Blockchain challenges and opportunities: a survey 355

a technical report about blockchain (NRI, 2015). In contrast to (NRI, 2015), our paper
focuses on state-of-art blockchain studies including recent advances and future trends.
This paper is an extended version of the work published in Zheng et al. (2017) with the
substantial extensions on blockchain technical details, consensus algorithms, applications
of blockchains, research challenges and future directions.
The rest of this paper is organised as follows. Section 2 introduces blockchain
architecture. Section 3 shows typical consensus algorithms used in the blockchain. Section 4
introduces several typical blockchain applications. Section 5 summarises the technical
challenges and the recent advances in this area. Section 6 discusses some possible future
directions and Section 7 concludes the paper.

2 Blockchain architecture

The blockchain is a sequence of blocks, which holds a complete list of transaction records
like conventional public ledger (Lee Kuo Chuen, 2015). Figure 1 illustrates an example of
a blockchain. Each block points to the immediately previous block via a reference that is
essentially a hash value of the previous block called parent block. It is worth noting that
uncle blocks (children of the block’s ancestors) hashes would also be stored in ethereum
blockchain (Buterin, 2014). The first block of a blockchain is called genesis block which
has no parent block. We then introduce the block structure in Section 2.1, a digital signature
mechanism in Section 2.2. We also summarise blockchain key characteristics in Section 2.3.
Blockchain taxonomy is showed in Section 2.4.

Figure 1 An example of blockchain which consists of a continuous sequence of blocks (see online
version for colours)

'()*&#+&,"#$%&!"# '()*&#+&,"#$%&! '()*&#+&,"#$%&!&#

'()*&#+&,"#$%&'

!"#$%&'#( )*+,$ !"#$%&'#( )*+,$ !"#$%&'#( )*+,$

!"#$%&'#( )*+,$

-.&# -.&$ -.&% -.&# -.&$ -.&% -.&# -.&$ -.&%

-.&# -.&$ -.&%

/010)2)&,"#$%& !"#$%&! !"#$%&!&# !"#$%&!&$

2.1 Block

A block consists of the block header and the block body as shown in Figure 2. In particular,
the block header includes:

• Block version: indicates which set of block validation rules to follow.

• Parent block hash: a 256-bit hash value that points to the previous block.
• Merkle tree root hash: the hash value of all the transactions in the block.
• Timestamp: current timestamp as seconds since 1970-01-01T00:00 UTC.
• nBits: current hashing target in a compact format.
• Nonce: a 4-byte field, which usually starts with 0 and increases for every hash
calculation (will be explained in details in Section 3).
356 Z. Zheng et al.
The block body is composed of a transaction counter and transactions. The maximum
number of transactions that a block can contain depends on the block size and the size
of each transaction. Blockchain uses an asymmetric cryptography mechanism to validate
the authentication of transactions (NRI, 2015). A digital signature based on asymmetric
cryptography is used in an untrustworthy environment. We next briefly illustrate digital
signature.

Figure 2 Block structure (see online version for colours)

2.2 Digital signature

Each user owns a pair of private key and public key. The private key is used to sign the
transactions. The digital signed transactions are spread throughout the whole network and
then are accessed by public keys, which are visible to everyone in the network. Figure 3
shows an example of digital signature used in blockchain. The typical digital signature is
involved with two phases: the signing phase and the verification phase. Take Figure 3 as
an example again. When a user Alice wants to sign a transaction, she first generates a hash
value derived from the transaction. She then encrypts this hash value by using her private
key and sends to another user Bob the encrypted hash with the original data. Bob verifies the
received transaction through the comparison between the decrypted hash (by using Alice’s
public key) and the hash value derived from the received data by the same hash function as
Alice’s. The typical digital signature algorithms used in blockchains include elliptic curve
digital signature algorithm (ECDSA) (Johnson et al., 2001).

Figure 3 Digital signature used in blockchain (see online version for colours)
 Blockchain challenges and opportunities: a survey 357
2.3 Key characteristics of blockchain

In summary, blockchain has following key characteristics.

