Debunking Blockchain Security — an ETC Labs Event

An Interview with the Panelists

ETC Labs is hosting a Debunking Blockchain Security event, tackling the common myths and misunderstandings surrounding blockchain securities. Join us as we debunk and answer questions about security protocols in blockchain.

We had a chance to speak with the panelists and learn more about blockchain security and the common misunderstandings:

David Kuchar — Coral Protocol

Ken Sedgwick — basezero

Nick Sullivan— Cloudflare

Mike Lubinets— ETC Labs Core

ETC Labs Core

What does Blockchain Security mean to you?

Mike Lubinets

The most important part of security in modern Ethereum blockchains is the unambiguous and, most importantly, mathematically sound specification, and a powerful test-suit for clients that would minimize the chance of unintentional network forking caused my implementation misfeatures. PoW does a good job of minimizing the impact of misbehaving clients, but the critical specification bug can lead to the disastrous effect for the whole network.

Ken Sedgwick

Blockchain security involves a significant change in the roles of its participants; users gain many rights involving transparency and fairness, but must accept and manage new responsibilities regarding security.

Nick Sullivan

Computer security is a large field, but it can be boiled down to a set of principles such as confidentiality, integrity, and availability. Software systems that are considered secure should provide properties that ensure that the management of data should follow these principles. Blockchain security is the practice of applying these principles to systems managed not by traditional software systems but by distributed ledgers and analyzing how well such systems hold up under adversarial conditions. Blockchains are a useful tool for providing integrity to other systems, so Blockchain Security could also refer to the use of Blockchain to achieve security properties in other data systems.

Which security aspects does blockchain enable that are not possible otherwise?

David Kuchar

Blockchain enables Coral to trace the history of transactions and evaluate the trustworthiness of an address independent of the trustworthiness of a particular person. Blockchain enables fraud reduction based not behavior rather than personal identity.

Mike Lubinets

The most important blockchain security feature is that it’s a zero-trust public network.

Nick Sullivan

What blockchain provides is a write-only database that can be cryptographically validated and maintained by a distributed set of administrators. This provides a high degree of integrity that is difficult to obtain with a centralized system.

Ken Sedgwick

Blockchain systems generally offer market participants the ability to evaluate smart contract code and state. This transparency combined with blockchain immutability provides unique opportunities for the development of fairness in business protocols.

Photo by Rye Jessen on Unsplash

What is the most common myth around Blockchain security?

Nick Sullivan

One common myth around blockchain security is that blockchains provide confidentiality by default. Another misunderstanding is that the only way to get the integrity benefits of a Blockchain is to use a public ledger such as Bitcoin. The performance and cost implications of public blockchains can be unappealing for traditional applications.

Mike Lubinets

This goes down to myths about cryptography itself: I have heard a lot of people saying that cryptographic functions are unbreakable, though that’s not true at all, they might be unfeasible to break, i.e costs of the attack would render the attack unprofitable, be that money, computing power or time, but not unbreakable in theory. The other common myth is that 51% attack is a vulnerability exploit, that can be fixed by the developers through the code, while in principle it’s a natural event for PoW blockchains, defined by the theory of PoW consensus.

David Kuchar

Many perceive blockchain to be more suitable to illegal behavior than it actually is. In fact, the nature of blockchain ledgers enable solutions like Coral to reduce fraudulent activity on an unprecedented scale. The belief that blockchain is more suitable to illegal behavior prevents adoption. There is a perception that blockchain transactions necessarily carry more fraud risk than fiat transactions. While fraudulent behavior on the blockchain is widespread today, implementing a solution like Coral facilitates adoption by reducing fraud.

Coral Protocol

Which kind of users will be the first to use blockchain for it’s security?

David Kuchar

Blockchain transactions have the potential to be less prone to money laundering than fiat. In the future, we believe organisations with a high sensitivity to AML compliance will gravitate to blockchain since there will be less AML risk.

Mike Lubinets

There already are users who use blockchain for its security: if one wouldn’t like government to track their transactions — blockchain is the best secure way to do business. I think the most important qualities of blockchain technology that matter for mass adoption are not solely about security: it’s decentralization, immutability and transparency. For instance, the financial securities market is likely to benefit from the blockchain adoption. The next adoption tier based mostly on security, in my opinion, will be the adoption in banking system, but that wouldn’t be a public anonymous network at all, rather the authenticated and a heavily regulated system with a centralized authority (or authorities).

Nick Sullivan

The likely first applications of blockchain for integrity protection is in industries that need to maintain a shared public database across multiple independent organizations. These industries include logistics and supply chain management.

Does governance play a role in security?

Nick Sullivan

Governance in decentralized systems is difficult because the participants are typically not governed by a legal framework, but are instead connected through community-based standards and norms. This means that the risk of forking (participants disagreeing on the protocol and the ledger at a given point) is high, which forces applications to deal with multiple sources of truth. It also introduces additional risks if vulnerabilities being found in specific protocols or smart contract because upgrading a protocol is something that requires coordination and governance.

basezero

What are the trade-offs that blockchain security has to deal with compared to the banking industry?

Ken Sedgwick

Current banking industry technology relies on virtually all transactions being reversible via appeal to a centralized authority. Immutable blockchain systems do not have this luxury and participants must compensate by increasing their operational security to prevent mistakes and theft.

What is the biggest challenge IPFS has to overcome?

Nick Sullivan

IPFS could benefit from a more robust story around a content hosting. The user experience around 3rd-party pinning is primitive and there are no strong incentives for participants to make copies available. Filecoin is intended to help with this problem.

Which recent product or protocol are you most excited about?

Nick Sullivan

The Zcash project is interesting because of the recent progress they’ve made to incorporate strong cryptographic privacy into blockchain systems.

Mike Lubinets

FlyClient is a very exciting technology for thin clients.

David Kuchar

Maker DAO


Want more discussion on the myths of Security in Blockchain?

Ethereum Classic Labs is hosting a panel discussion with speakers from Quantstamp, Cloudflare, Coral, and basezero . If you are in the Bay Area make sure to check out this must-attend event!

Apply for the ETC Labs Accelerator Now!

ETC Labs is holding their second cohort accelerator in San Francisco this summer! Applications are open until May 1st. Learn more at https://etclabs.org