Dawn of indisputable trust, does Blockchain guarantee security?

By Krzysztof Bury, Bartosz Dluzen, Maciej Marut

After couple of articles describing what is essential to build Blockchain Team and some initial expert questions that are needed to be answered, we are getting back to more technical part of blockchain — security. As topic is big and one article is not enough to cover all the points, below you can find list of topics that will and won’t be part of this article.

What you can expect in this article:

• Introduction to security principles of blockchain
• Description of security approach in proof of work blockchain implementation (based on Bitcoin example)
• Most common security problems when it comes to cryptocurrencies

What won’t be part of this article:

• Difference in terms of security in most commonly used consensus algorithms
• Differences in terms of technical implementations between different blockchains
• Most secure way to store cryptocurrencies
• Best cryptocurrencies exchange platform in terms of security
• Blockchain security in private implementations

The Security Principles of Blockchain (public)

• Decentralization —anyone in the network can serve as a node, meaning responsibility and control is in the users hands;
• Trust — if there are no 3rd Trusted Parties, then who is building trust between all of the participants — consensus algorithm chosen for the network;
• Openness — network is public to everyone. Meaning everyone can see every transaction and track / follow participants public keys — however as long as keys are not correlated with particular personal details one may say that “it is anonymous”

Proof-of-Work

Consensus behind biggest blockchain network — Bitcoin — “is essentially one-CPU-one-vote” [1].

In Blockchain, this algorithm is used to confirm transactions and generate new block in chain. “Miners” compete against each other to get the reward, by trying to solve a complicated mathematical puzzle. Once puzzle is solved, new block is being formed (by miner that successfully solved the puzzle)

Algorithm implementation based on Sathoshi whitepaper

Simplified view (perfect explanation of proof-of-work algorithm from Cointelegraph):

Image copied from Cointelegraph portal. Original link: https://cointelegraph.com/explained/proof-of-work-explained

Having above in mind — each block is connected to all the blocks before and after it — this makes it difficult to tamper with a single record because one would need to change the block containing that record as well as all previous blocks to avoid detection (meaning re-do all the work done during PoW previously).

There is one more thing to remember blockchain is a peer-to-peer decentralized network, in Bitcoin example each new block is created every 10 minutes (with different transactions in it). For public blockchain network attacker would need to alter network state in 51% of nodes in network and it would need to be done in almost the same time, as changing just some of them will end in excluding these altered ones as invalid nodes.

The Problems

• Third-party systems — as secure as blockchain may be on the paper in some cases it all comes down to how it is being used. One of the most notorious cases is hard fork of Ethereum done due to the exploited by hackers vulnerability in the DAO code [2].
• Public and Private keys — in blockchain network public and private keys are our credentials, and we should treat them with needed respect. If public key will be associated with your personal data (name / last name) all your transactions in public blockchain are going to be easily tracked by anyone with such information, are you ready for complete transparency. Now going one step further, if you want to also transfer all your cryptocurrency assets to other parties feel free to share your private key. Keys are a complex cryptographic things, but our characters (sorry for generalizing) are not, and in blockchain world same as in any other attacker can use different technics (phising, socio-technics etc.) to get what he wants.
• Openness, Availability and still a bit of complexity — with introduction of Ethereum, blockchain as a technology is much more friendly for developers. Basically anyone can join and create simple decentralized applications using smart contracts, Solidity etc.. As with any other code done by developers, it may have its flaws. In blockchain world such “flaw” may have quite serious consequences as this is not a fairly straightforward database where appropriate SQL UPDATE will solve the problem (point 1 above).

Summary

As with each technology (especially “new” one) there is no clear answer to question if it is fully secure. Blockchain in its core was meant to be secure so that everyone could trust it, but as described above, it may not be the technology itself that will cause problems and havoc. In the end it all comes down to:

• us — people — that will use this technology
• us — developers — that will create decentralized applications
• us — architects — that will make or advise on decisions whether use / create a public or private blockchain or to go with Proof-Of-Work or any other consensus algorithm.

Blockchain as any other technology will not sort everything for us — it may and it is helping in establishing trust and in making the network secure, however it is not bulletproof especially when it comes to us being reckless. We would imagine that like with any other community based solution it requires a community to continiously work against people trying to attack it’s principles.

Read more:

[1] Bitcoin: A Peer-to-Peer Electronic Cash System — Satoshi Nakamoto

[2] http://deadline.com/2017/11/big-hack-freezes-156m-in-funds-damaging-some-entertainment-startups-1202206411/

[3] https://cointelegraph.com/explained/proof-of-work-explained