• Decentralisation. In conventional centralised transaction systems, each transaction
needs to be validated through the central trusted agency (e.g., the central bank)
inevitably resulting the cost and the performance bottlenecks at the central servers.
Differently, a transaction in the blockchain network can be conducted between any
two peers (P2P) without the authentication by the central agency. In this manner,
blockchain can significantly reduce the server costs (including the development cost
and the operation cost) and mitigate the performance bottlenecks at the central server.
• Persistency. Since each of the transactions spreading across the network needs to be
confirmed and recorded in blocks distributed in the whole network, it is nearly
impossible to tamper. Additionally, each broadcasted block would be validated by
other nodes and transactions would be checked. So any falsification could be
detected easily.
• Anonymity. Each user can interact with the blockchain network with a generated
address. Further, a user could generate many addresses to avoid identity exposure.
There is no longer any central party keeping users’ private information. This
mechanism preserves a certain amount of privacy on the transactions included in the
blockchain. Note that blockchain cannot guarantee the perfect privacy preservation
due to the intrinsic constraint (details refer to Section 5).
• Auditability. Since each of the transactions on the blockchain is validated and
recorded with a timestamp, users can easily verify and trace the previous records
through accessing any node in the distributed network. In Bitcoin blockchain, each
transaction could be traced to previous transactions iteratively. It improves the
traceability and the transparency of the data stored in the blockchain.

2.4 Taxonomy of blockchain systems

Current blockchain systems can be roughly categorised into three types: public blockchain,
private blockchain and consortium blockchain (Buterin, 2015). We compare these three
types of blockchain from different perspectives. The comparison is listed in Table 1.
• Consensus determination. In public blockchain, each node could take part in the
consensus process. And only a selected set of nodes are responsible for validating the
block in consortium blockchain. As for private chain, it is fully controlled by one
organisation who could determine the final consensus.
• Read permission. Transactions in a public blockchain are visible to the public while
the read permission depends on a private blockchain or a consortium blockchain. The
consortium or the organisation could decide whether the stored information is public
or restricted.
• Immutability. Since transactions are stored in different nodes in the distributed
network, so it is nearly impossible to tamper the public blockchain. However, if the
majority of the consortium or the dominant organisation wants to tamper the
blockchain, the consortium blockchain or private blockchain could be reversed or
tampered.
358 Z. Zheng et al.
• Efficiency. It takes plenty of time to propagate transactions and blocks as there are a
large number of nodes on public blockchain network. Taking network safety into
consideration, restrictions on public blockchain would be much more strict. As a
result, transaction throughput is limited and the latency is high. With fewer
validators, consortium blockchain and private blockchain could be more efficient.
• Centralised. The main difference among the three types of blockchains is that public
blockchain is decentralised, consortium blockchain is partially centralised and
private blockchain is fully centralised as it is controlled by a single group.
• Consensus process. Everyone in the world could join the consensus process of the
public blockchain. Different from public blockchain, both consortium blockchain
and private blockchain are permissioned. One node needs to be certificated to join the
consensus process in consortium or private blockchain.

Since public blockchain is open to the world, it can attract many users. Communities are also
very active. Many public blockchains emerge day by day. As for consortium blockchain, it
could be applied to many business applications. Currently, Hyperledger (hyperledger, 2015)
is developing business consortium blockchain frameworks. Ethereum also has provided
tools for building consortium blockchains (ethereum, n.d.). As for private blockchain, there
are still many companies implementing it for efficiency and auditability.

Table 1 Comparisons among public blockchain, consortium blockchain and private blockchain

Property Public blockchain Consortium blockchain Private blockchain

Consensus determination All miners Selected set of nodes One organisation
Read permission Public Could be public Could be public
or restricted or restricted
Immutability Nearly impossible Could be tampered Could be tampered
to tamper
Efficiency Low High High
Centralised No Partial Yes
Consensus process Permissionless Permissioned Permissioned

3 Consensus algorithms

In blockchain, how to reach consensus among the untrustworthy nodes is a transformation

of the Byzantine Generals (BG) Problem (Lamport et al., 1982). In BG problem, a group
of generals who command a portion of Byzantine army circle the city. The attack would
fail if only part of the generals attack the city. Generals need to communicate to reach
an agreement on whether attack or not. However, there might be traitors in generals. The
traitor could send different decisions to different generals. This is a trustless environment.
How to reach a consensus in such an environment is a challenge. It is also a challenge for
blockchain as the blockchain network is distributed. In blockchain, there is no central node
that ensures ledgers on distributed nodes are all the same. Nodes need not trust other nodes.
Thus, some protocols are needed to ensure that ledgers in different nodes are consistent.
We next present several common approaches to reach consensus in the blockchain.
 Blockchain challenges and opportunities: a survey 359
3.1 Approaches to consensus

