When people start talking about blockchain they often mix up the security models with consensus algorithms. If you’ve ever scratched your head when these terms start getting thrown, around this post is for you.
Every IT system has some type of security model. Security models answer the question, “how will this system grant access to “good” actors and limit the damage that “bad” actors can do”. In the traditional world of networked computing, this is often achieved through a role-based access control (RBAC) model. Typically these systems rely on establishing shared communal trust in a trusted certificate authority and X.509 certificates.
The internet domain name system is somewhat more complex but follows this basic paradigm with the Internet Corporation for Assigned Names and Numbers (ICANN) being responsible for the central issuance of certificates that enable your browser to resolve human-readable internet addresses. As with Blockchain systems here, governance is key to the functioning of the security model. There are many other types of centralized security which are regularly used for military command and control systems as well as access control for civilian infrastructure.
As you can see, these are large categories that describe how access control is organized and how computer systems in the system arrive at their individual or collective states. These models do not however stipulate the specific technologies or algorithms to be used. Proof-of-Work, Proof-of-Stake, and Proof-of-Authority are types of security models, not actually consensus algorithms.
There are at least half a dozen popular implementations of consensus algorithms that utilize a PoW model. Check out this post from Jan Vermuelen to learn more about the varieties of PoW algorithms. The main thing that changes between these algorithms is the Hashing algorithm that they rely upon. Usually, the algorithms are named after the hashing algorithm they employ.
Although PoS, PoW, and PoA are the primary security models in the blockchain space there’s no limit on the type of security models that is possible and each of the security models has dozens of different implementations (and hybrids).
This post was originally published on Datarella by Rebecca L. Johnson