Blockchains Vulnerable To Tampering, a DARPA Analysis Finds

A new report finds that blockchain systems might not be working as well as many crypto enthusiasts assume. From a report: The report was commissioned by the Defense Advanced Research Projects Agency, or DARPA, and the work was done by the software security research company Trail of Bits. Trail of Bits CEO Dan Guido says blockchain -- the public ledgers that keep track of cryptocurrencies, which are replicated on computers around the world -- isn't the egalitarian tech its advocates claim. "It's been taken for granted that the blockchain is immutable and decentralized, because the community says so," says Guido. But in practice, he says, these networks have evolved in ways that concentrate power in the hands of certain people or companies, including the large pools of "miners" whose computers earn virtual currency by maintaining the blockchains.

Guido's team calls these potential situations "unintended centralities" -- situations in which someone gains leverage over the decentralized system, creating opportunities for tampering with the record of who owns what. Another example in the report of this kind of concentration is the fact that 60% of Bitcoin traffic is handled by just three internet service providers. "Let's say somebody with great top-down control of the internet in their country starts to interfere with that network," Guido says. By slowing down or stopping legitimate blockchain traffic, an attacker could become the "majority" voice in the consensus of what's written to a blockchain at that moment. "They can rewrite history. They can censor transactions. They can make it so that you can't spend your Bitcoin," says Guido. "It's definitely something people would want to do if they want to 'grief' the network."

Uh yeah no shit

[muh_freeze_peach]

Has DARPA just been reading the news or...

DARPA spent some pocket money

[Editorial Failure]

Reading the report [website-files.com] or at least its key findings where it lists a few "sources of centralisation" is more useful to read that than anything msmash presents us with.

Re:DARPA spent some GOP

[Anonymous Coward]

So, you've picked up your brand new REPUBLICAN, eager to get it working, but you just aren't sure what to do with it! Well never fear, the REPUBLICAN Manual is here! In this manual, you will learn many handy tips, from how to fill your REPUBLICAN's noggin' with bleak, empty promises of reward, to how to thoroughly discipline your REPUBLICAN when he decides to steal a watermelon from your watermelon patch! If handled properly, your REPUBLICAN will give years of valuable, if reluctant, service. In just fiftee

Re: DARPA spent some GOP

[LindleyF]

Too disturbing to be funny, but....the sheer EFFORT is impressive.

Re:

[whitroth]

STFU. You have no interest in the story, only in bashing msmash. Don't you ever get tired of this sophomoric idiocy?

Re:

[znrt]

maybe you do not understand the job description. a good summary and a low noise link would immediately expose this story as what it is: inane non-news triviality of zero interest and value. a good /. editor needs to obfuscate this to create mystery and confusion so all the little fish in the pond actually go after the bait and click, click, click ...

Re:

[bill_mcgonigle]

Somebody got a huge grant to paraphrase Satoshi's whitepaper. I'm jealous I guess.

Duh

[gweihir]

This was pretty clear from the every beginning to anybody with a clue that actually bothered to think about it. The low transaction rate is the first killer. The immutability of any blockchain is only assured under certain conditions that are nowhere assured. The various secondary crapcoins are even worse.

Add that the whole thing is hot air and any stronger gust of wind can blow the whole house of cards over. We may already have seen this happening with several exchanges currently holding their customers hostage.

Re:Duh

[jacks smirking reven]

Yup yup because as soon as people started putting "real" money into Bitcoin it ceased being about any lofty goals such as ethics on monetary policy, or financial systems or actually making a compelling product people would like to use. Now that people have their money tied into the protocol the code itself is cornered from doing anything actually interesting or shaking the boat.

Even ETH's proof of stake is entirely predicated on the idea that the people who already control the largest shares of the network will continue to be able to hold onto it, otherwise it would never happen.

Whenever people bring up all the shit they've piled on top of Bitcoin and crypto to mask it's problems (like Lightning) it's all a distraction away from the fact that Bitcoin can't actually be the thing it purports to be because people don't want to lose their money. It's only about the money, and that money they're so concerned about ain't actually Bitcoins.

Re:

[gweihir]

Yeah, pretty much.

Re:

[farble1670]

Now that people have their money tied into the protocol the code itself is cornered from doing anything actually interesting or shaking the boat.

The protocol hasn't changed. It can't, or it won't be bitcoin anymore it'll be something else. Changing it would break the entire system.

BTC is a financial / monetary system. That's the only reason it has traction. It never was anything else.