Proof of work (PoW) is a consensus strategy used in Bitcoin network (Nakamoto, 2008).
POW requires a complicated computational process in the authentication. In POW, each
node of the network is calculating a hash value of the constantly changing block header.
The consensus requires that the calculated value must be equal to or smaller than a certain
given value. In the decentralised network, all participants have to calculate the hash value
continuously by using different nonces until the target is reached. When one node obtains
the relevant value, all other nodes must mutually confirm the correctness of the value. After
that, transactions in the new block would be validated in case of frauds. Then, the collection
of transactions used for the calculations is approved to be the authenticated result, which
is denoted by a new block in the blockchain. The nodes that calculate the hashes are called
miners and the POW procedure is called mining. Since the calculation of the authentication
is a time-consuming process, an incentive mechanism (e.g., granting a small portion of
Bitcoins to the miner) is also proposed (Nakamoto, 2008).
In the decentralised network, valid blocks might be generated simultaneously when
multiple nodes find the suitable nonce nearly at the same time. As a result, branches (or forks)
may be generated as shown in Figure 4. However, it is unlikely that two competing forks will
generate next block simultaneously. In POW protocol, a chain that becomes longer thereafter
is judged as the authentic one. Take Figure 4 as an example again. Consider two forks
created by simultaneously validated blocks B11 and G11. Miners work on both the forks
and add the newly generated block to one of them. When a new block (say B12) is added to
block B11, the miners working on fork G11-G12 will switch to B12. Block G12 in the fork
G11-G12 becomes an orphan block since it is no longer increased. Generally, after a certain
number of new blocks are appended to the blockchain, it is nearly impossible to reverse
the blockchain to tamper the transactions. In Bitcoin blockchain, when approximately six
blocks are generated, the relevant blockchain is considered to be the authentic one (e.g., the
chain of blocks B11, B12, B13, B14, B15 and B16 in Figure 4). Block interval depends on
different parameter setting. Bitcoin block is generated about every 10 min while Ethereum
block is generated about every 17 s.

Figure 4 An scenario of blockchain branches (the longer branch would be admitted as the main
chain while the shorter one would be deserted) (see online version for colours)

!" !#$ !## !#% !#& !#' !#( !#)

!"#$%&'(")#$*+*,-.%"-/$01'/"-2"1,'"*$(('*1"$%'

