DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
Blockchain not as decentralised as many assume, finds Pentagon sponsored research
US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants can gain control over the entire system.
The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the Defense Advanced Research Projects Agency that points to several ways in which the immutability of blockchain – the distributed ledger on which Bitcoin and other cryptocurrencies rely – can be called into question.
Of Bitcoin's nodes, 21 percent were running an old version of the Bitcoin Core client that is known to be vulnerable in June of 2021
Rather than exploring attacks which target cryptographic vulnerabilities, the study instead focuses on approaches which might subvert the properties of a blockchain's "implementation, networking, or consensus protocol."
Blockchain underpins a raft of so-called Web3 technologies — including cryptocurrencies and non-fungible tokens — creating a lucrative, volatile and outspoken subset of the tech industry.
But the researchers found weaknesses in blockchain could simply relate to a version control of software controlling network nodes, for example. "Of Bitcoin's nodes, 21 percent were running an old version of the Bitcoin Core client that is known to be vulnerable in June of 2021," the study said.
Meanwhile, the study points out that Bitcoin traffic is unencrypted, meaning any third party on the network route between nodes, including ISPs, Wi-Fi access point operators, or governments could observe and drop any messages they wished.
"Of all Bitcoin traffic, 60 percent traverses just three ISPs," the report says.
Security – we've heard of it
The researchers said that while there are different types of distributed ledger technologies (DLTs) based on different designs, the "overarching value proposition of DLT and blockchains is that they can operate securely without any centralized control."
While the low-level protocols — or cryptographic primitives — underpinning DLT security were sound, implementation decisions mean the claim of immutability is open to question. "We show that a subset of participants can garner excessive, centralized control over the entire system," the researchers said.
Another weakness specific to Bitcoin was that not all nodes equally contribute to reaching consensus and communicating with Bitcoin miners, the parties responsible for the proof-of-work maths test which creates units of the crypto-currency.
"A dense, possibly non-scale-free, subnetwork of Bitcoin nodes appears to be largely responsible for reaching consensus and communicating with miners — the vast majority of nodes do not meaningfully contribute to the health of the network," the report says.
Meanwhile the combination of changes in the assumptions underpinning Bitcoin combined with the fact that Bitcoin miners use a select pool of software tools, also creates the potential for vulnerabilities.
- Tencent's WeChat wants no more talk of cryptocurrency and NFTs
- Neuromorphic chips 'up to 16 times more energy efficient' for deep learning
- Oracle plans US database for electronic health records
- DARPA wants to refuel drones in flight – wirelessly
The researchers explain that Bitcoin was founded on the assumption each node in the consensus network would also mine the coins. But as mining became more difficult, "mining pools" sprang up to group together both mining power and rewards.
"Today, the four most popular mining pools constitute over 51 percent of the hashrate of Bitcoin. Each mining pool operates its own, proprietary, centralized protocol and interacts with the public Bitcoin network only through a gateway node. In other words, there are really only a handful of nodes that participate in the consensus network on behalf of the majority of the network's hashrate," the authors say.
They argue this reduces the threshold for a so-called 51 percent attack. "If a node operator's self-interest is to be dishonest, then there is no explicit penalty for doing so. Moreover, the number of entities necessary to execute a 51 percent attack on Bitcoin was reduced from 51 percent of the entire network (which we estimate at approximately 59,000 nodes) to only the four most popular mining pool nodes (less than 0.004 percent of the network)," the study found.
"A subset of a blockchain's participants can garner excessive, centralized control over the entire system. The majority of Bitcoin nodes have significant incentives to behave dishonestly, and in fact, there is no known way to create any permissionless blockchain that is impervious to malicious nodes without having a trusted-third party," the report concludes. ®