Blockchain is a revolutionary technology, yet its security is often over-exaggerated. While its design does help protect against a variety of different security threats, the technology is vulnerable to attack. In this post, we discuss three of the fundamental security assumptions of blockchain and how they are violated.
(Mostly) Benign Participants
Blockchain technology is designed to create a secure, decentralized, and distributed record of the history of the blockchain system. The way that this is accomplished is by relying on the network of blockchain participants to (mostly) act in their own best interests and in that of the system as a whole.
A lot of blockchain security is based upon incentivizing users to do the right thing. Blockchain wants to make sure that users participate in block creation, so that the system remains decentralized. It does this by providing incentives for creating these blocks in the form of block rewards and transaction fees. To ensure that the creator of each block is chosen in a fair and decentralized fashion, it uses the concept of consensus algorithms.
Blockchain consensus algorithms are built on the principles of security via scarcity and majority vote. In a Proof of Work blockchain, like Bitcoin, the current version of the blockchain is the one supported by the majority of votes. A vote can be thought of as a “share” of a scarce resource that you control, where the scarce resource is computational power or hash rate. The higher your hash rate, the more votes that you have, and the more power that you have over the blockchain.
It’s when a single user or group controls the majority of “votes” (a 51% attack) that this becomes a problem. Blockchain incentivizes good behavior by only providing rewards if your actions are accepted by majority vote (i.e. your blocks are added to the blockchain). If an attacker controls a majority of the votes, they can do whatever they want since their voting power ensures that their actions will be accepted. At this point, blockchain security falls apart.
Security of Cryptographic Primitives
The next basic security assumption of blockchain is that the cryptographic algorithms that are used for ensuring integrity and authenticity of the data in the system work as designed. This assumption transfers trust for maintaining the security of the ledger from people or organizations to cryptographic principles. If the cryptography is strong and is used as designed everything works out.
Blockchain uses two main types of cryptography to ensure its security: hash functions and public key cryptography. Hash functions are designed to protect the integrity of data by ensuring that no one can modify data on the blockchain without being detected. This is accomplished by making sure it is very difficult to find two versions of data that, when hashed, produce the same output value. So far, hash functions have worked as designed.
Public key cryptography is where cryptographic security tends to fall apart, and it’s not the fault of the crypto. The public key cryptography currently in use makes two main assumptions:
- No-one has a quantum computer
- Private keys are properly protected
In all probability, assumption 1 has never been violated. Assumption 2, on the other hand, has. A lot. Google has numerous stories of people losing large amounts of cryptocurrency because their public keys are lost or stolen (by malware, phishing, etc.). Hackers have demonstrated that there’s no need to build a quantum computer to break blockchain when you can just go after the user.
Connected, Functional Networks
Blockchains also make the assumption that the network that they run on is well connected and functional. The reason for this is to protect against a double-spend attack. In a double-spend attack, an attacker posts two conflicting versions of a transaction to the blockchain (i.e. spending the same value twice).
Under normal circumstances, this will be rejected since the network will reject one or the other of the transactions. One circumstance where it can succeed is if the attacker controls the consensus mechanism (see the first assumption above). The other is if users only see one transaction or the other.
Some network-level attacks against blockchain attempt to isolate one or more users from the rest of the network. This can be accomplished in a variety of ways, including malware, physical attacks, network-level attacks (BGP routing attacks, modifying firewall ACLs, etc.), and sybil attacks. If an attacker is successful in doing so, they can send one version of a conflicting transaction to one side of the network and the other version to the other. Since no user sees both versions of the transaction, they have no reason to reject it and add it to their copy of the blockchain. Once the target of the attack (the recipient of the transactions) accepts the transaction and acts upon it (i.e. sending whatever is purchased), the attacker can end the attack. At this point, whichever version of the blockchain is shorter is discarded, bringing the network back into consensus.
Blockchain Network Security: Designing a Secure System
When designing a blockchain system, it is important to perform a full risk assessment early in the process. It is important to understand the fundamental security assumptions made by blockchain technology and take action to mitigate any potential risks. The use of a private or permissioned blockchain, implementing secure key management processes, and properly designing the network used by the blockchain can go a long way toward improving the security of the system.