ITU-T Focus Group Digital Financial Services
                                              Technology, Innovation and Competition



               Nonetheless, the underlying code in any blockchain may be a security issue: The exploitation of a flaw in the
               Ethereum blockchain led to the immutability paradigm of blockchain being necessarily violated by its creators
               to restore (potentially) lost funds. 90
               Despite the use of strong cryptography, DLTs are not necessarily a panacea for security concerns people
               may have. Indeed, there is a tradeoff between replacing costly – and often risky ‒ intermediaries with
                        91
               cryptographic key-only access distributed across nodes.  For example, for permissioned ledgers replacing
                                                               92
               centralized intermediaries, the cost-benefit in using blockchain is somewhat ameliorated by the need to trust
               permissioned authors rather than relying solely on the nodes who offer the guarantee of ledger integrity. 93
               The issues are said to be thus: The more trusted parties per node that are needed, so too does the compromisable
               'surface area' of a distributed network increase. Also, requiring a third party private key management function
                                                      94
               is contradictory ‒ and possibly even nugatory ‒ to the core ‘disintermediation’ principles of DLTs. In all, these
               tradeoffs may arguably reduce the utility of DLTs.

               Authorized access is also an issue: Nodes on the blockchain are – using current protocols – said to be unable
               to distinguish between a transaction by an authorized, actual user and a fake transaction by someone who
               somehow has gained access to the blockchain trusted party’s private key.  This means that if a bad actor gains
                                                                           95
               access to a comprehensive banking blockchain that itself accesses all or of part of a core banking network
               blockchain ‒ or a real-time gross settlement system – then this breach would in effect be compromising all
               banks’ databases simultaneously.
                                           96
               Risk for loss of funds where credentials are controlled by a single entity was demonstrated in the recent
               compromise of the credentials used in the transfer of funds through the (non-DLT) SWIFT network from the
               Federal Reserve Bank of New York  to the central bank of Bangladesh, Bangladesh Bank.  To circumvent
                                                                                            98
                                             97
               or mitigate this type of risk, private key management functions or biometric linked private keys have been
               suggested. 99
               The issue of longevity of the security of blockchain-based data may also be an issue. For example, the possibility
               of ‘old’ transactions on a particular blockchain may be vulnerable to advances in cryptography over a period
               of years or decades such that ‘old’ transactions can be undetectably changed.
               A type of equivalence to this issue would be security compromises of the circa-1980s GSM ‒ and later
               generations of ‒ mobile communications encryption specifications affecting feature (non-smart) phones
               whose firmware cannot easily be updated with a fix for any vulnerabilities. The ability then to upgrade the
               cryptographic techniques used for ‘old’ transactions should be considered in DLT designs.


               5.4    Fragmentation in DLTs

               DLT-based solutions intrinsically rely upon multiple users for achieving critical mass: Nodes need more nodes to
               distribute the data, to do the validations of the blocks in the process of being added, and to do the processing


               90   Hertig, A (2016) The Blockchain Created by Ethereum's Fork is Forking Now, available at http:// www. coindesk. com/ ethereum-
                  classic- blockchain- fork- ddos- attacks/ .
               91   For public, permissionless (trustless) blockchains like Bitcoin where the use of nodes on the blockchain are publicly used to verify
                  transactions is a core feature, security of its blockchain – and not the vaults bitcoins are stored in - is ensured by syntactic rules
                  and computational barriers to mining. See also Greenspan (2016b) ibid.
               92   There is arguably also a trade-off in DLTs between security and transaction processing speeds. For a technical discussion thereof,
                  see Kiayias, A and Panagiotakos, G (2015) Speed-Security Tradeoffs in Blockchain Protocols, available at https:// goo. gl/ bgsTR8.
               93   The counterargument could be that a properly designed ‘permissioned’ network would be designed so that there is no sin-
                  gle-point of failure or central administrator who can unilaterally change the state. See Swanson (2015) ibid.
               94   Credit Suisse (2016) ibid; and Kaminska, I (2016) How I Learned to Stop Blockchain Obsessing and Love the Barry Manilow, avail-
                  able at https:// goo. gl/ mv3Lcy.
               95   Vermont (2016) ibid
               96   Greenspan (2016a) ibid
               97   The Federal Reserve Bank of New York is one of the 12 Federal Reserve Banks of the United States.
               98   Reuters (2016) Exclusive: New York Fed Asks Philippines to Recover Bangladesh Money, available at https:// goo. gl/ yqaJh7 .
               99   Vermont (2016) ibid



                138