Decentralization has become a buzzword with many people using the term to describe networks that may not be decentralized. In this blog, we will explain the differences between Centralized, Decentralized, and Distributed Networks.
How do they work, what are the pros and cons of these technologies?
A Centralized Network is one in which all data storage and processing are completed on a specific server. Users of the network then query this server rather than processing and storing data themselves.
First and foremost comes ease of use. Centralization has been the status quo for web technology thus far. Everything from Amazon to Slack is centralized. These apps and websites are easy to use, for example, when a bug is introduced, the engineers can deploy a fix quickly. In explaining blockchain technology, we often speak about centralized control as a negative, but that is not always the case. As with most other technology choices - there are trade-offs.
Centralized networks are also significantly less expensive to maintain than their decentralized counterparts. This is in part because when rolling out updates or fixing issues, they just need to update the host server and not each individual node. For many businesses and users alike, centralized networks may be cheaper and easier to use.
Centralized control is the most common gripe technologists - especially those pushing for greater privacy and security - have with traditional web infrastructure. There have been many instances of large companies suffering major data breaches that affect their customers. For example, in 2017, Equifax suffered one of the largest data breaches ever. Over 150 million Americans had their Personal Identifiable Information (PII) - data ranging from date of births to credit scores to social security numbers - stolen. Could this have happened with a Decentralized Network? The answer is yes, but the amount of effort it would take to obtain the same data from decentralized storage could be magnitudes higher.
Single points of failure are another major issue with centralized systems. Should the server hosting all of the data suffer downtime - the entire network grinds to a halt. Frequently centralized networks will hire a security firm to do Penetration Testing as they understand that their services are vulnerable to many types of attacks that decentralized systems may not be prone to.
A Decentralized Network is a network in which the ‘state’ is stored on many different computers/servers owned by different people. Instead of everyone querying one server for data and processing, each ‘node’ holds the entire database and then the nodes check their version of the database against each other to achieve ‘consensus’. One of the major innovations of the Bitcoin White Paper was the Proof of Work consensus mechanism. This is an algorithm that allows individual nodes to maintain consensus with each other.
First and foremost is security. Changing information in a database that is stored on thousands of unique hosts takes much more time and effort than changing information stored on a centralized server. For the Proof of Work consensus mechanism to fail it would take 51% of the total nodes reflecting the incorrect information. For this to happen an attacker must access or own 51% of the nodes. In the case of Bitcoin, this would be incredibly difficult as there are thousands of unique nodes. While security can be a pro of decentralization, we can’t forget that there are many instances of essential smart contract auditing and security missing, leading to losses of funds all across the blockchain space.
Maintaining correct information isn’t the only potential security benefit of strong decentralization. DDoS (distributed denial of service) attacks are extremely common in the Web 2.0 environment. Strong decentralization of a network can mitigate the potential for DDoS attacks. We recently saw Solana, a Layer 1 blockchain suffer downtime due to a DDoS attack. Theoretically, strong decentralization should mitigate the potential for single points of failure but when decentralization is weak this may not be the case.
Beyond security, another major benefit is removing intermediaries. In decentralized financial systems, for example, you can lend or borrow money without going through a centralized entity such as a bank. AAVE is a project that allows you to do just that - borrow or lend cryptocurrency with the only fees going to other decentralized participants of the ecosystem. Many people are unable to get loans in the centralized financial system today, some of those people would be able to borrow money through decentralized apps (dApps).
User experience is a major barrier to entry for the decentralized and Web 3.0 world today. The applications are not straightforward to use, the concepts can be difficult to grasp, and in general blockchain technology is often not well explained.
Another con of decentralized networks is the environmental impact of the Proof of Work consensus mechanism. Maintaining state through Proof of Work requires a lot of energy usage which many governments have pushed back against. This is because in the case of Bitcoin, the Proof of Work algorithm adjusts the difficulty of solving the algorithm to maintain a block time of about 10 minutes.
High maintenance costs are also associated with decentralized networks. To maintain a decentralized network, you need thousands of computers exerting lots of energy. To incentivize these ‘miners’ to host their copy of the database, they need to be paid more than it costs for them to run this. Network fees (transaction fees for example) are spread among the miners rather than a centralized entity such as a company that may otherwise offer a similar service in a centralized manner.
Finally, decentralized networks are prone to different types of attacks than centralized networks. Since the rise of decentralized financial systems, malicious actors have stolen billions of dollars. The rise of smart contract auditing (and smart contract security firms) has come as a direct result of these attacks. Smart contract auditing is a necessary step to improve the security of smart contracts. An audit isn’t a silver bullet, but the majority of projects who suffered losses in 2021 were unaudited.
There is another type of network that sits somewhere in between centralization and decentralization. These are called Distributed Networks. A distributed network is a network that like a decentralized network shares the resources among many different computers in different locations. However, unlike a decentralized network, distributed systems may not require that each node host all of the data independently. The nodes effectively share the work and spread out the resources.
Increased transparency is a key feature of distributed networks. With each node having equal access to the data, it is very difficult to change information in the network.
Similar to decentralized networks, security is also stronger in distributed networks. This is because there aren’t centralized points of failure on the network.
Maintenance costs of distributed networks are much higher than centralized networks. Depending on the implementation they can be similar or less expensive than decentralized networks.
A feature of distributed and decentralized networks is that it can be difficult to achieve consensus - this is a feature, but oftentimes a con for companies weighing the options of how to build a new system.
Similar to decentralized networks, distributed networks are vulnerable to new types of attacks. Smart contract auditing firms can offer their services here as they are the most familiar with decentralized vectors of attack.
Understanding when to use each of these types of networks is a complicated question. There is no golden rule to stick to. By understanding the pros and cons of each type of technology - you can make better decisions. Whether it be Penetration Testing for centralized networks or Smart Contract Auditing for decentralized networks, choosing the right technology and taking the right security precautions will ensure greater success in securing smart contract, blockchain and DApp projects.