Technology & Innovation

Is the blockchain secure?

November 11, 2016

Global

November 11, 2016

Global
Our Editors

The Economist Intelligence Unit

_____________________

A spate of blockchain-related thefts has raised questions about its viability as a platform for financial services

There is a lot to like about the blockchain technologies that form the basis of digital currencies such as Bitcoin, and smart contract platforms such as Ethereum. They are transparent, shared ledgers that simplify the process of managing and handling complex transactions which, proponents believe, have a myriad of revolutionary applications.

But as a recent spate of blockchain-related thefts has revealed, there is cause for concern about the security of the platform, which may endanger its viability as a basis for financial services.

One recent incident involved the theft of US$50m worth of Ether—the internal currency of Ethereum—from the DAO (distributed autonomous organisation), an investment engine built on top of the platform’s smart contract blockchain. A technical bug in the DAO’s smart contracts allowed an attacker to siphon off a sizable chunk of the Ether supply.

It was an attack which showed that smart contracts, like any other code, need to be tested thoroughly before being put into production. The Solidity programming language, in which Ethereum’s smart contracts are written, is based on JavaScript, which, while quick and easy to learn, makes it hard to build provable and testable code.

The only real fix for this issue would be to use another language as the basis of Solidity. One suggestion is to move to functional languages such as Haskell and F#, whose mathematical basis makes them much more secure than other languages, and easier to test.

Meanwhile, there are structural concerns about the Bitcoin blockchain regarding its mechanism to prevent “double spending”. When a Bitcoin is spent, the blockchain compares it against all previous transactions to ensure that the user has the right to spend it—ie, that it hasn’t been spent already and that it doesn’t belong to someone else. If a user tries to spend the same Bitcoin twice, the blockchain will typically assume that the instance of the currency unit with a longer transaction history is the legitimate one.

This system can be cheated, however. A user can initiate a transaction—buying an airline ticket with a Bitcoin, for example. The airline might receive the Bitcoin and issue the ticket straight away. However, in the time it takes to validate the transaction, the user can also move the same Bitcoin between private wallets they own, thereby giving that instance a longer transaction history. When the blockchain tries to reconcile this “double spending”, it will judge in favour of the instance that the user has between their private wallets, thereby invalidating the one received by the airline.

This approach to double spending requires a degree of processing power that is limited to only the largest Bitcoin mining pools, which have a vested interest in making sure Bitcoin is a reliable currency. However, they are operated by human beings, who often prove to be the weak link in any security system.

One string of Bitcoin thefts occurred when an attacker exploited lax security practices at an exchange (where users can buy and sell Bitcoin for conventional currency) to access its systems. If the blockchain is to be trusted, then companies which operate key infrastructure components must have similar security processes and models as banks and other securities-trading businesses.

Blockchain enthusiasts claim that it will one day be a load-bearing component of the global financial system. If that is to be the case, it will need to adopt many of the trappings of the financial sector. It is essential, for example, that software used to build blockchain applications is as trustworthy as the underlying cryptographic safeguards. And organisations which provide blockchain-related services must acquire the maturity and professionalism expected of the financial sector.

Because while people are excited to back a revolutionary, they will not entrust their money to a pirate.

Do you think the blockchain is a viable platform for the financial services of the future? How can the security concerns be addressed? Join the conversation on the , sponsored by Dassault Systemes. 

Sponsored By
 

Enjoy in-depth insights and expert analysis - subscribe to our Perspectives newsletter, delivered every week