Getting your Trinity Audio player ready...
|
Many people, who work within the information security industry hold a misconceived notion that information security is about technology and tools. Unfortunately, the same attitude has, wrongly, crept into Bitcoin.
Security is more about economics than it is about technical tools – no technical tool alone is effective. They all require management, maintenance and monitoring. Computer security is an oxymoron. It does not matter how good the encryption is if people do not implement it wisely and monitor its use.
The merger of Yahoo and Verizon was valued at over US$4.8 billion. This merger was nearly derailed following a series of data breaches that exposed customer information. We have recently seen black-market extortion schemes, hacking the hire and Internet piracy is as rampant as ever. This is not going to stop any time soon. Our entire model is broken. We move security into centralised systems that become more and more tempting to attackers. This is not a cyber flaw, it is a flaw in the economics of the model. Peer models do not make anything inherently secure. What they do is distribute the risk.
An attacker seeking to breach a credit card company can make massive gains attacking a single system and stealing a single database. Conversely, attacking a distributed database such as the one used by Bitcoin is infeasible. The reason for this is that none of the keys that control access to the ledger are stored within the Blockchain itself.
The cryptography involved in Bitcoin is not particularly special, EcDSA has been around a long time, and is widely implemented. It is the economics of the Bitcoin system that make it particularly special. And this is the aspect that most people don’t understand.
People believe that you need to validate your own transactions, this could not be further from the truth. It is not whether you have a valid transaction, it is whether the entire network recognises your transaction. In fact, even if you should find a discrepancy in your transaction, if it is accepted into the majority of the nodes that mine bitcoin, then your transaction will be accepted in the way that the miners agree. Any node votes on the acceptance of a transaction purely through mining. Any wallet that disagrees with this process is simply isolated. The matter how many wallets disagree, they can never form a consensus.
So, contrary to popular wisdom, there is absolutely no advantage in running a full node unless you are a merchant monitoring the double spends or a miner.
Because wallets failed to create blocks at all, they have no say on the network. At present, they are not needed for propagation of transactions and their removal would actually make the network more efficient. There is a reason that satiety called these non-mining wallets SPV wallets.
It is relatively simple. As a wallet can only veto its own transactions and its own blocks, it has two options:
- Isolate itself from the network, or
- Accept the transaction and block.
In order to form consensus, the system requires a majority of mining nodes to accept a block. If you’re not creating a block through mining, you cannot engage in the consensus process. At best large well-connected wallets could interfere with propagation, but as the network is so densely connected, this matters little that all even for the largest connected wallets.
At worst, the wallet who decides to ignore the transaction rules that are agreed in consensus through the distribution of blocks is simply isolated. No transaction that they send outside of the ledger will have any use or meaning.
The benefits of Bitcoin include decentralising control of our money. Any individual can create a raw transaction and send it onto the network from any machine connected to any part of the Internet. If they can validly sign that transaction and it meets the consensus rules on the network, it does not matter if they created the transaction by hand.
The truest check of your transaction being accepted is other machines having accepted. Not your machine, the other machines on the network. It is not running a node that is important, it is ensuring that our transaction reaches a node. This requires highly interconnected mining systems that link to exchanges and online wallets. There are zero benefits in running your own wallet if you don’t mine.
The Economics
The most overlooked aspect of Bitcoin is the use of economic incentives. Many in the industry consider this the weakest part of the system, the reality is this is the true strength. Attackers are more rational than many others [1, 2]. As much as we like to deny this fact, cyber criminals and other economic criminals are generally more rational than the average person and exhibit a higher risk tolerance than a more law-abiding citizen. In [1], Wright expressed the economic truth;
- More security costs = higher costs to the consumer.
- Higher expected loss from risk = higher costs to the consumer.
It is scary that not enough people understand this. The notion that “Criminal groups act as profit seeking enterprises, and the ability to shift the economic returns away from this activity results in a lower amount of crime” [2] this is simple to understand when you think about it even though it seems counterintuitive at first.
Bitcoin works in the same manner. The more we delve into the system and truly understand it, the more we can start to see that this is a system created through economic incentives. It does not use the most modern cryptography, it doesn’t use the coolest security technologies, what it does is truly remarkable: It creates economic incentives.
These incentives are aligned to the securing of the network [5]. The larger the network grows, the more secure it becomes. This begs the question, why are people seeking to limit its growth. It is the on chain growth that makes bitcoin secure. It is the distributed consensus mechanism and the shared nature of the ledger, so the question is why are people trying to remove this key aspect of the protocol. Why are they trying to move to of chain solutions that mirror the traditional security models and require secure nodes and permissioned systems?
Do they not understand the benefits of economic controls or scarcity or is there something else at play here?
Problems of Software
There is no way to make any computer or software completely secure. More, not less, is better. What we need is a central protocol that all agree on. From this protocol, many versions of software can divulge. If we have many developers working on new front ends, new mining systems, new exchanges and new platforms, then the chances that any one of these will be compromised in a way that impacts a large number of users will be lowered: e.g a bug may impact, say, Microsoft Windows [3], but it would be unlikely to see these impacting a Linux or Mac.
The core of bitcoin is not cryptography, that is just a tool, the core of bitcoin is economic incentives.
There are many ways of attacking the Bitcoin (or any other) network. All of these involve trade-offs and all of these trade-offs are economic in nature. The issue is not whether a computer system can be attacked but whether it can be attacked efficiently. There is no such thing as perfect security and security is always an economic trade-off [4].
Any change of a protocol has an economic impact. Leaving the block has an economic impact as it limits the size of the network. This was discussed before; the security of the network is directly related to the investment in the network and the investment in the network is related to how many people use it. Not how many people run wallets acting as non-mining nodes, but how many people invest in creating mining systems to secure those transactions that we wish to run. Right now, we are artificially capping the growth of the network and the result is that we are limiting the security of the network.
We state very clearly this: the core of Bitcoin is not cryptography, the core of Bitcoin is economic incentives.
References
[1] Wright C.S., Zia T.A. (2011) “Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls”. In: Herrero Á., Corchado E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg, https://link.springer.com/chapter/10.1007%2F978-3-642-21323-6_26
[2] Wright, Craig S, (2012). “Criminal Specialization as a Corollary of Rational Choice,” International Conference on Electronics, Information and Communication Engineering (EICE 2012), Garry Lee, ASME, New York, 6 pp. http://ebooks.asmedigitalcollection.asme.org/content.aspx?bookid=408§ionid=38787998
[3] Ari Takanen, Jared D. Demott, Charles Miller (2008) “Fuzzing for Software Security Testing and Quality Assurance” Artech House information security and privacy series, IT Pro, Artech House, 2008 ISBN 1596932155, 9781596932159
[4] Andreas Gregoriades, Jae-Eun Shin, Alistair Sutcliffe (2004) “Human-Centred Requirements Engineering” In 12th IEEE International Requirements Engineering Conference, pp. 154-163, doi:10.1109/re.2004.28