This doesn't really make sense to me, an example would be helpful. Also, wouldn't it be trivial for a "vetted but not trusted" party to mount a 50% attack against the private blockchain since there is very little hashing power backing up the network?
The private blockchains are generally using proof of stake protocols like Tendermint, or just classical byzantine fault tolerant protocols instead of proof of work. These protocols can be trusted if at least 2/3 of the participants can be trusted and there is no hashing involved at all.
They are generally replacing trusted third parties like clearinghouses. Instead of needing to trust (and pay for) a third party clearinghouse running a centralized db, these enterprises just need to trust that 1/3 of the participants in the consortium running the blockchain won't collude to attack the protocol. And even if there is an attack, there will be a big paper trail.
You may ask "why not just use a BFT database system with signed logs?" Well, this is what a blockchain basically is, wrapped in a package with a bunch of other stuff.
Say BOA, Citi, Goldman Sachs etc want to create a settlement network on blockchain. By using a centralized service, it would result in them trusting a third party (which they currently do) but by using the blockchain, they don't have to rely upon each other, and they all take equal responsibility.
Any entity which can mount a 50% attack in a private permissioned blockchain, would be known to all participant. Average Joe isn't mounting such an attack, because his key doesn't really have write access to the blockchain, only read access.
I was completely on board until the second paragraph. Isn't this almost exactly the argument the DAO used?
It seems like in cases where extremely large amounts of money are at risk, we still haven't developed computers that should be completely trusted with it.
I was completely on board until the second paragraph. Isn't this almost exactly the argument the DAO used?
No. The DAO attack wasn't a 50% attack - it was a bug in the contract.
It seems like in cases where extremely large amounts of money are at risk, we still haven't developed computers that should be completely trusted with it.
What is the purpose of a "private blockchain"? Why not just use a traditionally centralized application if your organization is the only user?