Re:

[jacks smirking reven]

A little honesty is all I am really asking for here. Where people decide to put their money, up to them, what I think most people why dunk on crypto like myself don't appreciate is the constant claims that it is anything else, that it is about ethics, that it's about "upending fiat" and "freedom in transactions" etcetera, etcetera. Just like when people said NFT's were all about

If someone just said Bitcoin is "this digital token you can essentially place bets on whether it will increase in value" I would

Re:

[reanjr]

Banks have the even slower clearing rates than Bitcoin. It's just hidden from you because your bank operates its own private records that can be updated immediately. Exactly like Lightning.

Re:

[dowhileor]

Banks are very regulated though. And they exist to actually help define the value of a currency so there is a small surface where "everyone" can influence the "blockchain". Loans to individuals is a small part of the banking system and is almost like a UI concession. It WAS predicted that actual banks were to stop providing that service since it was not their main function.

Re:

[gweihir]

Banks have the even slower clearing rates than Bitcoin. It's just hidden from you because your bank operates its own private records that can be updated immediately. Exactly like Lightning.

Quite, quite wrong. The domestic interbank (!) clearing rate of a small western country (say, 10M population) is typically already higher than what the whole, global BC network can do. And usually nothing is at its limits there it is just that more is not needed. The intra-bank rate of a larger bank is even higher. Also, any clearing in a bank goes into revision-proof storage. Except that one is _fast_, unlike the dog-slow global blockchain.

Yes, I know you crapcoin fans like direct lies, but can you at leas

last guy to defent bitcoin

[DarkOx]

I am a huge crypto currency skeptic. However block chains for tracking of certain types of assets may be very useful.

That attack described in the summary though seems pretty suspect. Okay so your a dictator with the type of autocracy that lets you grab they guys operating mining in your country off the street and make them do things via rubber hose, or some other method. - Granted

Some of them are whales and control say %30 percent of the capacity between them! - Granted

Ok - so now you have taken 30% of th

Re:last guy to defent bitcoin

[splutty]

The 51% method has always been an option and an issue. If say, Lawrence Livermore wanted to do an attack on Bitcoin, they could most likely easily do so with just the computers they already have (of course that would mean they'd have to be repurposed for a while).

It's never been impossible. A lot of crypto adherents just don't think it will ever happen, despite the fact it already happened a few times, just not with something as large as Bitcoin or ETH.

If you cut out 30% of 'valid' authenticators, you need less of your own to make sure you can fork the blockchain.

Re:

[DarkOx]

If you cut out 30% of 'valid' authenticators, you need less of your own to make sure you can fork the blockchain.

That makes sense. I was imagining the attack was to seize control of the legitimate authenticatiors within your reach. You're correct though simply offlining them means you would require less compute of your own to take over the system. Still for the widely used chains it supposes you have a 'Lawrence Livermore' to bring to bear and that still means a pretty small number of threat actors.

Re:

[splutty]

Yep. But to be fair if you have the ability to influence network routing on that level, you're already a state level actor to begin with.

Re:

[Dracos]

Every Cloud services provider and backbone ISP wants you to keep thinking that.

Re:

[splutty]

They are literally at this point state level actors. :)

Re:

[Narcocide]

Yea, not really. I see what you're getting at, because they're infrastructural gatekeepers, but people don't think of them like that because they aren't, legally, and pretending they are doesn't really sufficiently warn people that it's much worse than that because in reality any disgruntled lowest-paid worker there can audit and steal everything you have, leaving no evidence and no recourse.

Re:

[bugs2squash]

How long do you need that amount of computing power though, maybe AWS and Azure and GCN between them can sell you enough computing horsepower for an hour to get the job done. Once the fork is made, your changes are baked in, right ? Then you can let the other players come back online and resume legitimizing your own version of history.

Re:

[N1AK]

But to what end, the examples you know of show that people doing something like this can be seen. You think if the CCP decided to do this it wouldn't be noticed, and if it is noticed what have they achieved? They've harmed the credibility of the blockchain, but the blockchain would invariably revert to before the manipulation and you'd see more focus on developing networks that can resist state actors and/or where the cost of such manipulation is higher. I'm not sure anyone has shown a way to do something l

Re:

[splutty]

Reverting to 'before the manipulation' requires another 51% attack. So you'd have to convince 51% of all authenticators to do this, otherwise there is no such thing as a rollback or "reverting". That's the whole point of blockchain, and the whole problem.

Of course the same actor that introduced the changes in the first place can just do it again.

It literally doesn't matter if it's obvious or not.

Re:

[jd]

Not just agree to do this, but to agree on an authentic history. I just don't see that happening, or you'd be getting fake calls of a "revision" that distorted Bitcoin every time there's an innocent cable break, followed by a reversion to a totally fake history at the bequest of those who want to divert coins to themselves.

