Blockchain is becoming more and more common in industries worldwide, and there is a lot to know before getting started. However, once you’ve got the basics down, questions about blockchain security may start to crop up. Since millions of people can be involved in one valuable blockchain, it seems impossible to put your trust in that many strangers.
However, there is a lot of buzz about guaranteed security when using the technology. In fact, it’s one of the most attractive features of it. As we know, information added to a block is almost impossible to tamper with. This is due to the hash code that is added, which changes if the information inside the block is altered.
As simple as it sounds, you could easily stumble along the way if you don’t properly understand the intricacies of blockchain security. It is a layered subject. While some say the technology is impenetrable, there are ways around it, like the 51% attack, for example.
Understanding Blockchain Security
Blockchain security is often tied to two main ideas. Those concepts are immutability and consensus. Together, they work to ensure that the data or information stored on a blockchain is secure.
The concept of immutability can be understood as a characteristic of the technology that obstructs any alterations of transactions or inputted information after the confirmation thereof. In other words, immutability means that data inside a block cannot be changed.
On the other hand, there is consensus. This refers to the fact that, since a blockchain is a distributed ledger, all nodes on the network must agree on the validity of transactions and the state of the network in general. Usually, the consensus is achieved using something called a consensus algorithm.
How Are These Pillars Of Blockchain Security Achieved?
Cryptography plays a huge role in securing the data when making use of this technology. In particular, the use of cryptographic hash functions allows for the securing of data.
Hashing is a process in which data is input into an algorithm in order to generate an output called a hash. The hash will always be the same length or, in other words, contain the same amount of symbols, no matter the size of the input data.
What makes the process powerful, in security terms, is that if the input is altered, the output will automatically change, and will be completely different. However, if you the input remains the same, the output will too, regardless of how many times you put it through the hashing process.
This is how a blockchain is made immutable. Each block is given a hash that is used as an identifier of that specific block. In addition, the hash of each block is generated not only in relation to the data it contains but also in relation to the hash on the previous block. This is how they are connected in a “chain”.
Since the hash is generated using the data within the block, if that information is changed then the hash will change too. In turn, this means that the hash of every block that follows will need to be changed too.
This will take a large amount of time and effort, and it will have to be done before anyone adds another block, or else the alterations will be conflicting and other nodes will reject them. Thus, the blockchain is tamperproof or, rather, immutable.
Consensus algorithms also use hashing to ensure that transactions are valid. The hash generated here is proof that the miner who added the block actually did the computational work. Bitcoin’s blockchain, for example, uses a proof-of-work algorithm which utilizes a hash function called SHA-256.
Once the hash is generated, any other node can also double-check that it is correct, by inputting the same data and verifying that the output (hash) is the same. Consensus is also attained through all nodes on the network agreeing to a shared history, which of course is traceable via following the hashes.
How Else Does Cryptography Ensure Blockchain Security?
For blockchains that are centered around some sort of cryptocurrency, cryptography allows for the protection of wallets that store coins, tokens, or units of currency (or whichever term you’d prefer).
A type of cryptography, different from the type used for consensus and immutability, is used to generate private and public keys. These keys are what allow users to receive and send payments on a blockchain.
The private key is used to create a digital signature, which, in turn, authenticates the ownership, or transfer thereof, of coins. In this way, blockchain security is built upon even further, as ownership is secured too.
Is Blockchain Security 100% guaranteed?
In short, no. The theory of blockchain security sounds good, and, in the process of trying to understand the concepts, it is easy to think that this is how it will work out: one-hundred percent secure, one-hundred percent of the time. However, the implementation of theory, as with all things, is much more difficult. In fact, there are some common ways around it.
It is worthy of noting though, before we get into the ways the technology falls short, that while blockchain security is not guaranteed, getting around the security systems is no easy task.
The 51% attack is one of the most commonly cited threats to blockchain security, and particularly to Bitcoin. This threat entails a group of miners making up more than half of the mining hash rate or computing power on the network, coming together as one malicious actor.
By controlling a majority of the power, these miners would be able to influence which transactions are confirmed or rejected, or obstruct payments. In addition, they would be able to reverse transactions that are completed while they have control, which would allow them to double-spend the currency.
It is unlikely that the attack would result in new coins being created, or the total damage of currency entirely. However, it could be significantly damaging to the network and all its users.
How Does The Attack Work?
Once a transaction is put through, it falls into a group of confirmed transactions. Miners choose transactions to form a block, but in order to form the block, they need to perform hashing. Once the hash is found it is broadcasted to the rest of the miners who will verify if the transactions in the block are valid.
As the malicious actors control most of the power on the network, firstly, it is likely that they will find the hash first (as this is a process that requires a lot of computational power). This also means they would own all the rewards. Second, even if they don’t find the hash, they monopolize the ability to confirm or reject the transactions in the verification process.
Has It Happened Before?
There have been two notable instances of 51% attacks on different blockchains. In 2016, two blockchains based on ethereum, respectively called Krypton and Shift, were victims of this attack.
Two years later, Bitcoin Gold fell victim too.
How Easy Is The Attack To Perform?
The attack is quite difficult to organize and perform. As mentioned above, a malicious actor would need more than 50% of the network’s computational power.
Bitcoin, for example, has hundreds of thousands of minors. This means that the malicious actor either has to gather about half of them and get them to act in malice with him or he has to fork out loads of money to buy hardware that will allow him to exceed 50% of the power on the network. Both of these tasks (while not completely out of the realm of possibility) are extremely taxing, in one way or another.
Other Threats To Blockchain Security
Since the previously mentioned attack is quite difficult to perform, people have thought up other ways to (theoretically) cheat the system, to the detriment of blockchain security.
In a study by Cornell University computer scientists, they speak of the idea of the “selfish miner”. Without getting into the technicalities of it, this miner can trick other minders into wasting time on already solved computational puzzles, thereby gaining an unfair advantage.
Another possible threat is the “eclipse attack”. Since nodes must continuously remain in contact to compare data and information, a malicious actor who takes control of other nodes and tricks them into accepting incorrect data can fool it into wasting time and power, and into confirming fake transactions.
Where Do We Stand With Blockchain Security?
For the most part, the systems in place ensure that blockchain security is quite strong and efficient. The factors of immutability and consensus, which are fortified through the use of cryptography, allow for a, mostly, safe, and secure user experience.
However, as with all things, we should never say never. There is always the slightest possibility of a breach in security. But examples of security threats, whether real-life or theoretical, are quite difficult to put into practice. They require more power than most have access to and therefore are not a concern to most who make use of the technology.