Back to all stories
The Blockchain Trilemma: Decentralized, Scalable, and Secure?
The Blockchain Trilemma: Decentralized, Scalable, and Secure?

Blockchain projects are known for their vision and ambition, but what they prioritize and what they’re known for can vary. Normally, projects rotate around three core concepts: decentralization, scalability, and security.

Termed by Vitalik Buterin, the Blockchain Trilemma addresses the challenges developers face in creating a blockchain that is scalable, decentralized, and secure—without compromising on any facet.

In this trilemma, the concept is that blockchains are forced to make trade-offs that prevent them from achieving all 3 aspects:

  1. Decentralized: creating a blockchain system that does not rely on a central point of control
  2. Scalable: the ability for a blockchain system to handle an increasingly growing amount of transactions
  3. Secure: the ability of the blockchain system to operate as expected and defend itself from attacks, bugs, and other unforeseen issues

While some developers believe that the blockchain data structure itself has inherent limitations that prevent it from scaling, many architects (including CertiK) believe that it’s possible to build a blockchain project that hits all three targets–without needing to compromise.

The Trilemma’s Fundamental Elements


Decentralization is a core component of blockchain. In traditional finance, the system is entirely centralized. Customers pass control of their assets to banks, from their personal documentation to their assets themselves, for the banks to handle with full control.

Bitcoin and other early cryptocurrencies offered a decentralized and transparent alternative, serving as the issuance and storage of money, without the need for a centralized entity. To learn more about decentralization in Bitcoin, read up on here for our series on how bitcoin works.

Decentralized systems matter because they empower permissionless ownership, where anyone can use and build on the platform. Decisions are made by consensus, which means transactions are approved by a group of nodes, as opposed to an individual node.

Once these transactions are verified by consensus, they can’t be altered after the fact. Therefore, risk isn’t placed in one central entity, and trust doesn’t rely on another individual when conducting a transaction.

The trade-off of pure decentralization, however, is speed. If a transaction requires multiple confirmations before reaching consensus, then inherently, it would take longer than if a transaction can be confirmed by a single entity. Bitcoin is known to be robustly decentralized but, at the same time, pretty slow.


Scalability is important for mass adoption. It’s the question of how much a blockchain system can sustain, and whether the system can operate smoothly as demand increases.

Let’s use EOS, a blockchain project focused on scalability, as an example. Currently, the current maximum throughput of EOS is claimed to be around 4,000 TPS, or transactions per second (compare that with Bitcoin, which sits at a sluggish average of 4). More importantly, the EOS whitepaper describes the track for EOS to process millions of transactions per second in the future.

Comparatively, Visa handles an average of 63,000 TPS. If EOS can fulfill its promise of scalability, it can create a network superior to a major international credit service. Not bad!

But as the trilemma suggests, there is a trade-off. EOS serves as an example of what a focus on scalability may offer, but it has received criticism for being too centralized.


As a novel, promising technology looking to make its name by improving existing infrastructure, the security of a blockchain system is paramount.

With the barrage of high-profile hacks of exchanges and manipulated vulnerabilities in source code, it’s evident that many crypto projects had chosen to focus on decentralization and scalability, leaving security behind.

Blockchain ecosystems, for all their upsides, hinge on the strength of the underlying source code; like anything else, it must be carefully examined.

Due to the transparent nature of the source code and the potentially lucrative benefits one can receive from conducting a successful attack, blockchains have become prime targets for hackers.

While scalability focuses on the upside, security prevents the downside—something just as important, but all too often forgotten. Promising blockchain use cases have faced setbacks that stifled their growth, such as the notorious DAO attack, which was the result of improper source code security.

Is It Really a Trilemma?

Firstly, it’s important to note that the Trilemma is just a model to conceptualize the various challenges facing blockchain technology. There is no law stating that the 3 aspects cannot be achieved. But to date, teams have worked on different approaches in an attempt to maximize decentralization, scalability, and security.

The CertiK Foundation believes that the Trilemma may actually be better conceptualized in a pyramid. The base layer is the fundamental layer that upholds all others–security. Without it, decentralization may be corrupted and scalability may be short-lived. The CertiK Foundation is working on a constructive approach: building a certified blockchain, the CertiK Chain, from scratch—allowing developers to code with confidence by providing the most robust, security-focused blockchain in the world.

Security will create the groundwork for both decentralization and scalability to flourish. Decentralization is a process that takes time, and scalability is an aspect that should always be improving. The CertiK Foundation believes that security is uncompromisable; built by experts of fully trustworthy and secure software, the CertiK Chain prioritizes security, first and foremost.

The blockchain world has long awaited the full-fledged adoption of blockchain technologies by established enterprises, which often cite a lack of scalability as the primary hindrance. While a lack of scalability may certainly be a factor, a lack of reliable security would certainly be a heavy contributor to this reluctance.

As opposed to startups, large enterprises are more risk-averse because they have a lot more to lose. For that reason, it's imperative that enterprises can fully trust new technologies before incorporating them into their systems. The CertiK Chain will strengthen trust by providing machine-readable proofs that can be checked independently for full transparency of code security.

Regardless of the shape of the Trilemma, it’s difficult for any blockchain system to effectively achieve decentralization, scalability, and security all at once. The CertiK Chain is unique in its prioritization of security above all else; by establishing a strong fundamental layer, the possibilities are endless.

To learn more and to get involved with the CertiK Chain, visit the CertiK Foundation's website: