Accenture has recently been causing waves by a reported patent application for a blockchain system that allows blocks included in the chain to be edited later on, thus violating one of the core concepts of blockchains, namely that they are immutable and tamperproof. I’ve not been able to find the patent application, but the mention of “chameleon hash functions” in some of the news reports I think gives enough information to deduce what they may be getting at:

A standard cryptographic hash, such as SHA256 used in creating hash-chains for blocks in Bitcoin for example, has the property that the hashes are collision resistant (two different data inputs will not produce an identical hash, or rather the probability of an identical hash output is so low that it’s effectively zero), and the only way to produce a specific hash output is to brute-force it by trial and error, altering the data input slightly with a nonce until you get the desired hash output. Given that the chance of getting exactly the hash you want is 1 in 2^256, this is impractical.

A chameleon hash function is a cryptographic hash function with the following interesting property: it has associated public and private keys such that:

  1. anyone who has a public key of the chameleon hash function can create hashes, and the function acts like a normal cryptographic hash function – it’s collision resistant.
  2. however, anyone who has a private key of the chameleon hash function can create hash collisions at will.

The new blockchain system is then configured to use the chameleon hash function for linking the blocks, instead of a standard cryptographic hash function. A normal user of the system can create blocks, e.g. through a proof-of-work exercise using the chameleon hash function as the work intensive part. However, a “power user” of the system who has a private key, can instantly create a valid block.

acham001

An upshot of this is that a power user can remove an earlier accepted block, edit it, and generate the same hash output that the original block had. This means they can then drop the new block into the chain in place of the old block. The blockchain is “editable” by power users.

The downside is that if the private key of the chameleon hash function is compromised (or if any power user is untrustworthy), the whole system is entirely untrustable.

In which case, why not just use a standard database system?

Update: Although I am still unable to find the patent application document, I’ve determined that that the inventor is “Giuseppe Ateniese”, whereas all the news reports name him “Giuseppe Anteniese”. The publications are supposedly (US 15/253,997) and (EP 164 250 86.2), but Espacenet and US PAIR aren’t returning anything on these.