TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Comparing Public (Permissionless) and Private (Permissioned) Blockchains – What is Best for Banking and Payment Services

Comparing Public (Permissionless) and Private (Permissioned) Blockchains – What is Best for Banking and Payment Services

November 09, 2020

In this article, we will explain how blockchains work, what are the differences between public and permissioned blockchain networks, and how banks currently position themselves in regards to these networks.

Since the first Bitcoin paper authored by Satoshi Nakamoto was released on 31 October 2008, the concept of blockchain networks has increasingly gained more attention in the financial world. Initially restricted to only the ecosystem of crypto-values, the blockchain has recently caught the interest of the retail banking industry.

The earliest stages of blockchain technology were turbulent with frauds, scandals, and large quantities of cryptocurrencies being regularly stolen from online wallet providers. The Bitcoin is unfortunately often associated with tax evasion, crime, and all sorts of nefarious traffic, like what is often found on the Darknet, for example.

Blockchain technology has proven to be a redoubtable adversary with several unique assets. One of them is that it can totally reduce fraudulent transactions and operate in a totally distrusted environment, e.g. an environment where most parties are distrusting each other. This fits well the actual worldwide social trend with consumers having, unfortunately, increasing distrust in ‘traditional banking’ practices.

Banks are well aware of this trend and risk being distanced in the future if they appear obsolete and ‘old-fashioned’ if they cannot compete with cryptocurrency-based financial systems. As such, blockchain appears to be extremely disruptive for the banking industry. However, while blockchain might appear to be a nemesis to banking and FIs, the industry could actually benefit from this technology that can make transactions more secure, faster, and reduce operating costs.

As of this November 2019 writing, there are several projects and pilots being conducted by banks and financial third parties. Nevertheless, it must be noted that there is no norm or specification ruling the use of blockchain and that blockchain-based banking is at an early prototyping and experimental phase.

An Overview of Blockchain Technologies

The premise of blockchain is the creation of a cryptographically-secure chain of blocks that no one could tamper with. Its original idea stems from a 1991 paper authored by Stuart Haber and W. Scott Stornetta titled “How to Time-Stamp a Digital Document.”

What many do not realize is that the concept of blockchain previously existed in theoretical computer science, with the Paxos protocol, for example. The origin of the blockchain can be found in a general distrust towards the “established” chain of trust with “legitimate” bodies (notary, attorneys, etc.).

The blockchain concept evolved after a paper written by Satoshi Nakamoto, named “Bitcoin: A Peer-to-Peer Electronic Cash System” was published in October 2008. Nakamoto’s paper introduced the blockchain concept in the context of peer-to-peer financial transactions.

An electronic coin is defined as a chain of signatures. Nakamoto’s concept is different from the initial concept introduced by Haber and Stornetta because the signatures are chained, and not concatenated independently of each other. Each time the coin is transferred to another user, the chain of signature that represents the coin increases.

Signatures, Public-Keys, hashs, permissioned-blockchains

Such a system needs an authority to prevent coins from being double-spent. With Nakamoto’s original blockchain concept, a central authority is not considered as a valid solution because all the trust relies on a single entity.

The solution chosen by Nakamoto was to publish the transactions by using a timestamp server. Rather than publishing the transaction to a web server like Usenet or any public chat group, Nakamoto preferred to develop the concept of proof-of-work. The proof-of-work consists of proving that a certain hash containing a certain amount of leading zeros has been generated. Additional reinforcement systems are added to make the whole process more secure before reaching a decision whether to approve the transaction or not.

The puzzle to solve is the following. Find a nonce (and, therefore, a hash) such that

SHA256(“blockchain” + Nonce) = Hash Digest starting with “000000”

The quantity of leading zeros defines the difficulty of the challenge.

The proof-of-work is in BTC, a cryptographic puzzle that can be solved by anyone equipped with enough hardware. It is usually called mining. Mining is a rewarding operation where each miner competes against each other. The idea is again that ‘honest’ miners are dominating, therefore, the chosen block will always be trustworthy.

Mining is also a protection against denial-of-service (DoS) because of the inner difficulty of the challenge, and as such, it acts as a protective and defensive barrier.

Mining is a consensus since the competition will lead to a decision.

Other such consensus systems include:

  • Proof of stake
  • Delegated/leased proof of stake
  • Round-robin
  • Proof of authority/identity
  • Proof of elapsed time
  • Proof of uniqueness
  • Proof of possession
  • Byzantine fault tolerance (practical/simplified/delegated)
  • Directed acyclic graphs
  • Proof of activity
  • Proof of importance
  • Proof of capacity
  • Proof of burn
  • Proof of weight
  • Proof of technology

Since the computed hashes containing the timestamps are incorporated into each block, the whole blockchain cannot be modified at all by an attacker. The BTC blockchain consists of a chain of so-called blocks, containing a header and block data. The block data represents the transactions and other similar data.

The block data represents a list of transactions

The block data represents a list of transactions, not just one transaction.

Blocks are published over time. Determining which users (“miners”) will publish the next block lies in the consensus process.

The motivation to publish blocks is pure and simple, financial gain. The users who are inside the blockchains are not specifically seeking the well-being or harmony of the system. Nevertheless, a consensus model is needed so that distrusted users will cooperate.

