Learn why Blockchain is not the optimal solution for digital certificates and why governmental institutions are warning about its usage
Virtual badges, certificates, awards, and participation tokens are focal points of the current educational industry.
Historically certificates mainly served the important purpose of carrying the information of an acquired skill or competence for a trained individual. In other words, certificates enabled participants to provide proof of their participation in educational measures. By providing certificates, we were able to build a competent society that was quickly and efficiently able to validate an educational background. For a very long period of time, this process didn’t need to be reinvented or changed.
[Digitization: improvements & new opportunities for certificates and badges]
That is until digitization started to open new doors. Some of these doors eradicated weaknesses of the analog certificates (for example costly manual processes, handling fees for printers, error-prone validation processes) and others opened entirely new opportunities (for example integration into social media for gamification, skill-matching, and secure instant sharing with third-parties).
The resulting specific advantages are extensive. Educational providers are benefiting from a more professional appearance, a better organized and easier administration of the certificates, a great recipient experience, and first and foremost efficient, automatized, and cheaper processes.
[Blockchain: A technology made to complement digital certificates?]
Not many technologies managed to raise as much awareness in the last decades as blockchain did. It was the Nr. 1 term to use to get investors' attention between 2012 and 2018. Decentralized, secure, technologically sophisticated, and most important trendy.
In a nutshell, the blockchain describes a chain of transactions held in records and on many different servers, making it difficult to tamper with the system.
Sounds quite technical and complex right? Don’t worry. The idea behind it is actually quite simple.
Let’s go through an easy example: imagine you are going on a trip with 10 friends and together you have 1,000 USD for the entire group. Everybody keeps a list of all payments that everybody is making. Now we are adding one more rule: for every payment, all records need to be compared and simultaneously updated. That means everybody always has a record of all transactions and who took them. Now let’s assume that friend Nr. 3 (let’s call him Tom) had a great date night with someone he met during the trip. He spends 120 USD in a great restaurant and 30 USD on a movie at the cinema.
Tom decides that he doesn’t want the transaction to be under his name. Because he doesn’t want to repay his friends later on. Therefore he claims that friend Nr. 6 (Lisa) got herself a massage for the 150 USD on the beach and changes his record. What’s the problem for Tom? All the other friends have untampered records and can validate that Tom’s wrong.
The same applies to the blockchain. Decentralization of information and constant validation of the entire system makes tampering with it practically impossible.
Isn’t that also the Nr. 1 requirement for digital certificates in the educational industry? Tamper-proof and decentralized documents? Well,… as always it is not as easy as it seems.
For the, more or less, 10 years of reported usage of blockchain technology for digital certificates, many problems got to the surface and seemingly increased over time. To decrease the complexity of the topic I am breaking down the problem into 3 main points:
As discussed in the paragraph above, one major characteristic of the blockchain is the longevity and persistence of information. Centralized changes of any form are practically impossible to make. This is not always optimal. According to the European GDPR law, there is a right to erasure (a.k.a. “right to be forgotten”). An individual should always have to possibility to demand full data deletion.
The BSI (Federal Office for Information Security Germany) released an in-depth e-book with regard to the challenges of implementing blockchain and stated that “blockchain by itself doesn’t solve security issues” and that the correct measures with regard to sensitive data are absolutely crucial.
Is the blockchain a tool to improve a great service and provide benefits to its users? Or is it a marketing gimmick that raises awareness and makes money from investors easier accessible for young high-growth startups?
Without going too deep into this topic, it is clear that the internet drastically changed the venture capital market. Young internet startups are running on losses to achieve rapid growth with investor money. There is nothing wrong with that. However, this game is not always optimized for results and for customer value. The past has shown that recent and PR-effective technologies are often name-dropped and forcefully implemented to raise more interest for investors and venture capitalist firms.
Therefore a lot of customers from VC-backed certificate providers such as Credly and Accredible are complaining about over-priced services further indicating the critical cost driver of the buzzword technology “Blockchain”.
All aspects considered, Blockchain technology has been tested in the context of digital credentials and certificates and does not form an optimal solution. As mentioned before the “blockchain alone does not solve security problems” and “sensitive data with long-term protection needs must be specially protected in a blockchain,” states the German Federal Office for Information Security (BSI) in an official advisory. Consequently, the use of blockchain would be only complementary to cryptographic methods which are by far less expensive to implement and that don’t increase overhead and costs at the same level by far. In an interview with Mr. Marcel Roth of the Mitteldeutscher Rundfunk (MDR) Saxony-Anhalt, the Federal Office for Information Security explicitly warned against the use of Blockchain for digital certificates.
[https://www.mdr.de/nachrichten/sachsen-anhalt/digital-zeugnis-blockchain-hintergrund-100.html#sprung0. Retrieved 08/26/2022.]
To protect digital files (certificates, diploma supplements, etc.) against manipulation, technical measures are implemented in the form of digital signatures. Digital signatures are asymmetric cryptosystems that use a private key to generate a signature from a file. This digital signature, together with the public key and the original file, confirms the authenticity of the certificate at the technical level. This technology is basically the foundation of the entire internet: credit card payments, encrypted communication, and much more.
Background of this technology:
Digital signatures are widely used. Asymmetric cryptosystems are used, for example, to secure network protocols such as SSH (Secure Shell). Digital signatures form the technical basis of electronic signatures in the legal sense according to Art. 3 №10 to 12 of the eIDAS Regulation.
Digitally signed certificates and credentials are already issued at Virtualbadge.io in the private sector with well-known educational institutions. The key advantages of this technology are that the data sovereignty is always with the customer. Data can be deleted and GDPR regulations can be followed at all times without future problems. Furthermore, the data that is legally aggregated is not with Virtualbadge.io as a technology provider, but with the customer. That means that the recipients of certificates do not need to create any account to access a certificate or have any other barriers and bad user experiences.
[https://www.bsi.bund.de/DE/Themen/Oeffentliche-Verwaltung/eIDAS-Verordnung/eidas-verordnung_node.html. Retrieved 08/26/2022.]
The scope of application of digital signatures has not only been proven by the above information but has also been proven in actual use over many years. Thus, the use of digital signatures can be deployed quickly and cost-effectively.
Digital certificates are the future with the following concrete advantages:
- easier administration (access rights, resending, tracking)
- more affordable handling (sending, creation, etc.)
- secure validation and tamper-proof certificates
- professional appearance on the market
- centralized expiration management
- better recipient experience
What’s the role of Blockchain? Blockchain is a technology that provides a tamper-proof infrastructure by holding decentralized transaction records.
The reported problems of the Blockchain:
- Data persistence — directly against the GDPR regulation of the EU
- Extra security measures are needed for sensitive data (+ overhead + cost)
- More computing power needed (+ overhead + cost + environmental implications)
- Only complementary with little added value to the general cryptographic encryptions (+ overhead + cost)
Alternative technology with a proven fit and optimal value:
Advantages of Digital Signatures:
+ widely used and globally recognized
+ foundation of the internet’s security
+ minimum overhead and cost for maximum security
+ centralized data deletion possible for GDPR compliance
* You can find the organisation ID in the URL when you access your LinkedIn Company page as an admin.
Founder and CEO
Sep 6, 2022
6 min
Use Virtualbadge.io to design and send digital certificates that create trust - in less than 10 minutes.