Information security in private blockchains

Dr Gideon Greenspan, Founder and CEO

Overview

•  Blockchain databases •  Internal risks •  External risks •  Mitigation strategies •  Summary

Centralized databases

Client Server

Client

Request

Blockchain databases

Node

Node

Node

Node Transaction

Block

Blockchain databases

Node

Node

Node

Node Transaction

Block

Blockchain

Consensus created by validator nodes

Ledgers in regular databases

Account number Balance

04823872 £ 229.94

20956298 £ 431.05

38103749 £ 183.67

Ledgers in blockchains

Public key hash Balance

13B9cMd5Ch9fu6qU494gHTfAPFQfq3ZSGx £ 229.94

1FRZvSBc1cRFbmwbzNhhaQTyRJXRujN2Sq £ 431.05

1HDxhfeoSQmVNzTnZRLe2Z6nJ1LLAuGWpa £ 183.67

Ledgers in blockchains

Public key hash Balance

13B9cMd5Ch9fu6qU4 94gHTfAPFQfq3ZSGx £ 229.94

1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 146.83

1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 284.22

Multiple entries for one account ⇒ concurrent distributed transactions

Internal risks: regular node

•  What can a bad regular node do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ⤫  Censor transactions

•  Why are we so confident? ü  7 years of bitcoin history

Internal risks: validator node

•  What can a bad validator node do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ⤫  Censor transactions ü  Delay transaction confirmation ü  Resolve conflicts with bias

Internal risks: validator majority

•  What can a bad validator majority do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ü  Censor transactions ü  Delay transaction confirmation ü  Resolve conflicts with bias

External risks: network violation

⤫  Denial of service – Peer-to-peer resilience

⤫  Wiretapping – Handshaking with digital signatures –  Extend to encrypted communication

⤫  Spoofing / Man-in-the-middle –  Impossible without key compromise – Transaction source irrelevant anyway

External risks: host violation

Blockchain node

Centralized client

Centralized server

Read mine ✓︎ ✓ ✓︎︎ Read all ✓ ✕ ✓︎

Write mine ✓ ✓ ✓ Write all ✕ ✕ ✓

Mitigation: Cold storage

•  Offline “cold” private key (air gapped) – Most funds stored in cold address – Refill “hot” address as necessary

http

://b

itco

inga

rden

.tk/

trez

or-t

he-

hard

war

e-bi

tcoi

n-w

alle

t/

Mitigation: Multisignature

•  Lock funds under n different keys – Stored on different nodes/devices

•  Require m of those keys to spend – Special type of ledger entry

•  Variations: – 1 of 2 for key loss – 2 of 2 for host security – 2 of 3 for escrow

Blockchain security: summary

Confidentiality ▼

Integrity ▲

Availability ▲

*

* Watch: zero-knowledge proofs