If I understood correctly, private blockchains are either managed/validated by a centralized trusted party or a few validators. All in all, a 51% attack should be possible due to the small network size.
For example, this is acknowledged by this whitepaper.
As you can see from the two examples above, both private blockchain models require the presence of a trusted intermediary, ..
But they, then argue, that a private blockchain is better than a regular centralized database because those are not immutable and don't include digital signatures.
I agree with them, but why not just add those two attributes to a centralized database? Design the protocol, where:
- Every user signs their transaction $T$ to get $T_{sig}$.
- To add the transaction $T_{sig}$ to the database $D_{t_i}$ which has been signed as $S_{t_i}$ at the current time $t_i$ the authority:
- First validates if it is correct (e.g. in case of a currency, if the wallet has enough funds)
- Appends the signed transaction to the database to get $D_{t_{i+1}}$ and signs and hashes the new state as $S_{t_{i+1}} = \text{SHA256}(S_{t_i}, T_{sig}, \text{sig}_\text{auth})$, similar to how git recursively defines their hash sums. Where $\text{sig}_\text{auth}$ is the key of the central authority.
- Publishes the new state of the database to all interested parties.
This fixes the both mentioned problems of immutability and signatures and already sounds like a blockchain but is missing an important piece: Proof of Work (or alternatives).
So why include proof of work if it is worthless anyway?
Sorry for the probably wrong notations. This is not my field of expertise.
