|
Title: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: FuninUSA on March 23, 2018, 07:16:02 AM Some people say, blockchain technology ensures the safer way of transaction and may, at last, replace the current bank systems. Their opinions are based on the idea that, blockchain assigns transactions or smart contracts to an immutable ledger, verifiable by multiple parties.
However, recently, several Chinese students published a paper calling out some vulnerabilities that may subject blockchain entries to inefficiencies, hacking and other criminal activity. I'm worried that the immature blockchain technology will negatively influence my invest in bitcoin. :-\ The key known risk factors are listed below: -Blockchain efficiency: For starters, the efficiency of blockchains themselves may become overloaded with complex consensus mechanisms and invalid data. Most popular consensus mechanism used in blockchain is Proof of Work, which the researchers call a "waste of computing resources.” In addition, blockchains will produce a lot of data -- block information, transaction data, contract bytecode -- that may be outdated and useless. Thus, An efficient data cleanup and detection mechanism is desired to improve the execution efficiency of blockchain systems. -Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information. - Frequent criminal activities with Bitcoin include ransomware, underground markets and money laundering. Through some third-party trading platforms that support Bitcoin, users can buy or sell any product.Since this process is anonymous, it is hard to track user behaviors, let alone subject to legal sanctions. -Transaction privacy leakage: Unfortunately, the privacy protection measures in blockchain are not very robust. Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes (e.g.,murder, arson, terrorism, etc.) These are all important factors which should be included when considering to join the blockchain and cryptocurrency investment. ( the full 9 risk factors can be seen in FuninUSA) The technology of blockchain is still very immature at this moment. I wonder, if these problems could finally be solved. Will bitcoin gradually accepted by the majority of people and be used as a method of payment? Also, once the blockchain technology is mature enough, will the bitcoin disappear? Hoping to hear your idea! ;) [ps:students are Xiaoqi Li, Peng Jiang and Xiapu Luo (all with Hong Kong Polytechnic University), Ting Chen (University of Electronic Science and Technology of China), and Qiaoyan Wen (Beijing University)] Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: akes2090 on March 23, 2018, 07:43:48 AM To answer your question: blockchains are safe - but not 100% safe.
Examples to substantiate this are: 1. A poorly coded smart contract that is not audited. 2. Consensus algorithms (PoS, PoE, BZF etc...) which have the potential of being manipulated. 3. The current battle between DLT security v.s. quantum computing. Everything that is made by man can be broken by man (given sufficient time and resources). Having made such an assertion though - I would also say that based on the advanced foundation of cryptography, it does eliminate a large percentage of hackers who do not have sufficient knowledge. Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: buwaytress on March 23, 2018, 09:18:34 AM To answer your question: blockchains are safe - but not 100% safe. Examples to substantiate this are: 1. A poorly coded smart contract that is not audited. 2. Consensus algorithms (PoS, PoE, BZF etc...) which have the potential of being manipulated. 3. The current battle between DLT security v.s. quantum computing. Everything that is made by man can be broken by man (given sufficient time and resources). Having made such an assertion though - I would also say that based on the advanced foundation of cryptography, it does eliminate a large percentage of hackers who do not have sufficient knowledge. I like that quote, not sure who said it, but yes, given sufficient time and resources, I believe that any task can be completed, any solution found. Asimov's "The Last Question" illustrates that perfectly, I think. And it is this belief that means nothing is 100% safe. But it is also this belief that means that for the current and foreseaable time, Bitcoin is virtually safe to use, as no one will have or want to spend the time and resources to "break Bitcoin". It's not impossible, just thoroughly unfeasible. Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: chocolaty on March 24, 2018, 10:50:01 AM Everything that is made by man can be broken by man (given sufficient time and resources). Having made such an assertion though - I would also say that based on the advanced foundation of cryptography, it does eliminate a large percentage of hackers who do not have sufficient knowledge. I definitely agree to this. Blockchain is man-made. Human cannot make anything 100% perfect, with no errors and undestructible. Blockchain only helps in reducing the number of mediocre hackers which leaves the veteran hackers. They are the one that can suffice the hacking of blockchains. Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: AdolfinWolf on March 24, 2018, 12:56:14 PM Blockchain only helps in reducing the number of mediocre hackers which leaves the veteran hackers. They are the one that can suffice the hacking of blockchains. *sigh*, how exactly would you hack a distributed/decentralized ledger? The best you can probably do is either try to crack people's private keys, ( which is currently, unless you have some sort of quantum computer, impossible), or you could "stop" the blockchain from functioning correctly with a 51% attack, which costs alot of money rather than "hacking" skills. I'm curious, In what way could the current chain be "hacked"? Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: iram1011 on March 24, 2018, 01:34:09 PM -Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information. Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: bob123 on March 24, 2018, 01:56:47 PM -Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information. The 'security' of private keys is not only dependent on the hash function used. The algorithm used to generate the public key from the private key is the ECDSA [1]. Nonetheless both, SHA-256 and ECDSA, are regarded as safe to use. Up to today there hasn't been found a single SHA-256 collision. [1] https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm (https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: detector on March 24, 2018, 04:43:53 PM Japanese exchange got hack eventhough they are using advance security.
How about blockchain ? If there is an opportunity for hacker to hack the blockchain, it may happen so prepare for not just keep your all crypto asset in 1 place ! Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: AdolfinWolf on March 24, 2018, 05:32:06 PM Japanese exchange got hack eventhough they are using advance security. How about blockchain ? If there is an opportunity for hacker to hack the blockchain, it may happen so prepare for not just keep your all crypto asset in 1 place ! An exchange ( which is usually a centralized asset/entity) is really not comparable to the "bitcoin" blockchain as a whole. Quote If there is an opportunity for hacker to hack the blockchain, it may happen so prepare for not just keep your all crypto asset in 1 place ! I don't see how an exchange having problems with their own security is a threat to the blockchain as a whole, you either don't understand the cryptographical proof ( or lack thereof) bitcoin private keys have, or you haven't read what this thread is about at all.. Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: akes2090 on March 25, 2018, 08:34:16 AM I think we are running off at a tangent here.
Whilst I agree that the DLT itself cannot be "hacked" we have to understand that it can be exploited: 1) Most major blockchains are open source and are developed using open source software/libraries. So although the DLT itself may be considered "secure", a vulnerability exposed by one or more of its core open source dependencies can infer that it is exploitable. A good example of this is the Heartbleed bug. 2) Possibly, the most significant are social engineering methods. We see it every day here: Someone's P.C gets infected by malware and suddenly the wallet.dat disappears or perhaps background monitoring malware replacing payment addresses, MITM attacks etc... Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: buwaytress on March 25, 2018, 11:34:58 AM I think we are running off at a tangent here. Whilst I agree that the DLT itself cannot be "hacked" we have to understand that it can be exploited: 1) Most major blockchains are open source and are developed using open source software/libraries. So although the DLT itself may be considered "secure", a vulnerability exposed by one or more of its core open source dependencies can infer that it is exploitable. A good example of this is the Heartbleed bug. 2) Possibly, the most significant are social engineering methods. We see it every day here: Someone's P.C gets infected by malware and suddenly the wallet.dat disappears or perhaps background monitoring malware replacing payment addresses, MITM attacks etc... Not sure it's off tangent, if you take the entire question at face value, all responses have been relevant. 100% does not exist. Trust in an entity is not even in the equation so yes, in that sense, you can trust the math behind Bitcoin. Social engineering is still the most efficient way to hack any security system, that much I'd agree. But even all the instances you mentioned don't expose any engineering flaw of the technology... no code was exploited, only humans were. Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: akes2090 on March 25, 2018, 02:24:31 PM I think we are running off at a tangent here. Whilst I agree that the DLT itself cannot be "hacked" we have to understand that it can be exploited: 1) Most major blockchains are open source and are developed using open source software/libraries. So although the DLT itself may be considered "secure", a vulnerability exposed by one or more of its core open source dependencies can infer that it is exploitable. A good example of this is the Heartbleed bug. 2) Possibly, the most significant are social engineering methods. We see it every day here: Someone's P.C gets infected by malware and suddenly the wallet.dat disappears or perhaps background monitoring malware replacing payment addresses, MITM attacks etc... Not sure it's off tangent, if you take the entire question at face value, all responses have been relevant. 100% does not exist. Trust in an entity is not even in the equation so yes, in that sense, you can trust the math behind Bitcoin. Social engineering is still the most efficient way to hack any security system, that much I'd agree. But even all the instances you mentioned don't expose any engineering flaw of the technology... no code was exploited, only humans were. The converse applies also: humans can only be exploited if the technology allows such to occur. Of course no system is perfect. In any case it's irrelevant now as I see the OP has changed his/her/their subject to read "...Can the bitcoin transaction be trustful?" Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: Ray55 on March 27, 2018, 05:45:30 AM No online transactions are 100% safe. It's only up to you how to maintain your account.
Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: bob123 on March 27, 2018, 11:13:26 AM No online transactions are 100% safe. It's only up to you how to maintain your account. Did you even read the thread/OP? Bitcoin doesn't have anything like 'accounts'. There are private-/public keypairs with UTXO's. The whole sense of bitcoin is to generate a trustless (financial) system. After a certain amount of confirmation a transaction can safely be considered as approved and therefore. Theoretically, of course, there is no 100% security/safety. But a transaction with 60 confirmations does have a chance of 0.18% to being 'reversed' with an attacker controlling 40%(!) of the networks hashrate. The bitcoin whitepaper includes calculations on how safe those transactions are. There is a formula and even an implemented version in C: Code: #include <math.h> and z = amount of confirmations Source: https://bitcoin.org/bitcoin.pdf (https://bitcoin.org/bitcoin.pdf) (S. 7) You can even calculate the probability here: https://people.xiph.org/~greg/attack_success.html (https://people.xiph.org/~greg/attack_success.html) Title: Re: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful? Post by: HeRetiK on March 27, 2018, 05:52:10 PM -Blockchain efficiency: For starters, the efficiency of blockchains themselves may become overloaded with complex consensus mechanisms and invalid data. Most popular consensus mechanism used in blockchain is Proof of Work, which the researchers call a "waste of computing resources.” In addition, blockchains will produce a lot of data -- block information, transaction data, contract bytecode -- that may be outdated and useless. Thus, An efficient data cleanup and detection mechanism is desired to improve the execution efficiency of blockchain systems. What they call a "waste of computing resources" is what makes blockchains secure in the first place. You want the data to be hard to compute, otherwise it would be easy to manipulate. You see something similar when hashing user passwords for your database -- using "wasteful", ie. slow hashing algorithms is part of a proper security model, since you don't want an adversary to brute force through your user's passwords all that easily in case of a data breach. -Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information. This reads like they are trying to make a case for private key generation through third party agencies. While bad RNGs have proven problematic in the past, you have no guarantuee that a third party would fare any better. If anything, leaving private key handling and signatures to "trusted institutions" has proven to be a systemic risk time and time again: http://wiki.cacert.org/Risk/History - Frequent criminal activities with Bitcoin include ransomware, underground markets and money laundering. Through some third-party trading platforms that support Bitcoin, users can buy or sell any product.Since this process is anonymous, it is hard to track user behaviors, let alone subject to legal sanctions. That one has nothing to do with blockchain security. -Transaction privacy leakage: Unfortunately, the privacy protection measures in blockchain are not very robust. Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes (e.g.,murder, arson, terrorism, etc.) Both the privacy aspect and the security of smart contracts is cryptocurrency dependent and can't be generalized. And which criminal smart contracts are facilitating murder, arson and terrorism? Has the IS been running an ICO that I missed? This point also seems weirdly at odds with the prior statement. Either "it is hard to track user behaviours" or "the privacy protection measures [...] are not very robust". It can't be both. Got a link to the paper? I assume there is more depth to their line of argument. Right now it seems rather shallow. |