x
Black Bar Banner 1
x

Welcome to Markethive

How secure is blockchain really?

Posted by Andries Van Tonder on November 28, 2019 - 2:16am Edited 11/28 at 2:26am

The whole point of using a blockchain is to let people—in particular, people who don’t trust one another—share valuable data in a secure, tamperproof way. That’s because blockchains store data using sophisticated math and innovative software rules that are extremely difficult for attackers to manipulate. But the security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can get messy.

To understand why, start with what makes blockchains “secure” in principle. Bitcoin is a good example. In Bitcoin’s blockchain, the shared data is the history of every Bitcoin transaction ever made: an accounting ledger. The ledger is stored in multiple copies on a network of computers, called “nodes.” Each time someone submits a transaction to the ledger, the nodes check to make sure the transaction is valid—that whoever spent a bitcoin had a bitcoin to spend. A subset of them compete to package valid transactions into “blocks” and add them to a chain of previous ones. The owners of these nodes are called miners. Miners who successfully add new blocks to the chain earn bitcoins as a reward.

What makes this system theoretically tamperproof is two things: a cryptographic fingerprint unique to each block, and a “consensus protocol,” the process by which the nodes in the network agree on a shared history.

The fingerprint, called a hash, takes a lot of computing time and energy to generate initially. It thus serves as proof that the miner who added the block to the blockchain did the computational work to earn a bitcoin reward (for this reason, Bitcoin is said to use a “proof-of-work” protocol). It also serves as a kind of seal, since altering the block would require generating a new hash. Verifying whether or not the hash matches its block, however, is easy, and once the nodes have done so they update their respective copies of the blockchain with the new block. This is the consensus protocol.

The final security element is that the hashes also serve as the links in the blockchain: each block includes the previous block’s unique hash. So if you want to change an entry in the ledger retroactively, you have to calculate a new hash not only for the block it’s in but also for every subsequent block. And you have to do this faster than the other nodes can add new blocks to the chain. So unless you have computers that are more powerful than the rest of the nodes combined (and even then, success isn’t guaranteed), any blocks you add will conflict with existing ones, and the other nodes will automatically reject your alterations. This is what makes the blockchain tamperproof, or “immutable.”

Creative ways to cheat

So much for the theory. Implementing it in practice is harder. The mere fact that a system works like Bitcoin—as many cryptocurrencies do—doesn’t mean it’s just as secure. Even when developers use tried-and-true cryptographic tools, it is easy to accidentally put them together in ways that are not secure, says Neha Narula, director of MIT’s Digital Currency Initiative. Bitcoin has been around the longest, so it’s the most thoroughly battle-tested.

People have also found creative ways to cheat. Emin Gün Sirer and his colleagues at Cornell University have shown that there is a way to subvert a blockchain even if you have less than half the mining power of the other miners. The details are somewhat technical, but essentially a “selfish miner” can gain an unfair advantage by fooling other nodes into wasting time on already-solved crypto-puzzles.

Another possibility is an “eclipse attack.” Nodes on the blockchain must remain in constant communication in order to compare data. An attacker who manages to take control of one node’s communications and fool it into accepting false data that appears to come from the rest of the network can trick it into wasting resources or confirming fake transactions.

Finally, no matter how tamperproof a blockchain protocol is, it “does not exist in a vacuum,” says Sirer. The cryptocurrency hacks driving recent headlines are usually failures at places where blockchain systems connect with the real world—for example, in software clients and third-party applications. 

Hackers can, for instance, break into “hot wallets,” internet-connected applications for storing the private cryptographic keys that anyone who owns cryptocurrency requires in order to spend it. Wallets owned by online cryptocurrency exchanges have become prime targets. Many exchanges claim they keep most of their users’ money in “cold” hardware wallets—storage devices disconnected from the internet. But as the January heist of more than $500 million worth of cryptocurrency from the Japan-based exchange Coincheck showed, that’s not always the case.

