New research challenges the security of the ledger technology blockchain software runs on, raising concern about its uses, from cryptocurrency spending and trading to electronic voting.
Commissioned by the Defense Advanced Research Projects Agency, researchers reviewed the features and vulnerabilities of distributed ledger technologies to gauge if the software is truly decentralized, or free from external control.
Distributed ledger technologies refer to software that stores information on a secure, decentralized network where users need specific cryptographic keys to decrypt and access data. It is the central technology that runs cryptocurrency transactions. Commonly known as blockchain, distributed ledger technology is supposed to be decentralized to prevent a single actor from tampering with information stored across its network.
“The report demonstrates the continued need for careful review when assessing new technologies, such as blockchains, as they proliferate in our society and economy” said Joshua Baron, the DARPA program manager overseeing the study. “We should not take any promise of security on face value and anyone using blockchains for matters of high importance must think through the associated vulnerabilities.”
Authored by cybersecurity consulting firm Trail of Bits, the report found that some blockchain technologies can be mutable and susceptible to change, which threatens the data stored within the proof-of-work blockchain.
This conclusion stems from the increased centralization of ledgers associated with popular cryptocurrencies, namely Bitcoin and Ehtereum.
“This report gives examples of how that immutability can be broken not by exploiting cryptographic vulnerabilities but instead by subverting the properties of a blockchain’s implementations, networking, and consensus protocol,” the report begins. “The data—and, more importantly, the code—deployed to a blockchain are not necessarily semantically immutable.”
Several factors contribute to vulnerabilities within blockchain systems. One critical component of a secure and decentralized blockchain ledger is the system of nodes, or participating computers, included in the network.
Should just one of these nodes not have the proper security protocols or simply be run by a dishonest actor, the data passing through the blockchain is susceptible to hacking or change. This finding erodes the longstanding notion of blockchain’s inherent security and threatens the information stored within various blocks.
Additionally, security protocol inconsistencies among nodes in a blockchain network or mining pool pose a threat to the safety of every included node.
The report also notes that all Bitcoin protocol traffic in particular is unencrypted, which does not initially pose a threat for data passing between nodes within a network. However, should a third party within the network route between nodes become corrupted, external actors can potentially disrupt transactions on the ledger.
Concerns over the software underpinning cryptocurrency transactions come as the emerging technology corners a larger part of the market and continues to be volatile. With an executive order and numerous bills, the federal government is seeking to find a regulatory grip on the cryptocurrency arena to better understand the new asset class and how it will impact the broader economy.