*## *#%

Miners have to do a lot of computer calculations in PoW, yet these works waste too much
resources. To mitigate the loss, some PoW protocols in which works could have some side-
applications have been designed. For example, Primecoin (King, 2013) searches for special
prime number chains which can be used for mathematical research. Instead of burning
electricity for mining the POW block, proof of burn (P4Titan, 2014) asks miners to send
360 Z. Zheng et al.
their coins to addresses where they cannot be redeemed. By burning coins, miners get
chances for mining blocks and they do not need powerful hardwares as POW.
Proof of stake (PoS) is an energy-saving alternative to POW. Instead of demanding users
to find a nonce in an unlimited space, POS requires people to prove the ownership of the
amount of currency because it is believed that people with more currencies would be less
likely to attack the network. Since the selection based on account balance is quite unfair
because the single richest person is bound to be dominant in the network. As a result, many
solutions are proposed with the combination of the stake size to decide which one to forge
the next block. In particular, Blackcoin (Vasin, 2014) uses randomisation to predict the next
generator. It uses a formula that looks for the lowest hash value in combination with the
size of the stake. Peercoin (King and Nadal, 2012) favours coin age-based selection. In
Peercoin, older and larger sets of coins have a greater probability of mining the next block.
Compared with PoW, PoS saves more energy and is more effective. Unfortunately, as the
mining cost is nearly zero, attacks might come as a consequence. Many blockchains adopt
PoW at the beginning and transform to PoS gradually. For instance, Ethereum is planning
to move from Ethash (a kind of PoW) (Wood, 2014) to Casper (a kind of PoS) (Zamfir,
2015). To combine the benefits of POW and POS, proof of activity (Bentov et al., 2014) is
proposed. In proof of activity, a mined block needs to be signed by N miners to be valid.
In that way, if some owner of 50% of all coins exists, he/she cannot control the creation of
new blocks on his/her own. Sometimes stake could be other things, for example, in proof of
capacity (burstcoin, 2014), miners have to allocate large hard drive space to mine the block.
Practical byzantine fault tolerance (PBFT) is a replication algorithm to tolerate byzantine
faults (Miguel and Barbara, 1999). Hyperledger Fabric (hyperledger, 2015) utilises the
PBFT as its consensus algorithm since PBFT could handle up to 1/3 malicious byzantine
replicas. A new block is determined in a round. In each round, a primary would be selected
according to some rules. And it is responsible for ordering the transaction. The whole process
could be divided into three phase: pre-prepared, prepared and commit. In each phase, a node
would enter next phase if it has received votes from over 2/3 of all nodes. So PBFT requires
that every node is known to the network. Like PBFT, Stellar consensus protocol (SCP)
(Mazieres, 2015) is also a Byzantine agreement protocol. There is no hashing procedure in
PBFT. In PBFT, each node has to query other nodes while SCP gives participants the right
to choose which set of other participants to believe. Based on PBFT, Antshares (antshares,
2016) has implemented their delegated byzantine fault tolerance (dBFT). In dBFT, some
professional nodes are voted to record the transactions instead of all nodes.
Delegated proof of stake (DPOS). Similar to POS, miners get their priority to generate
the blocks according to their stake. The major difference between POS and DPOS is that
POS is a direct democratic while DPOS is representative democratic. Stakeholders elect
their delegates to generate and validate a block. With significantly fewer nodes to validate
the block, the block could be confirmed quickly, making the transactions confirmed quickly.
Meanwhile, the parameters of the network such as block size and block intervals could
be tuned. Additionally, users do not need to worry about the dishonest delegates because
the delegates could be voted out easily. DPOS has already been implemented, and is the
backbone of Bitshares (bitshares, n.d.).
Ripple (Schwartz et al., 2014) is a consensus algorithm that utilises collectively-trusted
subnetworks within the larger network. In the network, nodes are divided into two types: a
server for participating consensus process and client for only transferring funds. In contrast
to that PBFT nodes have to ask every node in the network, each Ripple server has a Unique
Node List (UNL) to query. UNL is important to the server. When determining whether to
 Blockchain challenges and opportunities: a survey 361
put a transaction into the ledger, the server would query the nodes in UNL. If the received
agreements have reached 80%, the transaction would be packed into the ledger. For a node,
the ledger will remain correct as long as the percentage of faulty nodes in UNL is less than
20%.
Tendermint (Kwon, 2014) is a byzantine consensus algorithm. A new block is
determined in a round. A proposer would be selected to broadcast an unconfirmed block in
this round. So all nodes need to be known for proposer selection. It could be divided into
three steps:

• Prevote step. Validators choose whether to broadcast a prevote for the proposed
block.
• Precommit step. If the node has received more than 2/3 of prevotes on the proposed
block, it broadcasts a precommit for that block. If the node has received over 2/3 of
precommits, it enters the commit step.
• Commit step. The node validates the block and broadcasts a commit for that block. if
the node has received 2/3 of the commits, it accepts the block.

The process is quite similar to PBFT, but Tendermint nodes have to lock their coins to
become validators. Once a validator is found to be dishonest, it would be punished.

3.2 Consensus algorithms comparison

Different consensus algorithms have different advantages and disadvantages. Table 2 gives
a comparison between different consensus algorithms and we use the properties given by
(Vukolić, 2015).

• Node identity management. PBFT needs to know the identity of each miner in order
to select a primary in every round while Tendermint needs to know the validators in
order to select a proposer in each round. For PoW, PoS, DPOS and Ripple, nodes
could join the network freely.
• Energy saving. In PoW, miners hash the block header continuously to reach the target
value. As a result, the amount of electricity required to process has reached an
immense scale. As for PoS and DPOS, miners still have to hash the block header to
search the target value but the work has been largely reduced as the search space is
designed to be limited. As for PBFT, Ripple and Tendermint, there is no mining in
the consensus process. So it saves energy greatly.
• Tolerated power of the adversary. Generally 51% of hash power is regarded as the
threshold for one to gain control of the network. But selfish mining strategy (Eyal
and Sirer, 2014) in PoW systems could help miners to gain more revenue by only
25% of the hashing power. PBFT and Tendermint are designed to handle up to 1/3
faulty nodes. Ripple is proved to maintain correctness if the faulty nodes in a UNL is
less than 20%.
• Example. Bitcoin is based on PoW while Peercoin is a new peer-to-peer PoS
cryptocurrency. Further, Hyperledger Fabric utilises PBFT to reach consensus.
Bitshares, a smart contract platform, adopts DPOS as their consensus algorithm.
Ripple implements the Ripple protocol while Tendermint devises the Tendermint
protocol.
362 Z. Zheng et al.
PBFT and Tendermint are permissioned protocols. Node identities are expected to be known
to the whole network, so they might be used in commercial mode rather than public. PoW
and PoS are suitable for public blockchain. Consortium or private blockchain might have
preference for PBFT, Tendermint, DPOS and Ripple.