Every blockchain network has a genesis block (e.g. the “initial one” without no predecessor). After the genesis block, more blocks are added one after the other.

The proof of work is also referred to as mining because it consumes real physical energy resources, such as electricity and processor power, for instance.

As we mentioned earlier, the proof-of-work is not the only possible consensus. There is also the proof-of-stake.

While the proof-of-work is used in Bitcoin, proof-of-stake is also of interest. For example, the Ethereum network is imminently moving to proof-of-stake. The proof-of-stake, same as the proof-of-work, allows a user to demonstrate an interest in the system with the idea that the more a user has invested time, resources, energy, etc. in a system, the less he is prone to be malevolent against it.

Differences between Public and Private Permissioned Blockchain Networks

Next, we will discuss permissioned blockchains and how banks can benefit by using blockchain technologies. Admittedly, there are several problems with public blockchain networks.

In a public blockchain network, transactions are openly published and anyone can read them. This is good in terms of transparency but may not suit a bank that obviously cannot allow just anyone to view the transactions of its customers.

Besides this, open networks often use proof-of-work and costly competition between miners. This is totally irrelevant to banks. In general, consensus algorithms used by open networks do not suit banks.

As we mentioned earlier, blockchain is a concept and not a fixed norm. Consequently, several variations of the original blockchain, as described by Nakamoto have been created over the years. Recently, permissioned blockchains were introduced and developed by frameworks such as Corda, Hyperledger, Riddle, or Quorum for instance.

Permissioned blockchains require authentication in order for users to join them. Besides being private, they have several conditional access features for users to obtain permission to operate at given levels.

Benefits of Permissioned Blockchains

Permissioned blockchains are efficient in terms of performance when compared to public blockchains. Indeed, they have but a limited number of nodes over the platforms that operate them. Since permissioned blockchains have their own nodes to validate transactions (like the notaries nodes in the Corda framework), this improves their overall performance.

Permissioned blockchains are organized through governance. Rules can be updated faster directly by privileged administrators rather than by ‘community cooperation.

In public blockchain, the consensus is often ruled by self-interest rather than caring about the safety and well-functioning of the network. This may induce slower updates as compared to a private dedicated consensus.

Permissioned blockchains use decentralized storage, using the inherently decentralized nature of blockchains.

Finally, permissioned blockchains reduce operating costs for banks and FIs.

Banks and Permissioned Blockchains

New call-to-action

The features of permissioned blockchains make them an ideal solution for banks. By building their own blockchain systems and eventually interoperating with others (permissioned or public) blockchains, banks may be able to expand their traditional mandate and offer additional financial services. For this, they will need to transform their systems into a platform that may take various forms.

Banks will also need to define how users will access their wallets and how they will need to be authenticated and identified to the network. In a public blockchain, users are identified only by their public keys. In a bank blockchain network, this may be quite different. The whole system will rely on a  strong, complex, well-designed, and ultra-secure PKI.

Summary

While still at an early stage, there is a real interest within the banking industry to build their own blockchains systems that are now taking the shapes of private permissioned blockchains using technologies provided by Corda, Hyperledger, Quorum, and others. To be efficient, these bank permissioned networks will need a strong PKI architecture and a well-thought security infrastructure involving HSMs and key management servers.

New call-to-action

References and Further Reading

  • Learn more about Utimaco’s HSMs for blockchains
  • More articles on permissioned blockchains (2018 – today), by Martin Rupp, Priyank Kumar, Ulrich Scholten, Asim Mehmood, Dawn M. Turner and more
  • More articles on eIDAS (2018 – today), by Gaurav Sharma, David McNeal and more
  • More articles on HSMs (2018 – today) by Terry Anton, Dawn M. Turner and more
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

MIcrosec JJNet International Co., Limited - Utimaco Hardware Security Modules Partner CewTec S.A. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner PrimeKey Labs GmbH Cyber Armor Pte Ltd Cryptomathic GmbH IQuantics Corp CertiSur S.A. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner intarsys AG Macroseguridad EUROPEAN DYNAMICS SA. PKI Solutions Inc. Telegrupp AS Compumatica secure networks GmbH Fornetix - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Real security d.o.o. CREA plus d.o.o. Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Cryptomathic A/S Altacom UAB Perceptus-sp.-z-o.-o. Ascertia - Utimaco Hardware Security Modules Partner E-Sign S.A. Safesoft Kft. Fortiedge Pte Ltd. Nexus - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. AKEA S.A. - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner VAR Group SpA - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner CEGA Security Cryptomathic Inc. Abrantix AG Rohde & Schwarz Cybersecurity GmbH cv cryptovision GmbH Utimaco HSM - QuintessenceLabs Compumatica secure networks B.V. MTG - Utimaco Hardware Security Modules Partner Utimaco HSM - PTESA_profesionales en transacciones electronicas Encryption Consulting LLC MALKOM D.Malińska i Wspólnicy s.j. Versasec Utimaco HSM - InfoGuard Swiss Cyber Security Cogito Group Pty Ltd Primekey Solutions AB CREAplus Italia S.r.l Nexus Technology GmbH Clearkey Consulting - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Thomas-Krenn.AG Baas Control s.r.o. Softline Solutions GmbH Microexpert Limited ESYSCO Sp. z o.o.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research