7 questions on blockchain security
By now we have discovered plenty of things about the blockchain- we have looked at use cases, technical details, and the main expressions revolving around the technology.
Today we are going to examine 7 common questions regarding the safety and security of blockchain.
Can we really achieve perfect immutability?
Though the blockchain technology claims to be immutable, a.k.a. resistant to changes, we have already seen a few examples when transactions on the blockchain could be reversed. In 2016 hackers stole 3.6 million ether from the DAO (Decentralized Autonomous Organization) valued at about 80 million USD. The hosting Ethereum blockchain performed a split called "hard fork" and created a new version of history where the money was never stolen. However, this is strictly against the concept of immutability of the blockchain.
2. Is blockchain GDPR compliant?
In May 2018 the European Union newly introduced the GDPR law to protect the privacy of personal data. It has introduced such new regulations, as the "right to be forgotten", which entitles the user to have their entire data deleted from a certain system upon request. This poses a direct conflict with the immutability on the blockchain, as past transactions cannot be modified, nor deleted.
3. What are scalability issues?
One of the most discussed issues when it comes to blockchain is scalability, or how to process effectively a huge amount of transactions. As per the distributed ledger protocol, all the nodes (members) in the network process and store a copy of all the transactions. As the blockchain keeps on growing, processing and storing information will require more computational power. Only larger organizations will be able to provide these kind of resources, thus sacrificing the decentralized nature of blockchain. The scalability issue is only faced by public blockchains, private networks do not have issues extending.
4. Who grants permissions?
Both on private and public networks there are certain permissions in place: who is able to validate blocks, and control data submitted by the nodes. On both networks, someone needs to decide on what base is the permission given, who is able and not able to do certain activities. Making these regulations and decisions brings us closer to the centralized power we would want to avoid with using blockchain.
5. What can we do about our human errors?
Unfortunately human errors are one of the factors we can almost never outrule. Instead of blaming individuals to do the inevitable we need to make sure we have a plan B to mitigate losses. Smart contracts for example, mathematically very smart, in reality are only as effective as they are programmed, and they can malfunction if lacking some conditions. One of these smart contract malfunctions led to the above mentioned DAO hack, where an unforeseen condition was exploited and resulted in losing millions of dollars.
The other main human error is keeping the private key what it should be- private. The private key gives access to the someone's assets on the blockchain, and can only be accessed with this key- there is no back door. Unfortunately lost or forgotten private keys lead to assets on the blockchain which can not be accessed, moved, and as the chain is immutable the transactions cannot be reversed. Private keys can also be stolen with phishing or malware attacks, giving access to hackers to our assets.
6. Can the blockchain get hacked?
The hackers do not just stop at our private keys, they can also appear on the blockchain itself. As much as the system claims to be safe and secure, there are some very creative forms of hacking, where they can overpower a chain. For example, a 51 attack happens when at least 51% of the mining power is concentrated in the hand of one or a cluster of agents. This means that the majority of the transactions are validated by one party, and it compromises the integrity of the chain. Even if such an attack seems unlikely, it did already happen. ZenCash in less than 4 hours lost 550,000USD to a hacker(s) who managed to double spend 2 transactions, stealing the initial amount, and reverting 38 transactions on the chain.
Nodes on the blockchain need to remain in constant communication to exchange data with each other. An eclipse attack happens when a hacker takes control of another node, and tricks it into accepting fake transactions, or wasting resources.
Another type of attack is a "selfish miner" where a hacker can fool other nodes to waste their time on already solved crypto puzzles, thus earning credit with maybe half of the mining power as the competitors.
7. How about our privacy?
Blockchain gives us the possibility to handle crucial transactions on the chain. For example, the land registry in Georgia will move to a blockchain system. To perform transactions and validate our identity on the blockchain we might need to use private data, such as an ID on the blockchain. One option for this, is to transform our data into a hash and store the actual information off-chain in a more traditional database. But storing data off-chain reduces the required transparency, and increases the probability of having the information stolen from the network. Self-sovereign identity might be a solution, where we can choose with whom we choose to share sensitive information. In the end the security of the blockchain depends mainly on the user- a carefully kept private key can protect well even our most secret data. Let's not forget, that as much as there is a possibility to hack the blockchain, current computer networks do not provide flawless security neither. Cyberattacks against huge networks and companies storing our information in now traditional databases are almost everyday news.
So is blockchain secure?
Blockchain has the potential to become one of the safest technologies we have seen so far. At the moment there are still some challenging issues to overcome before it is ready for mass adaptation. Developers are working hard all around the world to overcome these hurdles, and make sure blockchain is bulletproof. The technology is also backed and explored by several giant companies like American Express, IBM, Oracle.
Is it perfect at this moment? No. But we can not find resolution in our current networks- we encounter issues with costs, efficiencies, and lack of transparency each day. Blockchain, even though at this moment in baby shoes, provides the hope of building something better soon.