Table 2 Typical consensus algorithms comparison

Property PoW PoS PBFT DPOS Ripple Tendermint

Node identity Open Open Permissioned Open Open Permissioned
management
Energy saving No Partial Yes Partial Yes Yes
Tolerated < 25% < 51% < 33.3% < 51% < 20% < 33.3%
power computing stake faulty validators faulty nodes byzantine
of adversary power replicas in UNL voting power
Example Bitcoin Peercoin Hyperledger Bitshares Ripple Tendermint
Fabric

3.3 Advances on consensus algorithms

A good consensus algorithm means efficiency, safety and convenience. Current common
consensus algorithms still have many shortages. New consensus algorithms are devised
aiming to solve some specific problems of the blockchain. The main idea of PeerCensus
(Decker et al., 2016) is to decouple block creation and transaction confirmation so that
the consensus speed can be significantly increased. Besides, Kraft (Kraft, 2016) proposed
a new consensus method to ensure that a block is generated in a relatively stable speed.
It is known that high blocks generation rate compromise Bitcoin’s security. So the
Greedy Heaviest-Observed Sub-Tree (GHOST) chain selection rule (Sompolinsky and
Zohar, 2013) is proposed to solve this problem. Instead of the longest branch scheme,
GHOST weights the branches and miners could choose the better one to follow. Chepurnoy et
al. (Chepurnoy et al., 2016) proposed a new consensus algorithm for peer-to-peer blockchain
systems where anyone who provides non-interactive proofs of retrievability for the past
state snapshots is agreed to generate the block. In such a protocol, miners only have to store
old block headers instead of full blocks.

4 Applications of blockchain

There is a diverse of applications of blockchain technology. In this section, we summarise

several typical applications of blockchain. We roughly categorise the applications of the
blockchain into finance in Section 4.1, IoT in Section 4.2, public and social services in
Section 4.3, reputation system in Section 4.4 and security and privacy in Section 4.5. Figure 5
illustrates 5 representative application domains of the blockchain.
 Blockchain challenges and opportunities: a survey 363
Figure 5 Representative application domains of blockchain (see online version for colours)

xFinancial Services
xSecurity Enhancement xEnterprise Transformation
xPrivacy Protection Finance xP2P Financial Market
x... xRisk Management
xĊ

xE-business
Security xSafety and Privacy
and IoT x...
Privacy Blockchain
(Applications)

Public and
Reputation Social xLand Registration
System xEnergy Saving
Service
xAcademics xEducation
xWeb Community xFree-Speech Right
x... x...

