In just a few short years, Bitcoin, the innovative cryptocurrency underpinned by Blockchain technology, has earned broad legitimacy and won plaudits from many top technologists, investors, and even bankers.
With the concept now proven, attention has shifted to the technology behind Bitcoin in the hope that it might help to solve more problems than digital currency. Blockchain technology provides a very promising basis for all kinds of trusted transaction systems for people who want to trade without the need for absolute trust in each other, or a central broker.
However, with all things security the devil is in the details, and as the details of Bitcoin are stripped away, so the devil of security problems emerges. The very nature of Bitcoin – its scale, its openness – are fundamental to its professed security properties. If we change those details, we have to replace the security that the system has lost. We can’t simply re-hash the technology for whatever desired means without making the appropriate changes.
Even still, Bitcoin security is not perfect. Although the protocol and system are theoretically very robust, over £600m worth of Bitcoin has either been lost or stolen since its creation. Many of these losses have emerged from weak security practices, including poor management and protection of the keys that quite literally translate to cash.
Part of the problem here is that one of the fundamental tenets of Bitcoin security relies on the wallet private key remaining secure and under the sole control of the wallet owner, and the average consumer is not really well set up to do their own cryptographic key management. So participation was limited…
…until cloud wallets came along. Cloud wallets provide a level of user experience over and above just Bitcoin, providing the expected features like simple password recovery and backup whilst ensuring that standard users don’t have to deal with private keys or the hassle of cryptographic key management. Which is great, but at this point control of individual wallets moves outside the direct control of end-users, and ceases to be highly distributed. Instead, it is placed in a cloud service or 3rd-party website where Bitcoin transactions are undertaken on behalf of the real user.
Load up too much value in one place and it becomes a target for attack, so enlightened companies (like Gem, a bright innovator in the Bitcoin ecosystem) have recognised the need to bolster the security of the cloud platform to make up for that increased risk. Critically, despite no alterations being made to any of the core technology, this deployment pattern does subtly change the security assumptions of the system at large, and requires securing with things like Hardware Security Modules (HSM) for wallet management and encryption for customer databases.
Gem did some impressive stuff using our unique programmable nShield HSM capabilities to create a custom, fully-Bitcoin-ready HSM for cloud wallets (and now a broader platform), but what happens if you deviate further from the ‘pure’ Bitcoin model in pursuit of a Blockchain use case? What if you move to a private ledger or do away with the famous Proof of Work consensus mechanism? How far do you have to go then to maintain whole system security?
Private, permissioned ledgers offer great potential for non-coin use cases to enjoy the benefits of Blockchain technology but all of these twist the security and trust model in subtle ways: small groups with selective disclosure requirements might want to enjoy the transparency properties of Blockchain to keep their members honest, but not want the total global transparency upon which Bitcoin relies; others may want performance or capacity improvements over what Bitcoin or Ethereum can offer; many use cases need to keep actual business data or objects confidential, keeping them in a shadow database and only including pointers or hashes in the ledger.
All of these changes challenge the standard mantra that security is inherent in the chain, and require additional safeguards. The details are legion – system security is complex, after all – but luckily a lot of the issues boil down to the issue of correctly managing and using cryptographic keys: something we have good experience of.
Even when the ledger itself is completely tamper-proof, there’s still a need for the participants to defend their keys resolutely.
Think about it for a moment. If we construct a belief that “if it’s on the chain then it’s true”, then the risks of false claims being accepted and pushed to the ledger can be quite significant and impossible to repudiate. Better keep your cryptographic identity safe!
The potential for Blockchain technology – as just a part of the modern application technology stack – to bring efficient trustworthy transactions to the connected world is great…so long as we develop the security understanding at the same time.
We’ve been making improvements in our core products and working on open source projects to make the dream of secure Blockchain deployments a reality for more people. We’ve done some pretty interesting stuff: look out for a more in-depth blog on that topic soon!