Re:

[jd]

What difference does it make if it is noticed? Blockchain can't be reverted without the consent of 51% as to what the authentic version should be, and trust me you'll never get that level of agreement.

Re:

[ET3D]

Quite silly of China, I'd say. Could have used it to kill crypto for good.

Still, a 50% attack isn't the only way to destabilise crypto or to gain from it. People have played the coin values with exchanges for a while. It's also quite trivial to remove mining power from the network by cutting the power or an internet connection. It's all a matter of incentive. A criminal organisation could easily take out mining facilities, or (just a little harder) take over mining facilities. When crypto isn't worth much,

Re:

[DarkOx]

I think crypto currency is stupid.. There are certainly lots of problems technical and social with DeFi, smart-contracts, NFTs, and the stable-coin pools. No question there. I don't believe most of it is viable.

I just think there maybe reasonable uses for public cryptographic ledgers. The main one I can think of is titles, the technology could one day get us to point where title work for things like historic vehicles, real-estate, pysical artifacts etc which is often slow, costly, and error prone could be

Re:

[jacks smirking reven]

things like historic vehicles, real-estate, physical artifacts etc which is often slow, costly, and error prone could be made both automatic and reliable.

I can agree with that as potential use cases but on the other hand we've had a huge amount of investment of developers and capital into "blockchain" tech for the past decade, has anything like this become mature and available and a viable alternative for any of these industries?

Part of me is genuinely curious since it could be out there and also if i had developed such a thing I might be discouraged from associating with terms such as "blockchain" and "crypto". My thinking though is that answers in those i

Re:

[N1AK]

Exactly, and although you could tamper the odds that you'd be able to do it and not be detected are questionable. The irony of this is that although it is a flaw in Crypto the traditional alternative is even more vulnerable. You think a government can't compel a traditional bank, software company etc operating in their jurisdiction to do whatever it likes if it wanted to, including change records in a database or similar?

Transactions

[phantomfive]

The problem they mention is why you wait until six or more blocks are added to the chain before you accept that the transaction has "settled." If it's important, wait longer.

Re:

[jd]

If you can add one transaction, you can add six blocks or sixty. There's simply no way to roll back and no way to reliably declare anything as settled when the network can be trivially bisected.

Re:

[phantomfive]

If you can add one transaction, you can add six blocks or sixty.

Rolling back 60 blocks is harder than rolling back 6 blocks. Each block gets harder because of the way probability works.

THE SAME IS SAID FOR BANKS

[Joviex]

This is why Crypto was/is nothing more than the invisible Emperor in new clothes.

Re:

[windypops]

It's increased the use of the term "fiat currency" on the internet to exponential levels. I think the Italian car manufacturer should consider it as a name for their electric car range.

Re:

[jd]

Or release their own blockchain as the One True Fiat currency.

You can't escape reality

[DeplorableCodeMonkey]

The reality is that there is no ultra-secure place for your money. Pick your poison:

* Cash in hand = threat of robbery
* Cash in the bank = threat of a liquidity crisis, withdrawal limits, hacking, etc.
* Cash represented in a blockchain = threat of various bad actors hacking the network

Each one has major advantages and disadvantages. The biggest disadvantage of the second one is that you have no idea what your bank is actually doing with your money (could be good mortgages, could be funding shorting Gamestop

Re:

[xalqor]

FDIC payouts [fdic.gov] go to either the acquiring bank that buys the failed bank, or directly to the depositor if the failed bank was not acquired. They are not used to prop up the failed bank like a bailout.

But, but!

[fuzzyfuzzyfungus]

But the 'web3' bros all told me that blockchain would lead to a glorious decentralized metaverse future; and that today's substantially centralized internet was somehow the fault of a bunch of technologies specifically designed for a decentralized collection of interconnected networks; rather than any sort of economic incentives, network effects, or economies of scale! How can this be?

Proof of trust?

[ctilsie242]

One way that this attack can be mitigated is by having some on the blockchain who have a significant amount of trust weight. That way, if parts of the network get cut off, there are still "anchors" which can do a lot to keep double-spending from happening.

Of course, this craps on the entire idea of a decentralized currency, but going with a model that is between 100% decentralization, and SSL/TLS's one single root trust, perhaps with a GPG-like web of trust and multiple "trust heavyweights" might be someth

Re: Proof of trust?

[Old Man Kensey]

But then you donâ(TM)t need a blockchain at all â" you just need a secure consensus protocol between your highly-trusted parties (since in all likelihood they would carry enough aggregate trust weight themselves to outweigh the rest of the participants anyway). That was an already-solved problem long before blockchain.