4.1 Finance

• Financial services. The emergency of blockchain systems such as Bitcoin

(Nakamoto, 2008) and (hyperledger, 2015) has brought a huge impact on traditional
financial and business services. Peters et al. (Peters and Panayi, 2015) discussed that
blockchain has the potential to disrupt the world of banking. Blockchain technology
could be applied to many areas including clearing and settlement of financial assets
etc. Besides, Morini (2016) showed that there are real business cases like
collateralisation of financial derivatives that could leverage blockchain to reduce
costs and risks. Blockchain has also caught tremendous attention in the eyes of large
software companies: Microsoft Azure (azure, 2016) and IBM (ibm, 2016) are
beginning to offer Blockchain-as-a-Service.
• Enterprise transformation. In addition to the evolution of financial and business
services, blockchain can help traditional organisations to complete the enterprise
transformation smoothly. Consider an example of postal operators (POs). Since
traditional postal operators (POs) act as a simple intermediary between merchants
and customers, blockchain and cryptocurrency technology can help POs to extend
their simple roles with the provision of new financial and un-financial services. In
Jaag et al. (2016), Jaag and Bach explored opportunities of arising blockchain
technology for POs and claimed that each PO could issue their own postcoin which is
a kind of colored coin of Bitcoin. Since the POs are viewed as a trusted authority by
the public, postcoin could be prevailed quickly with their dense retail network. In
addition, it is also shown in Jaag et al. (2016) that blockchain technology offers
business opportunities for POs in identity services, device management and supply
chain management.
• P2P financial market. Blockchain could also help build a P2P financial market in a
secure and reliable way. Noyes explored ways of combining peer-to-peer
364 Z. Zheng et al.
mechanisms and multiparty computation protocols to create a P2P financial MPC
(Multiparty Computation) market (Noyes, 2016b). Blockchain-based MPC market
allows offloading computational tasks onto a network of anonymous peer-processors.
• Risk management. Risk management framework plays a significant role in financial
technology (FinTech) and now it can be combined with blockchain to perform better.
Pilkington (Pilkington, 2016) provided a novel risk-management framework, in
which blockchain technology is used to analyse investment risk in the
Luxembourgish scenario. Investors who nowadays hold securities through chains of
custodians tend to face the risk of any of these failings. With the help of blockchain,
investments and collaterals can be decided quickly instead of going through
long-term consideration. Micheler and Heyde indicated in Micheler and von der
Heyde (2016) that a new system combined with blockchain can reduce custody risk
and achieve the same level of transactional safety. Besides, blockchain-based smart
contract enables the decentralised autonomous organisations (DAO) to engage in
business-work collaborations. A highly dependable DAO-GaaS conflict model (Norta
et al., 2015) was proposed to safeguard business-semantics induced consistency rules.

4.2 Internet of things (IoT)

Internet of things (IoT), one of the most promising information and communication
technologies (ICT), is ramping up recently. IoT is proposed to integrate the things (also
named smart objects) into the internet and provides users with various services (Atzori
et al., 2010; Miorandi et al., 2012). The typical killer applications of IoT include the logistic
management with Radio-Frequency Identification (RFID) technology (ISO, 2013), smart
homes (Dixon et al., 2012), e-health (Habib et al., 2015), smart grids (Fan et al., 2013),
Maritime Industry (Wang et al., 2015), etc.
Blockchain technologies can potentially improve the IoT sector.

• E-business. Zhang and Wen (2015) propose a new IoT E-business model and realise
the transaction of smart property based on blockchain and smart contract. In this
model, distributed autonomous corporations (DAC) is adopted as a decentralised
transaction entity. People trade with DACs to obtain coins and exchange sensor data
without any third party.
• Safety and privacy. Safety and privacy preservation is another important concern for
IoT industry. Blockchain can also help in improving privacy in IoT applications. In
particular, Hardjono and Smith (2016) proposed a privacy-preserving method for
commissioning an IoT device into a cloud ecosystem. More specifically, a new
architecture was proposed in Hardjono and Smith (2016) to help the device to prove
its manufacturing provenance without the authentication of the third party and it is
allowed to register anonymously. Besides, in IBM (2015), IBM unveiled its proof of
concept for Autonomous Decentralised Peer-to-Peer Telemetry (ADEPT), which is a
system using blockchain technologies to build a distributed network of devices. In
ADEPT, appliances in the home would be able to identify operational problems and
retrieve software updates on their own.

4.3 Public and social services

Blockchain can also be widely used in public and social services.

 Blockchain challenges and opportunities: a survey 365
• Land registration. One of the typical blockchain applications in public services is the
land registration (NRI, 2015), in which the land information such as the physical
status and related rights can be registered and publicised on blockchains. Besides,
any changes made on the land, such as the transfer of land or the establishment of a
mortgage can be recorded and managed on blockchains consequently improve the
efficiency of public services.
• Energy saving. Besides, blockchains can be used in green energy. Gogerty and Zitoli
proposed the solarcoin (Gogerty and Zitoli, 2011) to encourage the usage of
renewable energies. In particular, solarcoin is a kind of digital currency rewarding
solar energy producers. In addition to the usual way of getting coins through mining,
solarcoins could be granted by the solarcoin foundation as long as you have
generated the solar energy.
• Education. Blockchain is originally devised to enable currency transactions to be
carried out in trustless environment. However, if we regard the learning and teaching
process as the currency, blockchain technology can potentially be applied to the
online educational market. in Devine (2015), blockchain learning was proposed. In
blockchain learning, blocks could be packed and placed into blockchain by teachers
and the learning achievements could be thought as coins.
• Free-speech right. Moreover, blockchain can be used to secure internet infrastructure
such as DNS and identities. For example, Namecoin (namecoin, 2014) is an
experimental open-source technology that improves decentralisation, security,
censorship resistance, privacy, and speed of DNS and identities (namecoin, 2014). It
protects free-speech rights online by making the web more resistant to censorship.

