Blockchain is often touted as a secure way of storing information, but just how secure is it?
While nothing is 100% secure, blockchain is designed to be immutable, tamper-proof and democratic. It achieves this, more or less, through three defining characteristics:
The complex interplay of these characteristics are what secure blockchain transactions and discourage foul play. For the purposes of this article, we’ll look at the first and most well-known blockchain of them all: Bitcoin.
Decentralization: Creating A Single Version Of The Truth
Traditionally, anyone wanting to store, share or process information has to own it. This involves creating, borrowing or buying that information, obtaining permission to use it (if necessary) and then ensuring everyone is aware of any changes. Sound confusing? It is. Handling information this way can easily become a complex game of telephone with hundreds of weak points and a high margin for error.
Blockchain, on the other hand, distributes the same information to every user (or node) on the blockchain network. When you make a change, the network validates it and then miners (nodes rewarded for updating the blockchain) add that transaction into a new block, which is then added to the blockchain.
This is decentralization — a single version of the truth but no single point of failure. Change one block, and you’d need to change every subsequent block before any new blocks could be mined. Otherwise, nodes would spot your fraudulent behavior and discard your changes. Given there are thousands of nodes confirming new blocks, it’s unlikely anyone could beat their combined computing power to add a bad one.
Cryptography: The Perfect Disguise
If decentralization is the bones of the blockchain, cryptography is the muscle — the sinewy, complex mathematical algorithms that deflect attacks.
All data on the blockchain is cryptographically hashed; in other words, it’s processed to hide its true identity. Hashing takes any input value and applies a mathematical algorithm (SHA-256 in the case of Bitcoin) to produce a new value of a fixed length.
Hashing is similar to a kind of password protection, a unique ID for sensitive data. Every block has a unique hash derived from that block’s transactions (each transaction ID is also hashed) and the hash of the previous block. Change the block retroactively, and every preceding block — the entire history of that blockchain — would also need to change.
Your private key used to access and move your bitcoins is also hashed to become a public key, so people can send you bitcoins without being able to steal them, too.
What makes hashing special is that it’s impossible to reverse engineer. You can’t take a public key, for example, and deduce the private one. Also, one tiny change in the input value creates an entirely new hash ID, which means fraudsters can’t get away with making small changes without invalidating the whole block.
Consensus: We Agree — Do You?
Consensus is the brain of the blockchain. It decides which blocks to add by pitching nodes against each other in a cryptographic race for a Bitcoin prize.
First, nodes validate that the block meets the preset rules for the Bitcoin blockchain. Then, miners compete to solve a cryptographic puzzle based on the data contained in that block. When a miner solves the puzzle, they share their solution with the network. If at least 51% of the network nodes agree with that solution, the block is added to the blockchain.
This particular type of consensus is called proof of work. It ensures each block has gone through a complex, mathematical process before becoming an immutable part of the blockchain. It’s labor-intensive, which helps deter criminal activity, and because miners earn a reward of 12.5 BTC for every solution, they’re incentivized to play by the rules. But do they always?
Cracks In The Facade
A threat to the proof-of-work consensus model is the 51% attack. If over 50% of the mining power is owned by a minority of colluding nodes, they could prevent other nodes from adding new blocks, effectively controlling the network. This would enable double-spending and other types of fraud, but the 51% attack does require a great deal of energy and money to succeed.
While this type of attack has yet to happen to Bitcoin, one mining pool, GHash.IO, exceeded 50% in 2014 but voluntarily reduced its mining power to maintain the integrity of the network. Other cryptocurrencies, such as Bitcoin Gold, weren’t so lucky.
Perhaps the most pressing blockchain vulnerabilities stem from how the blockchain interacts with other things. Smart contracts, for example, can automate many blockchain tasks, but they are only as good as the code they’re written in. Strictly speaking, they’re not a part of the blockchain but do interact with it, so if the code is poorly written, hackers could infiltrate the smart contract and steal, alter or divert wealth (or information).
Similarly, centralized institutions that interact with the blockchain could put the network at risk. Hackers are only interested in big jobs where millions of dollars are at stake, so they generally target centralized repositories where there is a single point of failure, a vulnerability they can exploit. Much of today’s cryptocurrency trading volume is through centralized exchanges, and since 2011, nearly a billion dollars worth of digital assets have been stolen.
Better, But Not Perfect
Blockchain is still an emerging technology and evolving with each passing day. Most security vulnerabilities are patched up quickly, and in extreme cases, they can result in a new version of that blockchain known as a hard fork. This is what Ethereum did to recover $55 million worth of Ether when it was stolen from the DAO (Decentralized Autonomous Organization) smart contract.
All things considered, blockchain is a much better solution to storing and exchanging digital value than anything that has come before it. Does that mean it’s perfect? No, but then nothing is. What’s important is we keep developing and improving the blockchain ecosystem to make it as secure as possible.