Is Blockchain Bulletproof?
Public and private key cryptography has been around for a long time. In the past, its complexity meant that it was confined to the realm of techno geeks far from the public eye.
Then the keys were used in a slightly different way. And as soon as it became connected to money, it entered the public consciousness as a new, basic cybersecurity asset: Blockchain. The money connection hadn’t quite happened on October 31, 2008, when Satoshi Nakamoto posted a peer-to-peer-cash-system in a cryptography mailing list – the road to the mainstream lexicon began five years later in 2013 when US$1 million worth of bitcoins were sold in a single month.
People woke up to the fact that it was something special: Its application to bitcoin came with highly unique deployment characteristics: Blockchain trusted no one (no central authority). Nobody owned the data (central repository). Everyone could see the content and what was happening (high-level transparency). Everyone could have direct access (eliminating intermediates). Use was anonymous (pseudonymous). And it could resist almost all attempts at data manipulation (immutability).
And Here’s the “But”
Not many people really know what you can and can’t do with it, even though the technology is generally regarded as providing bulletproof safeguards in the cybersecurity domain.
But how wrong that is.
It was in fact a disaster for all those who were planning to use it for their business! Why? In the early stages, many people had an understanding of what kind of opportunities Blockchain offered, starting with the obvious: secure payments and money transfers all the way down to secure transactions involving wills and inheritances.
However, everybody wanted to make small changes to the original Blockchain concept.
That was understandable, as it was practically impossible to apply the original concept to a normal business environment. But making changes comes with problems due to various challenges. One of the main ones is how mining is done (consensus model). It uses a vast amount of computers to prevent anybody from influencing the counting of results (block creation). Another is how the possible corrections for already created blocks are made.
As a result, Blockchain has many limitations and is also subject to its fair share of threats. These include:
- 51% attacks where a bad actor obtains the majority in the network and abuses it.
- Mempool attacks where new blocks are flooded with transactions.
- DDoS and DNS attacks.
- Wallet theft, consensus delay, double spending attacks, and so on.
In many uses cases, it wouldn’t comply with the EU’s GDPR (General Data Protection Regulation).
Two Things Are Needed
First, we need to be clear that a huge amount of parallel applications with Blockchain will exist, all modified to fulfill different kinds of business requirements. In this regard, progress is good.
Second, and this is where progress needs some work, a solution or certification system is required that will allow us to understand how secure each Blockchain use case is and what kind of tradeoffs it has. Such a solution needs to make visible the exact alterations that have occurred to the original Blockchain concept and thus the extent to which security may have been downscaled. This is required to mitigate the risks created by low-quality Blockchains or those that have been rushed to market.
Then, Blockchain can truly begin fulfilling its potential.
Click here to find out more about Huawei’s Blockchain service.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.