Page 14 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 14
Figure 1: ‘Trilemma’ in the DLT ecosystem.
While there are now a number of trilemmas, the original ‘blockchain trilemma’ developed by Ethereum founder Vitalik
Buterin shows that two but not all three conditions may exist at the same time. Security and scalability of a DLT is a
common feature of a number of ‘trilemmas.’ 2
es are being focused by a burgeoning DLT industry its underlying technology and traded under the tick-
globally on solving any security vulnerabilities that er symbol BTC.
are emerging. High-profile security hacks that have To illustrate the loci of the attacks from threat vec-
led to losses for users, as well as initiatives to deploy tors, we use an adapted version of a published DLT
9
DLT solutions in enterprises, central banks and the architecture using a layered approach. These layers
wider economy have all added to the impetus for are shown in Figure 4� These layers are integrated
getting in front of and finding solutions to any vul- into the most prominent security concerns, based
nerabilities. on those threats, risks and vulnerabilities that this
Cyber-security challenges are far greater in what report identifies as having the most coincidence to
are called public, permissionless DLTs where there financial inclusion, shown in Figure 5� Each threat
are no walled gardens which only allow access to and attack is described in terms of its effect on
known, trusted participants. This creates a challeng- one or more of these abstract layers. Where possi-
ing environment where everyone has access but no ble, mitigation measures and recommendations are
one can be trusted. described cumulatively for each threat and its cor-
While the flavors of blockchain are all addressing responding vulnerability and risk. Context of each
low scalability and low processing speed issues, threat described will indicate whether the mitigant/
3
4
all related to the so-called blockchain ‘trilemma’ – recommendation applies to entities running DLTs,
5
shown in Figure 1 - representing a widely held belief end customers, regulators, or developers of DLTs – or
that the use of blockchain technology presents a to a multitude of these actors. Annex D summarizes
tri-directional compromise in efforts to increase the threats to these layers alongside the concerns.
scalability, security and decentralization and that Given space constraints and readability, the secu-
6
all three cannot be maximized at one time. That rity components discussed in this paper do not rep-
is, increasing the level of one factor results in the resent the totality of all published security issues
decrease of another. related to DLTs and the crypto-economy, but the
7
most prominent and proximate to financial services
3�2 Methodologies and Approaches Used In This and a developing world context.
Report Research for this paper was conducted through
This report embraces and uses the technical term desktop research and direct interactions by the
Distributed Ledger Technology (DLT) to describe all author with regulators and ecosystem develop-
distributed ledgers, no matter what underlying DLT ers and participants, as well as other experts. The
technology or protocol is used. Where needed, the author thanks them for their invaluable and forth-
8
term blockchain is used interchangeably with DLT as right insights.
the primary exemplar of DLTs. The technologies cited, as well as any laws, poli-
Overall, unless otherwise stated, any reference to cies, and regulations cited are as of May 31, 2019.
‘Bitcoin’ is to what is now known as Bitcoin Core and
12 Security Aspects of Distributed Ledger Technologies
