Page 41 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 41
Box 4:
Wallet Security Approaches. Hyberbit DLT for Donations for Disaster Relief. The DLT controller secures
the DLT from compromise by managing only one key out of four required.
Program: The charity sector is often subject to reports of corruption, fraud and in addition the lack of
transparency, inefficiency and unfair redistribution of funds.
Security Aspects: To renew trust, a HelperBit has developed a decentralized, P2P donation system for
natural hazard-related disasters, using a multi-signature, non-custodial and multi-signature Bitcoin-
based wallet. The donor must write the passphrase each time they make a donation. With Helperbit
managing only one key out of four. it has no decision-making power over use and transfer of any funds.
This not only increases the security of the wallet, but also protecting it from mistakes such as loss of
a passphrase or incorrect backup, as well as external attacks, while also providing the possibility of
recovery. Helperbit cannot access any funds: only the user can do that.
267
to the storage of data and access thereto compared transaction flows, since they are on the nodes and
to centralized methods. That is, at least for public - intrinsically to the distributed nature of blockchain
DLTs, data stored on the DLT should in large measure - would have to verify any transactions for that trans-
be visible to everyone – the nodes - on that block- action to be placed on the block. 280
268
chain. The ostensible reason for this is that to vali-
269
date additions of data to the chain, nodes must have Mitigation and Recommendations:
visibility over the data they are validating. In theory Solutions to these issues are being developed, but
270
then, everyone could see everyone else’s data, at all not yet mainstream. For example, ‘zero-knowledge
times. proofs’ are emerging, potentially enabling valida-
281
And, although access to a DLT requires a pri- tion of data without visibility over the underlying
vate key, not all of the information on a blockchain data itself. This is being applied in the crypto curren-
is encrypted. For example, on the Bitcoin permis- cy realm with Zcash, an emerging decentralized and
271
sionless, public blockchain, data is pseudo-anony- open-source crypto-currency that competes with
mous: The user’s ID is self-asserted and encrypted, Bitcoin and which purports to offer privacy and
but transactional data is not. selective transparency of transactions.
282
There is thus a tension between shared control of
data on a ledger - the core of the DLT motif - and 8�7 General Concern: Consensus & Mining
sharing of the data on a ledger. Similarly, while the
272
flavors of blockchain are all addressing low scalabil- 8.7.1 Issue: Consensus Dominance and Mining
ity and low processing speed issues, all these Pools
274
273
issues are related to the so-called blockchain ‘trilem- This section discusses consensus mechanisms
ma.’ This represents a widely held belief that the and the problem of ‘consensus dominance’ where
275
use of blockchain technology presents a tri-direc- an attacker can negatively impact or control the
tional compromise in efforts to increase scalability, consensus mechanism present in DLT and block-
security and decentralization and that all three chain protocols.
276
cannot be maximized at one time: increasing the lev-
el of one factor results in the decrease of another. Dimension Affected: Network, Consensus
277
Risks: Specific Threat: 51% Attack
Lack of transactional privacy and loss of customer This attack targets mining pools and consensus.
funds: For financial institutions using permissioned, Mining pools are popular, especially on Bitcoin
private blockchains, the visibility of commercially networks where smaller individual miners are at a
sensitive information – customers, transactions etc. substantial disadvantage against pools who unite
– to everyone may be a serious barrier to adoption. their hashing/computing power and enables the
278
So, although a DLTs could potentially replace Soci- group to mine at a more rapid pace and substantially
ety for Worldwide Interbank Financial Telecommu- greater chances for success. On the transactional
283
nication (SWIFT) for value transfer or a bank for blockchain level, large mining operations and consor-
279
settlement, it also means that everyone could see the tiums of miners have had the ability to take control
Security Aspects of Distributed Ledger Technologies 39