DARPA released a study this week that challenges assumptions about the security of distributed ledgers (blockchains), as well as bitcoin. The report, titled “Is Blockchain Decentralized?” , highlights some of the major weaknesses that could jeopardize the supposed “decentralization” ethics of blockchain technology. He points to a handful of “unintended centralization” that can concentrate the power of the blockchain in the hands of a few select individuals or groups.
According to proponents of digital assets, one of the great advantages of cryptocurrencies over other financial systems is that no single company, central bank, or government controls them. The crowd at the recent Bitcoin 2022 conference in Miami, Florida, USA also chanted all about “freedom.” Due to its design, the system is supposed to be immune to government interference. But according to researchers who worked on a report commissioned by DARPA (Defence Advanced Research Projects Agency), a decentralized system is not working as it is supposed to.
The report was compiled by software security research firm Trail of Bits. It specifically highlights a few “unintended centralizations” that the authors believe could concentrate the power of the blockchain in the hands of a select few individuals or groups. By delving into the Bitcoin blockchain, researchers have discovered that this unintended centralization ranges from powerful new miners of cryptocurrency, to old computers vulnerable to attack, to a host of Internet service providers tasked with processing bitcoin traffic.
“Blockchain has been recognized as immutable and decentralized, because the community says so,” said Dan Guido, CEO of Trail of Bits. According to Guido, the power of cryptocurrencies is concentrated in the hands of the people or organizations that own a large part of the pie. Rather than exploring attacks that target cryptographic vulnerabilities, the study focuses on methods that can undermine the “implementation, networking, or consensus protocol” properties of the blockchain.
The Trail of Bits defines “involuntary centralization” as the circumstances in which an entity has influence over a so-called decentralized system, which can give it the ability to alter ownership records. The report also notes that three ISPs handle 60% of all Bitcoin traffic. A blockchain network can be disrupted if a telecom regulator, hacker, or someone else with a stranglehold on an ISP slows down or interrupts bitcoin traffic. Guido thinks this is like any other capitalist system.
Let’s imagine that a person who has a lot of control over the Internet in his country starts interfering with this network. By slowing down or interrupting legitimate blockchain traffic, an attacker can become the voice of the majority in the consensus of what is written on the blockchain at that time. They can rewrite history. They can monitor transactions. They can cause you to not be able to spend your bitcoins. Guido explains that it’s definitely something people want to do if they want to “grieve” the network. The idea of this type of attack is not new.
There are also alleged vulnerabilities in the Bitcoin network itself. The report reveals that 21% of nodes are using an old weak version of the core bitcoin client. These systems may be the target of a cybercriminal looking to gain control of the majority of the blockchain network, although this seems relatively unlikely given the size of the Bitcoin network. According to the researchers, this means that all of these computers are open to the same type of hack – an important first step for an attacker trying to gain control of the blockchain network, sometimes called a “51% attack.”
So far, the risks described in the report do not appear to be a major concern for the cryptocurrency industry. “We believe the risks inherent in blockchain and cryptocurrency have been mischaracterized and often overlooked – even derided – by those looking to cash in on the gold rush of this decade,” the authors said in a statement. Coinbase and other major crypto companies will not comment on the report, but Jan Pritzker, co-founder of a bitcoin company called Swan, said he views the risks as a “theory.”
If this kind of attack was possible, why didn’t it happen? I think the evidence is kind of in the pudding. “Under real conditions, these things don’t happen,” Pritzker said. However, he agrees with the report on this point: there is more centralization in some of the new forms of cryptocurrency, especially those based on a system called “Proof of Stake,” which uses less computing power. He is more confident in the resilience of Bitcoin, as a power-intensive “proof-of-work” blockchain will require a lot of computational power to corrupt.
Additionally, Pritzker noted that this research was commissioned by a government agency. They are basically doing endgame research. Their game is “how do we get better control over money,” and “how do we build better systems for our control over money,” he says of reports like these. According to DARPA unit project manager Josh Barron, some of the results are “amazing.” However, Christian Catalini, founder of the MIT Cryptoeconomics lab, considered the report useful, but not too alarming.
He said that some of the concerns I think are valid, but perhaps the risk to the broader ecosystem is a bit exaggerated, noting that it is important to keep in mind that cryptocurrency systems are not completely independent. Some of these situations discussed in the report are theoretical, but they highlight some of the shortcomings of the blockchain. However, there have been some clear examples of centralization affecting certain parts of the ecosystem.
It was recently reported that lending platform Solend (based on the blockchain-based Solana) attempted to take control of its largest account, as it believed that the operator could have a significant impact on market movements. Solend plans to temporarily take control of the investor “whale” account in order to “safely” liquidate his position and avoid possible disruptions. A proposal to allow the platform to carry out this controversial operation (Solind calls herself a “decentralized protocol,” after all) was adopted on Sunday.
However, Solend users voted on another motion to overturn the first, with a positive vote of 99.8%. It turns out that the account holder in question got more than 1 million votes out of a total of 1.48 million. Solend is trying another way to liquidate an investor’s position, but at the moment the power of the platform appears to be central to this account holder’s favour.
Source: Study Report (PDF)
What do you think about the matter?
What do you think of the conclusions of the DARPA report?
Do you think the report’s conclusions reflect reality?
Blockchain, cybersecurity, cloud, machine learning, and DevOps are among the most in-demand tech skills in 2022, according to a Comptia report.
Cryptocurrency investment products and funds saw net outflows totaling $207 million in the first week of 2022, according to CoinShares.
Web 3.0 and the future of coding: Developers submit their ideas in a survey
Is blockchain dangerous bullshit? Nicholas Lenz Analysis