Blockchain technology has become synonymous with privacy and security, but those same characteristics have been tested over the past decade. With historical roots embedded in cryptography, many blockchain and cryptocurrency projects claim to offer unbridled security and privacy measures. The industry is divided between public blockchain platforms like Bitcoin and private or authorized blockchains focused on business use.
Cointelegraph has previously explored the ins and outs of privacy issues related to blockchain technology, but the security of these systems is a major consideration in itself. In the years following the creation of Bitcoin (BTC), a multitude of cryptocurrencies were created, as well as many blockchain projects in the private and public domain.
The large number of active parties and industry participants means that vulnerabilities have been identified and exploited over the years. This is despite the best efforts of those involved in creating the most secure blockchains, cryptocurrencies and exchanges.
This article will highlight public blockchains and cryptocurrencies like Bitcoin, authorized blockchains that offer enterprise solutions to large companies as well as privacy coins to delve into the different considerations of their levels of perceived and real security.
Is Bitcoin secure for the average user?
Since the use of cryptocurrencies first started with individual users and adoption by larger entities such as financial institutions has been slow, a major concern is the security of the blockchain or crypto -currencies used by individuals. In order to understand what makes these systems secure, Cointelegraph contacted blockchain and cryptocurrency analysis company CipherTrace.
John Jefferies, who is the company’s chief financial analyst, has identified and separated the different categories needed to fully understand the level of security of an open blockchain or cryptocurrency like Bitcoin:
“There are three levels of security to consider: personnel, platform and technology. Blockchains provide the technology layer, but the average user needs to trust the security of the particular wallet or trade they are using. A well-validated open source blockchain, built using known and reliable encryption, like the Bitcoin blockchain, provides the level of security to assure the average user that their transaction data has not been tampered with. “
When asked if open blockchain systems offer trustworthy security and privacy to users, Jefferies described two key elements of the Bitcoin system that address long-standing issues plaguing previous digital currency projects. First of all, Blockchain technology has proven to be a major advance, as it has solved the problem of double spending in peer-to-peer transactions.
Another essential protocol that provided security was the basis of Bitcoin’s consensus protocol, as Jefferies explained, blockchain technology also addresses the problem of Byzantine generals, where a messenger sharing information between generals can provide false information. However, if all parties receive information verified by the majority, corrupt messengers will be discovered. While these two elements provide robust security for the overall Bitcoin system, Jefferies makes a clear distinction between protocol security and user privacy:
“It is a common misconception that Bitcoin was designed to be anonymous, but in reality, the Bitcoin blockchain is pseudonymous, which means that the transactions are publicly visible, but not the individual users associated with the transactions. Satoshi’s white paper only deals with confidentiality in two paragraphs. If privacy had been the goal, it would have been designed differently. “
Cointelegraph also contacted the doctorate at Stanford University. student Florian Tramèr, who recently discovered vulnerabilities in the Monero (XMR) and Zcash (ZEC) privacy coins. A remote side channel attack would allow an attacker to recover a user’s IP addresses, thereby destroying any semblance of user anonymity and privacy in a transaction.
Tramèr weighed on the level of security that open blockchain networks, like Bitcoin, offered to the average user. He pointed out in a comment to Cointelegraph that the Bitcoin consensus protocol has proven to be effective on its own, but the development of many third-party applications, such as exchanges, has added a number of vulnerabilities to the global ecosystem:
“The general idea of consensus through proof of work definitely seems to stand the test of time – in terms of security at least, not so much in terms of scalability. […] On the security side, we have seen countless examples of vulnerabilities in smart contracts, wallets, exchanges, etc. On the privacy side, many studies have also shown that cryptocurrency transactions are relatively easy to track and anonymize, even in systems, such as Monero and Zcash – mainly because achieving good confidentiality requires a lot additional precautions from the user. “
Authorized blockchains and privacy pieces
Private or authorized blockchains have become a must-have solution for large companies and businesses looking for distributed ledger solutions for various business challenges. It goes without saying that the largest conglomerates will not take any chances in terms of security and therefore turn to authorized block chains, tailor-made and managed by specialized technology companies.
The best examples are Microsoft Azure Blockchain Service and the IBM Blockchain platform, which is powered by Hyperledger Fabric from the Linux foundation. The Microsoft Azure blockchain service performs a similar function, allowing users to create and operate evolving blockchain networks. IBM Blockchain targets large companies and large corporations and has a variety of existing blockchain platforms that companies can join. Customers can also create and launch their own platforms which can be programmed to perform specific functions.
Related: Exploiting Hyperledger Fabric – Enterprise Blockchain Unveils Viable Solutions
When asked if authorized blockchains are more secure than open networks, Jefferies of CipherTrace made an argument suggesting that these platforms are not inherently more secure:
“No, they are simply less attacked because they do not move money and are not widely deployed. If anything, they could be more susceptible to hacks and security breaches because, by nature, they are allowed, private blockchains are more centralized. “
Tramèr’s position was similar to that of Jefferies on how the authorized blockchain would contrast the security of open blockchains:
“The threat model is certainly different. However, some problems, such as bugs in smart contracts, key management, etc., would also be a problem in an authorized or private system. ”
While companies can turn to authorized blockchains to operate closed ledger systems and other financial tasks, at the other end of the spectrum, there are pieces of privacy that aim to provide complete anonymity to users. . Given Tramèr’s research on perceived privacy and security offered by the confidentiality documents, he insisted that the evaluation of the real degree of confidentiality and anonymity offered is not a clear conversation:
“On the one hand, Zcash and Monero use fairly advanced and very recent developments in cryptography to offer, in principle, a high degree of confidentiality and anonymity for transactions. On the other hand, cryptography is only part of a large distributed system implemented by these projects. And measuring confidentiality, or lack thereof, at the systems level is very difficult. There may be subtle implementation bugs and a variety of usage patterns or side channel leaks that could reveal much more than what cryptography predicts. “
An act of balance
A key conclusion is that security concerns in the blockchain and cryptocurrency space transcend individual systems. You cannot label a single platform or cryptocurrency as insecure due to the fact that there are many systems that connect to each other. Tramèr proposed a comparison between traditional financial systems and the emergence of blockchain-based cryptocurrencies where no system is “hackable” and where security problems also boil down to usability problems:
“You shouldn’t have to be an expert to use these cryptocurrencies in the most secure way possible. At the same time, finding a” steadfast “system is not necessarily the right goal. If you look the banking system, for example, things are clearly not “out of control.” People are having their credit cards and account credentials stolen all the time; banks are hacked; there is a lot of fraud; and most of that is managed by the legal and insurance framework. A similar framework to transparently and gracefully manage security breaches and losses in the cryptocurrency space does not yet exist. “
In the decade since the creation of Bitcoin and the emergence of numerous altcoins, blockchain platforms, cryptocurrency exchanges and a multitude of other projects have emerged. This inevitably included teething problems and hacks; fraud and security breaches were common, especially in cryptocurrency exchanges.
Meanwhile, technologists and developers have started to leverage blockchain technology and cryptography to create secure and robust systems. Capacity exploration continues today, and Jefferies believes technology will continue to drive the development of more secure systems in a wide range of industries:
“Yes, there has been a lot of experimentation looking for use cases where the blockchain offers benefits beyond traditional technology. […] We see companies and countries looking for digital currencies because of the increased efficiency and control made possible by scanning. Over the next 10 years, each major economy will have its own central bank digital currency. “