By Nicola Zimmermann (Gandhi) and Kenneth
Every time I study a topic, I like to go to Wikipedia to get an overview. While I was looking up an article about decentralized Apps, to my surprise, I saw an almost-empty page. But at least there was a definition of dApps, which looked like this:
- The code is open-source and autonomously managed
- Records and data are stored using blockchain, providing trustless interaction and avoiding any single point of failure
- Use cryptographic tokens to reward users providing computing power
- Tokens generated through a cryptographic algorithm
This basically describes blockchains and smart contracts, which has led me to the conclusion that currently, dApps are equal to blockchains and smart contracts. They get executed in the blockchain Virtual Machine (VM) and require consensus, so everybody can trust them, but are these truly decentralized? I would argue that this type of dApp is a consensus-based app rather than a decentralized App.
What makes an App decentralized?
According to Rong Chen, the founder of Elastos, an app needs to get rid of all middle men to become truly decentralized. In essence, this means that a dApp is not making use of :
- Media Players (Word, Acrobat Reader, video player, music player, etc.)—
They can manipulate data and are a way to distribute malware.
- Central servers for data storage—
Data stored on a central server can be manipulated by the owner and is an easy target for hackers.
- Centralized ways of routing data—
TCP/IP and http protocol as well as DNS allows for MIM and DDoS attacks.
- Central authority to provide trust and consensus—
Big international corporations like Google, Facebook, Alibaba, or the big Banks, can be a single point of failure.
Consensus-based apps (currently called dApps) only make one of these four intermediaries obsolete: the central authority to provide trust and consensus. Elastos is proposing a solution for the remaining three.
- In the Elastos ecosystem, there is no such thing as a media player. All data is executable code which runs in the Elastos C++ Virtual Machine. For example, there is no longer any need for software to interpret a movie on Elastos because it is not a file which is played in a video player, instead, you can think of it as a game with very basic controls like pause, play, fast forward and rewind.
- Elastos is primarily using InterPlanetary File System (IPFS) and mobile IPFS (in development together with their partner Zapya/Viewchain) as a decentralized solution for data storage. You can also host your own data on your own device at home. For example: on your computer, NAS drive or any other device with built in storage capability that is connected to your router. As long as the router has connection to the internet you will always be able to access your data and no one can block it.
- The Elastos Smart Web is a peer-to-peer network, making use of Distributed Hash Table (DHT) technology. All network traffic is end-to-end encrypted and handled by the Elastos Carrier which is completely autonomous. Instead of IP’s, Elastos is using Decentralized ID’s (DID), and instead of DNS there will be an Elastos name-service on the blockchain.
The fourth intermediary has already been replaced by the blockchain in consensus-based apps, but since the other three remain, there are still some major issues in their architecture:
(1) Blockchains which run a lot of different smart contracts get congested easily.
(2) Blockchains are not designed to run apps; they are way too slow for this. You can think of a blockchain as a distributed computer which requires consensus for every operation. This makes it very slow. Additionally, everyone is using the same computer, which only amplifies the problem.
(3) You need a way to interact with the blockchain. This is mostly done with web apps, currently, but it becomes an enormous security threat because of Man-in-the-Middle (MIM) and Denial of Service (DDoS) attacks, malware, and traffic monitoring.
Consensus-based dApps are a great tool to build trust, but are they really decentralized? While it is true that the information stored on the blockchain is safe and can’t be tampered with, it still relies on a centralized and insecure way of obtaining the data, interpreting the data with a browser or a traditional app, and most importantly, blockchains are very inefficient at storing large amounts of data.
For the average end-user it is very hard, if not impossible, to make sure that information requested from the blockchain is not manipulated by a malicious entity while being transported and interpreted by the software on his or her device. This makes consensus-based dApps very vulnerable, as we have seen with countless DNS, DDoS, and MIM attacks, or with malware being used to spy on people’s private keys. Let’s take a look at how
Elastos is solving these issues:
(1) The congestion problem is solved by using a main chain/sidechain structure. Every dApp can have their own sidechain with whatever consensus mechanism they deem fit. If they need the highest security available in the industry, they can make use of Elastos‘ Proof of Work (PoW) which is merge-mined with Bitcoin (starting December 2018). If more Transactions Per Second (TPS) is required, dApps can go for Elastos‘ Delegated Proof of Stake (DPoS), and if they need finality of blocks they can make their own sidechain with a dBFT consensus or use NEO once the NeoVM has been ported to Elastos.
(2) dApps on Elastos don’t run on the Blockchain itself, but in a VM on your device called Elastos RunTime; every dApp runs in its own sandboxed environment. The only thing that gets executed on the blockchain are smart contracts which are part of the dApp. For example, to make micro transactions in the dApp. However, we can trust these dApps as much as we trust the Elastos blockchain since every dApp has a unique ID which is saved on the blockchain and before the dApp gets executed, this ID is checked against the blockchain by the Elastos Runtime. The Runtime also verifies that the dApp hasn’t been tampered with and vice versa.
(3) The third problem is solved by using a truly decentralized Peer-to-Peer network with Decentralized ID‘s stored on the blockchain. No dApp running on Elastos has direct access to the network. All the network traffic is handled by the Elastos Carrier. All connections are blacklisted by default, and only whitelisted connections will be allowed by the Runtime.
I do not fully agree with the definition of dApps on Wikipedia. In my opinion, they are describing a consensus-based dApp which is not decentralized per se. Even Vitalik Buterin himself has acknowledged recently that a blockchain is not decentralized; it still has a single point of failure: the code itself.
Granted, the possibility of this becoming an issue is relatively small since most blockchains are open source and have a way to update their code, but to have a truly decentralized system you need a network of blockchains and dApps. You need a network operating system to guarantee that every connected device, dApp, blockchain or person has free access to the network. You need an autonomous and decentralized Carrier and ID-issuance service to make sure no one can be locked out of the Smart Web. You need a secure, sandboxed environment to run dApps on almost every device available today in order to guarantee security against data theft and malware. And last but not least, you need a community to bring traffic to the network and to maintain it, build dApps, and thus create an ecosystem strong enough to convince everybody to use it. Only when we have achieved these things can we have truly decentralized and trustless apps and a digital peer-to-peer economy.
Elastos is making this dream a reality. The Elastos Smart Web alpha version goes live in August this year, and in December 2018 when the public merged-mining with BTC begins, we will have a decentralized and secure internet which allows for personal ownership of data—just like the earliest internet pioneers envisioned it in the 1980’s.