Re:

[ctilsie242]

I'm leaving the blockchain stuff in, partially as a public ledger, and partially because people like that term, even though as was mentioned, there isn't really any need for it. /s... sorta.

Re:

[jd]

Then the hostile nation launches a cyber attack on one of the trusted voices, just as cybercriminals have done with the SWIFT banking system in the past. There's simply no 100% foolproof way to do this.

Re:

[ctilsie242]

Yep. Even if you split it up, where you had both a "popular" side, and PoT, similar to the US's bicameral lawmaking body, if an enemy is well-heeled, they can both get a 51% attack on "common" nodes, as well as subvert "trusted" nodes. Especially with a cryptocurrency where nation-states will be stepping into meddle... parties that have the ability to put "boots on the ground" and blackmail/extort/kidnap people.

Maybe cryptocurrency's best purpose is like the old Chaumian eCash... a secure replacement for

Re:

[jd]

If the coins are moved independently of the blockchain, so the blockchain simply records where they should be, providing verification that they're the genuine coins, then you can limit what a state actor can so they can disable a coin, but they can't forcibly transfer it. Not sure that's enough of a benefit to be worth the hastle.

Cryptocurrencies as a way of having shares in a business (so all the coins are generated at the start, there's no mining) might be an application, but you'd need a blockchain per b

51% attack and staked currencies

[FeelGood314]

We have all known since the bitcoin was created about the 51% attack to allow double spending. We have also always known the solution. If I receive a transaction worth X I have to wait f(X) transactions before I consider the transaction to be valid, where the cost of doing a 51% attack for f(X) transactions exceeds the value of my transaction. There are many cryptocurrencies where I could have rented the computing power to do a 51% attack for an hour but the cost usually would exceed any private transact

this is shocking ...

[amoeba1911]

... to no one. Everybody who knows how cryptotokens work already knows cryptotokens are just a solution to a problem nobody had (and never will have) and people who are die-hard fans of the nonsense tokens are still too dumb to understand it.

There will always be the people that hodl for life ... not because they understand or believe in the future of crypto, but because they lost their private key.

Re:

[HiThere]

Blockchain purports to solve a number of real problems. I just don't think that it actually does this.

One thing it doesn't do is ensure that the transactions are valuable. That needs to be done by some exterior means. If blockchain is actually reliable, then a government could provide that exterior means. So could a large company that was willing to make contractually enforceable guarantees. There may be other ways.

OTOH, since I don't think that it actually is as reliable as claimed, that makes the sec

Its economic 'network effects'

[Burz]

Cryptocurrencies (at least the ones around today) do nothing to mitigate network effects, which leads to concentration of power. In fact they encourage those effects. The 'DeFi' moniker is a blatant falsehood and shouldn't be used without irony.

Don't worry

[Dareth]

Don't worry I bought a powerball ticket. I sure am not getting rich fast off my dodgecoin!

I don't know how this is news

[reanjr]

How is this news? This is covered in the original Bitcoin whitepaper as a potential risk. The idea is that big players who have this sort of power are also vested in the value of the token. Sure, you can create a mining pool that can take control of the network. But if you exercise that power, you will tank the value, and so there is no monetary benefit to doing so. Governments might be interested because they can burn someone else's money to acquire the power. But at some point, even that becomes too expensive in energy costs.

(this analysis is for PoW chains; PoS chains are a whole different animal).

Maybe reverse blockchain

[jd]

I like the idea of a coin that is a discrete entity that is tied to the location it is in, that mutates in each transaction according to the endpoint, and which can be validated against its current home, where instead of everyone tracking it, it tracks itself in relation to everyone. You then don't need fancy handling of off-grid transactions. So a simulation of coins and the way coins work. The problem is that such a coin can be duplicated unless the electronics are seriously tamper-resistant and the softw

Re:

[xalqor]

Any decentralized electronic system such as what you described allows malicious tampering or forging of currency. To prevent double spending etc a recipient needs to validate the purchase with a trusted third party that has complete visibility of, or even control over, the payer's account.

One way to have truly decentralized electronic currency without a trusted third party would be to use matter or energy as the currency. At least one obvious problem with this approach is that your wallet will be heavy, esp

Re:

[jd]

True, which is why I stipulate tamper-proof hardware and bullet-proof software.

You can make the individual tokens impossible to synthesise, that's trivial. You can prevent man-in-the-middle attacks that record a transaction and repeat it, as long as the key exchange and data transmission are secure against all regular and quantum attacks, and any public-key pq system is using the equivalent of class III digital certificates. NIST is sorting out the encryption side at the moment. But you can't trivially avoi

Agree

[NewYork]

Possible with Quantum computing + Cloud computing