Blockchains can also be used for other public services such as marriage registration, patent
management and income taxation systems (Akins et al., 2013). In the new public services
integrated with blockchains, mobile devices with digital signature embedded may replace
seals to be affixed on documents, which are submitted to administrative departments. In this
way, extensive paperwork can be greatly saved.

4.4 Reputation system

Reputation is an important measure on how much the community trusts you. The greater
your reputation, the more trustworthy you are regarded by others. The reputation of a person
can be evaluated on his or her previous transactions and interactions with the community.
There is a rising number of cases of personal reputation records falsification. For example,
in e-commerce, many service-providers enroll a huge number of fake customers to achieve
a high reputation. Blockchain can potentially solve this problem.

• Academics. Reputation is important to academics. Sharples and Domingue (2015)

proposed a blockchain-based distributed system for educational record and
reputation. At the beginning, each institution and intellectual worker would be given
an initial award of educational reputation currency. An institution could award a staff
by transferring some reputation records to the staff. Since transactions are stored on
blockchain, all the reputation change could be detected easily.
• Web community. The ability to assess the reputation of a member in a web
community is very important. Carboni (2015) proposed a reputation model based on
366 Z. Zheng et al.
blockchain, in which a voucher will be signed if customer is satisfied with the service
and would like to give a good feedback. After signing a voucher, a service provider
needs to take extra 3% of the payment to the network as the voting fee to discourage
the Sybil attack. A service provider’s reputation is calculated based on the amount of
the voting fee. Dennis and Owen (2015) proposed a new reputation system that is
practically applicable to multiple networks. In particular, they created a new
blockchain to store single dimension reputation value (i.e., 0 or 1) from the
completed transactions. Take the file sharing as an example. Entity A sends a file to
entity B. Upon receiving the file, B sends a transaction consists of the score, the hash
of file and private key of B to verify the identity. Then, the miners contact A and B to
confirm that the transaction happens with no suspicion. Since transactions are stored
on blockchain, reputation records are nearly impossible to tamper.

4.5 Security and privacy

• Security enhancement. We have seen the proliferation of various mobile devices and
various mobile services, which are also exhibiting their vulnerability to malicious
nodes. There are a number of anti-malware filters proposed to detect the suspected
files through pattern matching schemes, which a central server to store and update
the virus patterns. However, these centralised countermeasures are also vulnerable to
malicious attackers. Blockchain can potentially help to improve the security of
distributed networks. In particular, Charles (Noyes, 2016a) proposed a novel
anti-malware environment named BitAV, in which users can distribute the virus
patterns on blockchain. In this way, BitAV can enhance the fault tolerance. It is shown
in Noyes (2016a) that BitAV can improve the scanning speed and enhance the fault
reliability (i.e., less susceptible to targeted denial-of-service attacks). Blockchain
technologies can also be used to improve the reliability of security infrastructure. For
example, conventional public key infrastructures (PKIs) are often susceptible to
single point of failure due to the hardware and software flaws or malicious attacks.
As shown in Axon (2015), blockchain can be used to construct a privacy-aware PKI
while simultaneously improving the reliability of conventional PKIs.
• Privacy protection. In addition to the increasing risk of the exposure of our private
data to malwares, various mobile services and social network providers are collecting
our sensitive data. For example, Facebook has collected more than 300 petabytes of
personal data since its inception (Vagata and Wilfong, 2014). Usually, the collected
data are stored on central servers of service providers, which are susceptible to
malicious attacks. Blockchain has the potential to improve the security of privacy
sensitive data. in Zyskind et al. (2015), Zyskind et al. propose a decentralised
personal data management system that ensures the user ownership of their data. This
system is implemented on the blockchain. The system can protect the data against
these privacy issues:
• data ownership
• data transparency and auditability
• fine-grained access control.
A similar system based on blockchain technology was also proposed to securely
distribute sensitive data in a decentralised manner in ethos (2014).