Perhaps the most complicated touchpoints between blockchains and the real world are “smart contracts,” which are computer programs stored in certain kinds of blockchain that can automate transactions. In 2016, hackers exploited an unforeseen quirk in a smart contract written on Ethereum’s blockchain to steal 3.6 million ether, worth around $80 million at the time, from the Decentralized Autonomous Organization (DAO), a new kind of blockchain-based investment fund.

Since the DAO code lived on the blockchain, the Ethereum community had to push a controversial software upgrade called a “hard fork” to get the money back—essentially creating a new version of history in which the money was never stolen. Researchers are still developing methods for ensuring that smart contracts won’t malfunction.

The centralization question

One supposed security guarantee of a blockchain system is “decentralization.” If copies of the blockchain are kept on a large and widely distributed network of nodes, there’s no one weak point to attack, and it’s hard for anyone to build up enough computing power to subvert the network. But recent work by Sirer and colleagues shows that neither Bitcoin nor Ethereum is as decentralized as you might think. They found that the top four bitcoin-mining operations had more than 53 percent of the system’s average mining capacity per week. By the same measure, three Ethereum miners accounted for 61 percent.

Some say alternative consensus protocols, perhaps ones that don’t rely on mining, could be more secure. But this hypothesis hasn’t been tested at a large scale, and new protocols would likely have their own security problems.

Others see potential in blockchains that require permission to join, unlike in Bitcoin’s case, where anyone who downloads the software can join the network. Such systems are anathema to the anti-hierarchical ethos of cryptocurrencies, but the approach appeals to financial and other institutions looking to exploit the advantages of a shared cryptographic database.

Permissioned systems, however, raise their own questions. Who has the authority to grant permission? How will the system ensure that the validators are who they say they are? A permissioned system may make its owners feel more secure, but it really just gives them more control, which means they can make changes whether or not other network participants agree—something true believers would see as violating the very idea of blockchain.

So in the end, “secure” ends up being very hard to define in the context of blockchains. Secure from whom? Secure for what? “It depends on your perspective,” says Narula.

Own A Piece Of Markethive – Lifetime Income Opportunity
Markethive, the first Social/Market Network built on the Blockchain, introduces The Entrepreneur Program

Click here, Markethive is Completely Free To Join


The Entrepreneur program is designed to leverage your system. Your free Markethive system is a market network, like a social network, but with powerful inbound marketing tools integrated into the system. This premier hybrid social network includes news feeds, blogging platforms, video channels, chat channels, groups, image sharing, link hubs, resume, profile page and peer to peer commerce. But more than a social network, we have also delivered to you “Inbound Marketing tools” like broadcasting, capture pages, lead funnels, autoresponders, self-replicating group tools, traffic analytics, and more. Plus, we are built on the Blockchain which allows Airdrops of 500 Markethive Coin (MHV) upon joining and micropayments for using the tools mentioned above. This is all free to you.

The Entrepreneur program is designed to add gold plating to an already stellar and unbelievably valuable system you receive for free.


The Markethive Coin – MHV Consumer Coin
Notably, MHV was listed on the first of many exchanges, including its own exchange [in development] in March in 2019 and is currently valued at $0.18. The Markethive coin will not be dependent upon speculative value as is the case with other cryptocurrencies and platforms, thereby creating eternal economic velocity in the entrepreneur ecosystem within Markethive.

Click here, Markethive is Completely Free To Join

P.S Click here, Markethive is Completely Free To Join

 

Andries Van Tonder Thank you Kevin, appreciated
November 28, 2019 at 9:51am
Andries Van Tonder Thank you Louis for your comment.
November 28, 2019 at 9:50am
Kevin Jacobson Great post. Very complete blockchain overview.
November 28, 2019 at 8:39am
Louis Harvey Great Post, and information about the technology its always changing for the better so you never know what's in the pipeline.
November 28, 2019 at 7:36am
Andries Van Tonder You are correct Thomas, you will always find those devils!
November 28, 2019 at 6:41am
Andries Van Tonder Thank you Simon.
November 28, 2019 at 3:30am
Simon Keighley Nothing will ever be tamperproof, there will always be skilled cheaters looking to manipulate figures but the technology behind blockchain is going to drastically reduce corruption and make society much fairer - excellent post Andries.
November 28, 2019 at 3:29am