DARPA study finds blockchain not as decentralized as thought • The Register

US government-sponsored research is shedding new light on the security of blockchain technology, including the claim that a subset of a distributed ledger’s participants could gain control of the entire system.

The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the Defense Advanced Research Projects Agency points to several ways in which the immutability of the blockchain – the distributed ledger on which Bitcoin and other cryptocurrencies rely – could be called into question.

Of Bitcoin’s nodes, 21 percent were running an old version of the Bitcoin Core client known to be vulnerable as of June 2021

Instead of exploring attacks that target cryptographic vulnerabilities, the study instead focuses on approaches that can subvert the properties of a blockchain’s “implementation, network, or consensus protocol.”

Blockchain underpins a number of so-called Web3 technologies – including cryptocurrencies and non-fungible tokens – creating a lucrative, volatile and outspoken subset of the tech industry.

But the researchers found that weaknesses in blockchain can simply be related to a version control of software that controls network nodes, for example. “Of Bitcoin’s nodes, 21 percent were running an old version of the Bitcoin Core client known to be vulnerable as of June 2021,” the study said.

Meanwhile, the study points out that Bitcoin traffic is unencrypted, meaning that any third party on the network route between nodes, including ISPs, Wi-Fi access point operators or governments, can observe and drop any message they want.

“Of all Bitcoin traffic, 60 percent goes through just three ISPs,” the report said.

Security – we’ve heard about it

The researchers said that while there are different types of distributed ledger technologies (DLT) based on different designs, the “overall value proposition of DLT and blockchains is that they can operate securely without any centralized control.”

While the low-level protocols – or cryptographic primitives – that underpinned DLT security were sound, implementation decisions mean that the claim of immutability is open to question. “We show that a subset of participants can gain excessive, centralized control over the entire system,” the researchers said.

Another weakness specific to Bitcoin was that not all nodes contribute equally to reaching consensus and communicating with Bitcoin miners, the parties responsible for the mathematical proof-of-work test that creates units of the cryptocurrency.

“A dense, possibly non-scalable, sub-network of Bitcoin nodes appears to be largely responsible for achieving consensus and communicating with miners – the vast majority of nodes do not contribute meaningfully to the health of the network,” the report said .

Meanwhile, the combination of changes in the assumptions behind Bitcoin coupled with the fact that Bitcoin miners use a variety of software tools creates the potential for vulnerabilities.

The researchers explain that Bitcoin was founded on the assumption that every node in the consensus network would also mine the coins. However, as mining became more difficult, “mining pools” appeared to collect both mining power and rewards.

“Today, the four most popular mining pools account for over 51 percent of Bitcoin’s hash rate. Each mining pool operates its own, proprietary, centralized protocol and interacts with the public Bitcoin network only through a gateway node. In other words, there is really only one handful of nodes participating in the consensus network on behalf of the majority of the network’s hashrate,” the authors say.

They claim that this reduces the threshold for a so-called 51 percent attack. “If a node operator’s self-interest is to be dishonest, then there is no explicit penalty for doing so. Also, the number of devices necessary to perform a 51 percent attack on Bitcoin was reduced from 51 percent of the entire network (which we estimate to about 59 000 nodes) to only the four most popular mining pool nodes (less than 0.004 percent of the network),” the study found.

“A subset of a blockchain’s participants can gain excessive, centralized control over the entire system. The majority of Bitcoin nodes have significant incentives to behave dishonestly, and in fact there is no known way to create any permissionless blockchain that is impenetrable to malicious nodes.” without having a trusted third party”, concludes the report. ®

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *