Bitcoin Forum
October 23, 2019, 07:33:58 PM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Is blockchain 100 percent safe? Can the bitcoin transaction be trustful?  (Read 192 times)
FuninUSA
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
March 23, 2018, 07:16:02 AM
 #1

Some people say, blockchain technology ensures the safer way of transaction and may, at last, replace the current bank systems. Their opinions are based on the idea that, blockchain assigns transactions or smart contracts to an immutable ledger, verifiable by multiple parties.

However, recently, several Chinese students published a paper calling out some vulnerabilities that may subject blockchain entries to inefficiencies, hacking and other criminal activity. I'm worried that the immature blockchain technology will negatively influence my invest in bitcoin.  Undecided

The key known risk factors are listed below:

-Blockchain efficiency: For starters, the efficiency of blockchains themselves may become overloaded with complex consensus mechanisms and invalid data. Most popular consensus mechanism used in blockchain is Proof of Work, which the researchers call a "waste of computing resources.” In addition, blockchains will produce a lot of data -- block information, transaction data, contract bytecode -- that may be outdated and useless. Thus, An efficient data cleanup and detection mechanism is desired to improve the execution efficiency of blockchain systems.

-Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information.

- Frequent criminal activities with Bitcoin include ransomware, underground markets and money laundering. Through some third-party trading platforms that support Bitcoin, users can buy or sell any product.Since this process is anonymous, it is hard to track user behaviors, let alone subject to legal sanctions.

-Transaction privacy leakage: Unfortunately, the privacy protection measures in blockchain are not very robust. Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes (e.g.,murder, arson, terrorism, etc.)

These are all important factors which should be included when considering to join the blockchain and cryptocurrency investment. ( the full 9 risk factors can be seen in FuninUSA)

The technology of blockchain is still very immature at this moment. I wonder, if these problems could finally be solved. Will bitcoin gradually accepted by the majority of people and be used as a method of payment? Also, once the blockchain technology is mature enough, will the bitcoin disappear? Hoping to hear your idea!  Wink

[ps:students are Xiaoqi Li, Peng Jiang and Xiapu Luo (all with Hong Kong Polytechnic University), Ting Chen (University of Electronic Science and Technology of China), and Qiaoyan Wen (Beijing University)]
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571859238
Hero Member
*
Offline Offline

Posts: 1571859238

View Profile Personal Message (Offline)

Ignore
1571859238
Reply with quote  #2

1571859238
Report to moderator
1571859238
Hero Member
*
Offline Offline

Posts: 1571859238

View Profile Personal Message (Offline)

Ignore
1571859238
Reply with quote  #2

1571859238
Report to moderator
akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 23, 2018, 07:43:48 AM
Merited by suchmoon (1), buwaytress (1)
 #2

To answer your question: blockchains are safe - but not 100% safe.

Examples to substantiate this are:
1. A poorly coded smart contract that is not audited.
2. Consensus algorithms (PoS, PoE, BZF etc...) which have the potential of being manipulated.
3. The current battle between DLT security v.s. quantum computing.

Everything that is made by man can be broken by man (given sufficient time and resources).
Having made such an assertion though - I would also say that based on the advanced foundation of cryptography, it does eliminate a large percentage of hackers who do not have sufficient knowledge.


buwaytress
Legendary
*
Offline Offline

Activity: 1148
Merit: 1019


https://bitcoin.watfordfc.com


View Profile
March 23, 2018, 09:18:34 AM
 #3

To answer your question: blockchains are safe - but not 100% safe.

Examples to substantiate this are:
1. A poorly coded smart contract that is not audited.
2. Consensus algorithms (PoS, PoE, BZF etc...) which have the potential of being manipulated.
3. The current battle between DLT security v.s. quantum computing.

Everything that is made by man can be broken by man (given sufficient time and resources).
Having made such an assertion though - I would also say that based on the advanced foundation of cryptography, it does eliminate a large percentage of hackers who do not have sufficient knowledge.

I like that quote, not sure who said it, but yes, given sufficient time and resources, I believe that any task can be completed, any solution found. Asimov's "The Last Question" illustrates that perfectly, I think.

And it is this belief that means nothing is 100% safe. But it is also this belief that means that for the current and foreseaable time, Bitcoin is virtually safe to use, as no one will have or want to spend the time and resources to "break Bitcoin". It's not impossible, just thoroughly unfeasible.

chocolaty
Member
**
Offline Offline

Activity: 294
Merit: 14


View Profile
March 24, 2018, 10:50:01 AM
 #4


Everything that is made by man can be broken by man (given sufficient time and resources).
Having made such an assertion though - I would also say that based on the advanced foundation of cryptography, it does eliminate a large percentage of hackers who do not have sufficient knowledge.


I definitely agree to this. Blockchain is man-made. Human cannot make anything 100% perfect, with no errors and undestructible. Blockchain only helps in reducing the number of mediocre hackers which leaves the veteran hackers. They are the one that can suffice the hacking of blockchains.


AdolfinWolf
Legendary
*
Offline Offline

Activity: 1204
Merit: 1066


people run from rain but sit in bathtubs of water


View Profile
March 24, 2018, 12:56:14 PM
 #5

Blockchain only helps in reducing the number of mediocre hackers which leaves the veteran hackers. They are the one that can suffice the hacking of blockchains.


*sigh*, how exactly would you hack a distributed/decentralized ledger?

The best you can probably do is either try to crack people's private keys, ( which is currently, unless you have some sort of quantum computer, impossible), or you could "stop" the blockchain from functioning correctly with a 51% attack, which costs alot of money rather than "hacking" skills.

I'm curious, In what way could the current chain be "hacked"?

iram1011
Hero Member
*****
Offline Offline

Activity: 896
Merit: 521



View Profile
March 24, 2018, 01:34:09 PM
 #6


-Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information.
Many security experts wonder if SHA-256, which contains the same mathematical weaknesses as its shorter, very much related SHA-1 precedent, is a concern for bitcoin and blockchain (both usually use SHA-256). The answer is not right now. SHA-256 is strong enough for the foreseeable future. More importantly, since most of the world’s financial transactions and HTTPS transactions are protected by SHA-256, when someone breaks it, we’ll have far bigger things to worry about than just bitcoin and blockchains.
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
March 24, 2018, 01:56:47 PM
 #7


-Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information.
Many security experts wonder if SHA-256, which contains the same mathematical weaknesses as its shorter, very much related SHA-1 precedent, is a concern for bitcoin and blockchain (both usually use SHA-256). The answer is not right now. SHA-256 is strong enough for the foreseeable future. More importantly, since most of the world’s financial transactions and HTTPS transactions are protected by SHA-256, when someone breaks it, we’ll have far bigger things to worry about than just bitcoin and blockchains.

The 'security' of private keys is not only dependent on the hash function used.
The algorithm used to generate the public key from the private key is the ECDSA [1].

Nonetheless both, SHA-256 and ECDSA, are regarded as safe to use.

Up to today there hasn't been found a single SHA-256 collision.


[1] https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1806
Merit: 2057

Use SegWit and enjoy lower fees.


View Profile WWW
March 24, 2018, 04:39:44 PM
 #8

Blockchain only helps in reducing the number of mediocre hackers which leaves the veteran hackers. They are the one that can suffice the hacking of blockchains.


*sigh*, how exactly would you hack a distributed/decentralized ledger?

The best you can probably do is either try to crack people's private keys, ( which is currently, unless you have some sort of quantum computer, impossible), or you could "stop" the blockchain from functioning correctly with a 51% attack, which costs alot of money rather than "hacking" skills.

I'm curious, In what way could the current chain be "hacked"?


While the chance is small, it's possible if the full nodes software have backdoor or buggy and the hacker (or scam developer) use it to manipulate network and change it's protocol for their advantage.
And like what other's mentioned, poor Consensus algorithms can be used to manipulate network, especially for small coin.

detector
Full Member
***
Offline Offline

Activity: 486
Merit: 124




View Profile
March 24, 2018, 04:43:53 PM
 #9

Japanese exchange got hack eventhough they are using advance security.

How about blockchain ?
If there is an opportunity for hacker to hack the blockchain, it may happen so prepare for not just keep your all crypto asset in 1 place !
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1204
Merit: 1066


people run from rain but sit in bathtubs of water


View Profile
March 24, 2018, 05:32:06 PM
 #10

Japanese exchange got hack eventhough they are using advance security.

How about blockchain ?
If there is an opportunity for hacker to hack the blockchain, it may happen so prepare for not just keep your all crypto asset in 1 place !

An exchange ( which is usually a centralized asset/entity) is really not comparable to the "bitcoin" blockchain as a whole.

Quote
If there is an opportunity for hacker to hack the blockchain, it may happen so prepare for not just keep your all crypto asset in 1 place !

I don't see how an exchange having problems with their own security is a threat to the blockchain as a whole, you either don't understand the cryptographical proof ( or lack thereof) bitcoin private keys have,  or you haven't read what this thread is about at all..

akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 25, 2018, 08:34:16 AM
 #11

I think we are running off at a tangent here.

Whilst I agree that the DLT itself cannot be "hacked" we have to understand that it can be exploited:

1) Most major blockchains are open source and are developed using open source software/libraries. So although the DLT itself may be considered "secure", a vulnerability exposed by one or more of its core open source dependencies can infer that it is exploitable. A good example of this is the Heartbleed bug.

2) Possibly, the most significant are social engineering methods. We see it every day here: Someone's P.C gets infected by malware and suddenly the wallet.dat disappears or perhaps background monitoring malware replacing  payment addresses, MITM attacks etc...     
buwaytress
Legendary
*
Offline Offline

Activity: 1148
Merit: 1019


https://bitcoin.watfordfc.com


View Profile
March 25, 2018, 11:34:58 AM
 #12

I think we are running off at a tangent here.

Whilst I agree that the DLT itself cannot be "hacked" we have to understand that it can be exploited:

1) Most major blockchains are open source and are developed using open source software/libraries. So although the DLT itself may be considered "secure", a vulnerability exposed by one or more of its core open source dependencies can infer that it is exploitable. A good example of this is the Heartbleed bug.

2) Possibly, the most significant are social engineering methods. We see it every day here: Someone's P.C gets infected by malware and suddenly the wallet.dat disappears or perhaps background monitoring malware replacing  payment addresses, MITM attacks etc...     

Not sure it's off tangent, if you take the entire question at face value, all responses have been relevant. 100% does not exist. Trust in an entity is not even in the equation so yes, in that sense, you can trust the math behind Bitcoin.

Social engineering is still the most efficient way to hack any security system, that much I'd agree. But even all the instances you mentioned don't expose any engineering flaw of the technology... no code was exploited, only humans were.

akes2090
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
March 25, 2018, 02:24:31 PM
 #13

I think we are running off at a tangent here.

Whilst I agree that the DLT itself cannot be "hacked" we have to understand that it can be exploited:

1) Most major blockchains are open source and are developed using open source software/libraries. So although the DLT itself may be considered "secure", a vulnerability exposed by one or more of its core open source dependencies can infer that it is exploitable. A good example of this is the Heartbleed bug.

2) Possibly, the most significant are social engineering methods. We see it every day here: Someone's P.C gets infected by malware and suddenly the wallet.dat disappears or perhaps background monitoring malware replacing  payment addresses, MITM attacks etc...     

Not sure it's off tangent, if you take the entire question at face value, all responses have been relevant. 100% does not exist. Trust in an entity is not even in the equation so yes, in that sense, you can trust the math behind Bitcoin.

Social engineering is still the most efficient way to hack any security system, that much I'd agree. But even all the instances you mentioned don't expose any engineering flaw of the technology... no code was exploited, only humans were.

The converse applies also: humans can only be exploited if the technology allows such to occur. Of course no system is perfect.

In any case it's irrelevant now as I see the OP has changed his/her/their subject to read "...Can the bitcoin transaction be trustful?"
Ray55
Jr. Member
*
Offline Offline

Activity: 162
Merit: 3

Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile
March 27, 2018, 05:45:30 AM
 #14

No online  transactions are 100% safe. It's only up to you how to maintain your  account.

◣   Stake.com   ◥
«  Stake 2 - Play Smarter  »
12+ Gamemodes  |  Provably Fair  |   Daily Giveaways
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
March 27, 2018, 11:13:26 AM
 #15

No online  transactions are 100% safe. It's only up to you how to maintain your  account.

Did you even read the thread/OP?

Bitcoin doesn't have anything like 'accounts'.
There are private-/public keypairs with UTXO's.

The whole sense of bitcoin is to generate a trustless (financial) system.
After a certain amount of confirmation a transaction can safely be considered as approved and therefore.
Theoretically, of course, there is no 100% security/safety. But a transaction with 60 confirmations does have a chance of 0.18% to being 'reversed' with an attacker controlling 40%(!) of the networks hashrate.

The bitcoin whitepaper includes calculations on how safe those transactions are. There is a formula and even an implemented version in C:

Code:
#include <math.h>
double AttackerSuccessProbability(double q, int z)
{
    double p = 1.0 - q;
    double lambda = z * (q / p);
    double sum = 1.0;
    int i, k;
    for (k = 0; k <= z; k++)
    {
        double poisson = exp(-lambda);
        for (i = 1; i <= k; i++)
            poisson *= lambda / i;
        sum -= poisson * (1 - pow(q / p, z - k));
    }
    return sum;
}
with q = hashrate of attacker in %
and z = amount of confirmations

Source: https://bitcoin.org/bitcoin.pdf (S. 7)

You can even calculate the probability here: https://people.xiph.org/~greg/attack_success.html

HeRetiK
Legendary
*
Offline Offline

Activity: 1274
Merit: 1129


the forkings will continue until morale improves


View Profile
March 27, 2018, 05:52:10 PM
 #16

-Blockchain efficiency: For starters, the efficiency of blockchains themselves may become overloaded with complex consensus mechanisms and invalid data. Most popular consensus mechanism used in blockchain is Proof of Work, which the researchers call a "waste of computing resources.” In addition, blockchains will produce a lot of data -- block information, transaction data, contract bytecode -- that may be outdated and useless. Thus, An efficient data cleanup and detection mechanism is desired to improve the execution efficiency of blockchain systems.

What they call a "waste of computing resources" is what makes blockchains secure in the first place. You want the data to be hard to compute, otherwise it would be easy to manipulate.

You see something similar when hashing user passwords for your database -- using "wasteful", ie. slow hashing algorithms is part of a proper security model, since you don't want an adversary to brute force through your user's passwords all that easily in case of a data breach.


-Private key security: The user's private key is regarded as the identity and security credential when using blockchain. It’s generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information.

This reads like they are trying to make a case for private key generation through third party agencies. While bad RNGs have proven problematic in the past, you have no guarantuee that a third party would fare any better.

If anything, leaving private key handling and signatures to "trusted institutions" has proven to be a systemic risk time and time again:

http://wiki.cacert.org/Risk/History


- Frequent criminal activities with Bitcoin include ransomware, underground markets and money laundering. Through some third-party trading platforms that support Bitcoin, users can buy or sell any product.Since this process is anonymous, it is hard to track user behaviors, let alone subject to legal sanctions.

That one has nothing to do with blockchain security.


-Transaction privacy leakage: Unfortunately, the privacy protection measures in blockchain are not very robust. Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes (e.g.,murder, arson, terrorism, etc.)

Both the privacy aspect and the security of smart contracts is cryptocurrency dependent and can't be generalized.

And which criminal smart contracts are facilitating murder, arson and terrorism? Has the IS been running an ICO that I missed?

This point also seems weirdly at odds with the prior statement. Either "it is hard to track user behaviours" or "the privacy protection measures [...] are not very robust". It can't be both.


Got a link to the paper? I assume there is more depth to their line of argument. Right now it seems rather shallow.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!