DoD, who packages messages and documents into blocks and adds them to their own blockchain without doing any useless work, we could allow and accept that simply because we trust DoD. They could achieve redundancy by doing this in five different data centers so that if one goes down the others can continue on just fine. But if we go this far then what is the point of using a blockchain? Why not just have DoD store messages and files, along with a time-stamp, in redundant databases that they control and from which they refuse to delete data? This would be much simpler, more flexible, and would achieve all of the same goals.

As for using blockchains to achieve cyber-security, there is nothing more secure about blockchains over a simpler append-only database. Ultimately you aren’t trusting the blockchain or database to keep your information secret- you trust your own end-to-end encryption. Companies and government should do what we’ve done: a centralized service with redundant hot servers and databases spread out across the country and protect people’s information using end-to-end encryption. Ultimately this is the inevitable outcome for DARPA’s latest challenge.


  1. MySQL database server: t2.medium multi-availability-zone: $795 / year.
    Storage: $0.230 per GB-month (SSD) x 100 GB x 1 year = $276 / year. This includes a base performance of 300 input/output operations per second but can burst much higher if needed.
    Servers: t2.medium EC2 instances (2 vCPUs with 4 GiB of memory each) x 5: $1510 / year.
    Load balancer: $0.025 / hour = $220 / year.


  • Chris DeRose says:

    The hype around blockchains started over immutability and decentralization. It has since morphed into mutable and centralized. The blockchain movement is filled with rube goldberg machines, perpetual motioneers, and inordinate scamming of the clueless.

  • Great article and fun to read. Good anology the pneumatic nail 🙂

    Some thoughts on the math: according to blockchain.info the cost of a bitcoin blockchain transaction mainly consists of the miners block reward. And therefore the comparison introduces the creation of crypto money (25BTC every 10 min) as a factor which i.m.o. better could be left out, for clarity reasons. See the explanation here:

    I would want to see a calculation where the total cost of energy per 10 minutes (1 block) that all miners burn to validate a handful of transactions (with all respect, with freedom of Trusted Third Party comes inefficiency). Your stand is still valid of course, just the math isn’t spot on yet.

    • Jonathan Warren says:

      If the only energy required to keep blockchains secure and distributed was the energy required for transaction validation then it would be appropriate to leave out the block reward in my calculation. But unfortunately that energy is required; the energy for transaction validation is necessary but not sufficient.

  • Herman Peeren says:

    Henk, an estimate from June 2015 of the total cost of energy to mine (and maintain a well distributed ledger) can be found here: http://motherboard.vice.com/read/bitcoin-is-unsustainable . According to his calculation “a single Bitcoin transaction uses roughly enough electricity to power 1.57 American households for a day. ” He comes to a total of at least 215 MW constant power consumption for Bitcoin. About 5000 times more per transaction than for centralised techniques.

    Bitcoin’s price will inevitably rise (deflate) and if the reward of mining is not decreasing enough to compensate that, more miners will be attracted and the total cost of energy per transaction will rise more. Even worse: this deflation causes a spiral to more deflation (a.o. by attracting speculation), until the bubble bursts. Also see https://yanisvaroufakis.eu/2013/04/22/bitcoin-and-the-dangerous-fantasy-of-apolitical-money/

    A solution for more efficient mining per transaction might be to increase the blocksize, but that will probably only be sufficiently done with other cryptocurrencies and the essential problem of deflation is still not solved with it. We could do with less miners, but when the ledger is not sufficiently distributed the security of the whole system is at stake…

    I’m very enthusiastic about possibilities of blockchain techniques and am exploring them but to realise dreams we first have to wake up.

3 Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *