Blockchain security and the cryptocurrency boom
Steve Giguere, engineer at Synopsys, provides a comprehensive explainer here for crypo-n00bs.
Thanks to Bitcoin, it's fair to say that "blockchain" is a buzzword at the moment—like DevOps, or Zumba. This article isn't going to dive into what a blockchain is, because many others out there already do that. Here's a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic buddy, blockchain. (I may have written that one as well.)
To some people, Bitcoin is a spoof currency trapped in a speculative bubble. To others, it and its alt-coin brethren are the future of financial exchange. In 2017 we saw a growing frequency of news about Bitcoin millionaires, lost Bitcoin tragedies, Bitcoin scandals, and various Bitcoin exchanges being hacked and shut down.
For the millions who have invested (or are considering investing) in cryptocurrencies such as Bitcoin, Litecoin, Ethereum, and the ever-growing list of alt-coins, little has been mentioned about the software and the infrastructure on which these cryptocurrencies are based. With all early adoption of technology, there is risk, so there's a natural inclination to question the security of blockchain and the potential for cyber attack against it.
Despite Bitcoin itself nearing its 10th birthday, blockchain technologies are still in their infancy, with many experts, including Gartner, estimating functional maturity at 5–10 years away.
Eran Shir, the founder of Nexar, sees Bitcoin as an antifragile economic move, describing it as "a constant dare to the hackers of the world to try and break it. The ultimate hackers bounty competition."
Given that Bitcoin's current market cap (at the time of this article) is approximately $230 billion, it is a certainty that hackers are working around the clock on ways to dismantle this tech—and yet it has stood its ground so far.
Let's break down blockchain from a security perspective and look at its history, its successes and failures, and what we can do to keep our eyes wide open on the roller coaster ride of cryptocurrency investing.
A bit of background
If you want to get more technical about blockchain, blockchain researcher Melanie Swan (author of "Blockchain: Blueprint for a New Economy") describes it as "a mechanism for updating truth states in distributed network computing through consensus trust...overall, a new form of general computational substrate." Memorize that, and you'll instantly feel smarter and lonelier at parties.
Perhaps easier to understand is Sally Davies, a Financial Times technology reporter, who said that blockchain "is to Bitcoin what the internet is to email: a big electronic system on top of which you can build applications. Currency is just one."
From the perspective of cryptocurrency, blockchain is just a digital ledger. Until blockchain hit the spotlight, the word "ledger" hadn't crossed my path since Andy Dufresne and his cinematic prison escape in "Shawshank Redemption." If you haven't seen it, let's call it essential homework.
If you want to dive deeper into the blockchain technology, please feel free. In this article, I assume that you already understand the basics. I don't mean you need to get into the nitty-gritty of Merkle trees; just the fundamentals will do.
For the coders, if you want to dive even deeper, why not build a blockchain yourself? Here's a nice step-by-step for coders, who might be surprised how easy it is.
The attack surface
A typical cryptocurrency conversation covers these topics:
The network. The blockchain itself is just a list of all transactions, essentially a database. This database is maintained simultaneously by the nodes, known as miners, in the distributed network. The database is public. Anyone can view it.
The wallet. This is the digital address associated with the ownership of a certain quantity of Bitcoin. The wallet is more conceptual than physical, like an email address.
The wallet storage or software. This might sound like the same thing as the wallet, but it definitely isn't. Think of the difference between your physical wallet and where you store it, such as in your back pocket on a busy Paris street. Probably not the best storage solution.
The ledger
Consider typical database breaches, which can be the result of insecure coding practices allowing for typical OWASP Top 10 exploitation, a poorly configured server, social engineering, or an insider threat bypassing typical defences.
Now consider blockchain—or more generally, decentralized technologies. Bitcoin's original blockchain model achieved something at the core of Bitcoin's design: cutting out the central trusted authorities (banks) and solving two major potential security issues. The first is the Byzantine generals' problem of establishing consensus trust, and the second is the problem of double spending. The proof-of-work hashing mechanism known as hashcash solves these issues, making it unfeasibly difficult for a malicious party to tamper with a block in the chain. Considering the amount of work required to disrupt the network (which grows with the length of the chain), it's more lucrative just to join the network—recalling the old idiom "If you can't beat 'em, join 'em."
I'll draw another simpler analogy that is closer to my heart. The act of centralization creates a target. Be it a physically centralized entity or a conceptual one, it is a single point of potential failure. A bank, an Amazon S3 bucket, and a referee are all examples. Let's talk about the last one. If you observe the game of soccer ("football" to the rest of the world), you'll see a relatively high number of players gaming the referee by diving, pleading, or concealing intent to gain advantage. It's so common it has become part of the sport (and one that ruins it, IMHO). I've played a sport called Ultimate Frisbee for years and, like many others who enjoy this sport, have been fascinated by its self-refereeing, even at the highest level. Yes, that means there are no referees. Without the presence of a centralized trusted third party making decisions, the on-field players themselves are called on to form a distributed refereeing network as a form of consensus trust or consensus refereeing—in this case, with majority ruling—and it works. Essentially, players are rewarded for playing the right way rather than the wrong way.
The 51% problem
Is blockchain perfect? Not quite. When Bitcoin started, the miners in the network, who participated in processing the blockchain, were people like you and me. Early technology adopters were keen to be part of a disruptive technology. It was a truly distributed network of consensus trust. Since then, mining has become big business, with companies setting up mining farms in countries with cheap electricity, such as Iceland, to try to mine as many new Bitcoins as possible. The result of this is the 51% problem.
If a single party possesses 51% of the mining pool, it is possible to falsify an entry into the blockchain, allowing for double spending, and even to form a new chain to the advantage of the mining pool.
Although this 51% problem is very real (GHash.io is a mining pool that almost achieved it several times), several Bitcoin developers and miners have insisted that a major part of the value of Bitcoin lies in its security. Any malicious act against the network by miners or developers could instantly and radically devalue the currency, rendering any effort to undermine the network for personal gain a substantial long-term loss. Nevertheless, the 51% problem remains a serious concern.
Via distribution, blockchain has provided itself a robust self-check mechanism. Ideally, any attempt to compromise one version or even many versions of the blockchain ledger would be detected by all others as a minority difference and rendered invalid by the consensus trust. The notion of bank robbery essentially isn't a thing anymore.
The wallet
Transactions are registered on the blockchain as peer-to-peer, wallet-to-wallet transfers of set amounts of cryptocurrency (in the case of Bitcoin). In the case of more complex blockchain protocols, such as Ethereum's, the transaction could be a stage in a smart contract, but that detail is beyond the scope of this article.
The term "wallet" is a bit of a misnomer, as it implies something tangible. In the cryptocurrency world, a wallet is little more than a private key. (If you need some light reading on asymmetric key encryption, check this out article.)
Here's an example of a private key:
E9873D79C6D87DC0FB6A5778633389(_SAMPLE_PRIVATE_KEY_DO_NOT_IMPORT_)F4453213303DA61F20BD67FC233AA33262
And here's a sample of this key in Base58 WIF (Wallet Import Format):
5Kb8kLf9zgWQnogidDA76Mz(_SAMPLE_PRIVATE_KEY_DO_NOT_IMPORT_)PL6TsZZY36hWXMssSzNydYXYB9KF
In terms of security, this is one of the more interesting stories. The security of your cryptocurrency investment comes down largely to how you store your private key, because if somebody knows your private key, they can import it into their wallet and start spending your cryptocurrency.
Before going into the types of wallets, let's address the security of the key itself. It is a 256-bit key. Can somebody just guess it, essentially just brute forcing it programmatically? To put it into perspective, the odds of guessing a private 256-bit number is 1 in 115,792,089,237,316,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.
These odds are far worse than, say, the odds of guessing a credit card number (1 in 9,007,199,254,740,990) or the odds of winning a national lottery (1 in 13,983,816). They're closer to something like the odds of guessing which atom in the Milky Way I'm thinking of right now (1 in 1,725,436,586,697,640,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000). (Big thanks to Michael Kerbleski at Medium for those numbers.)
Feeling safer? Good.
Another frequent question is, If the public key is generated from the private key, how difficult is it to reverse engineer the private from the public? Asymmetric encryption like this is founded on one direction being easy and the other being difficult. How difficult? I've heard one expert claim that reverse engineering a private key from a public key would take the power of the sun and the rest of time to do it. Another expert in this articlestated, "The world's most powerful computer would need more than 40,000,000,000,000,000,000,000,000,000,000 years (that's 31 zeroes!)."
If you're a smarty-pants and think that quantum computing will allow this to happen and undermine the entire operation, well, you'd be correct in the much longer term. Here's a fun article mocking the possibility but also clarifying the distance of such a prospect. By the time quantum computing comes around, the world of cryptocurrencies and blockchains will have changed significantly, so let's not speculate.
Feeling safer still? Good.
Your wallet's private key is used to generate your public key, which people can use to send you money. But the wallet software is also responsible for using your private key to send money to others. It does this by signing the transaction using the Elliptic Curve Digital Signature Algorithm (ECDSA). Note that the Wikipedia article warns that ECDSA may allow for the reverse engineering of private keys when the secret random number k used in the algorithm is generated by a faulty random number generator.
This happened in 2013 and yet again in 2015, when wallet applications primarily for mobile were found to be using pseudorandom number generation. In one case, the random number generator wasn't generating a random number at all but was using the same number each time. It's been said in a variety of ways that the best way to keep your cryptocurrency safe is not to spend it, because you can't trust the creators of the wallet software to have implemented ECDSA correctly. A software static analysis tool such as Coverity would have found that bug and fixed it, but with these wallets, as with many commercial software development projects, time-to-market pressures overwhelmed the requirements for the quality and security of the software.
There are many ways to store your public key, and most require software.
Hot wallets (connected to the internet)
Desktop wallet: an application on your computer.
Mobile wallet: an application on your smartphone.
Online wallet: a wallet hosting service online. Warning: Malicious browser extensions can modify Bitcoin addresses on websites you open in your browser, with just a few lines of malicious code, and this code is hard to detect. Therefore, turn off browser extensions whenever dealing with Bitcoin online.
Cold wallets (can be disconnected from the internet)
Hardware wallet: dedicated hardware (such as a USB device) that is built specifically to hold cryptocurrency and keep it secure. These devices can go online to make transactions and get data and then can be taken offline for transportation and security. Good examples of this are Trezor Wallet and Ledger Nano S.
Paper wallet: a piece of paper. No joke. Just print out a QR code for both your public and private keys. You can't be hacked, but you can still fall victim to classic screw-ups, like losing that piece of paper, spilling coffee on it, or using it for kindling.
We've gone through some of the security aspects of the blockchain as it pertains to the Bitcoin network, some of its inherent strengths, and its possible but unlikely weaknesses. We've also shown that the cryptography used for transactions can be incredibly safe, but only if the wallet is managed by a robust application following sound secure development practices. We've learned that there are many different options available and briefly described each. Unfortunately, we're leaving you hanging about the best choice for wallet storage to ensure you can engage with the cryptocurrency world with maximum confidence. We'll follow up on these topics and a bit more in the second part of this article, coming soon.
