Bitcoin Security
In this article, we learn about the security principles implemented into Bitcoin, how to develop such systems securely, and the root of trust in blockchains such as Bitcoin.
Table of contents.
- Introduction.
- Security Principles in Bitcoin.
- How to Develop a Secure Bitcoin System.
- The Root of Trust.
- Examples of Bitcoin Bugs.
- Summary.
- References.
Introduction.
"Possession is nine-tenths of the law" is an expression that means ownership is much easier to maintain if the involved party has ownership of the object in question otherwise difficult. In other words, possessing something translates to a strong legal claim to it. For example, a sweater being worn by you is presumed yours unless proven otherwise.
In Bitcoin, possession is "ten-tenths of the law" meaning that Bitcoins on the blockchain are yours if you are in possession of keys to unlock the coins. Remember we said that a wallet does not actual coins as a physical wallet does, it only serves the purpose of holding keys that are valuable to cash or precious metals such as gold. They provide access to bitcoins stored in the blockchain.
In this case, losing your keys, and them getting stolen is similar to losing actual cash on the street. Even in the case, a user mistakenly sends a wrong amount in a transaction or sends it to a wrong address, the recipient would have to be kind enough to return them otherwise they are lost and cannot be recovered.
We can compare bitcoins to actual cash or precious metals but in some aspects, Bitcoin is better because unlike hard cash, gold, or banking institutions, it cannot be corrupted or hoarded, keys can be backed up and stored safely, and it cannot be hacked. In general, it avoids some security issues presented by other forms of currency and currency management and at the same time presents new concerns.
In this article, we learn about the security principles implemented into Bitcoin, how to develop such systems securely, and the root of trust in blockchains such as Bitcoin.
Security Principles in Bitcoin.
Decentralization is one of the core principles of Bitcoin's security. A decentralized system has no centralized authority and as such, no power from a single person can tip the scales to favor him/herself. While centralized systems depend on controlling access and can keep people out, decentralization allows anyone to participate, and rules have to be voted and agreed upon by all participants.
Bitcoin uses the PoW consensus algorithm and therefore does not need to control access, the network is open to all, and everything that happens on the network is transparent and broadcasted, even the code itself is open-sourced for anyone to audit. The network's traffic is not encrypted and at the same time resistant to hacks by malicious parties.
This can be compared to credit card transactions where users are vulnerable to their information getting sniffed over the network and credentials getting stolen. Also, if the centralized point is compromised, in this case, a credit card company server or bank, user information and credentials can be stolen and further used in fraudulent activity such as identity theft.
On the other hand, transactions in Bitcoin authorize a single value UTXO to a specified recipient. The transaction is public knowledge yet it cannot be hacked. At the same time, anonymity is maintained even if the transaction is public. This transaction unlike the case of credit cards cannot be used to initiate subsequent transactions.
Decentralization is good and puts the control in the people's hands. With this control, responsibility is also required because no bank stores your funds. The storage and safety of private keys is the responsibility of the user, once lost the fault lies on the user. No institution will mitigate to help.
How to Develop a Secure Bitcoin System.
We have said that the main and most important aspect of Bitcoin's security is decentralization. That is, decentralized control over keys and independent validation of transactions by a decentralized network of miners therefore, any developer that wants to leverage Bitcoin's security should put the management of keys in the hands of the users themselves and make all records(transactions) public knowledge and accessible to everyone.
When developers fail to do this and create systems such as exchanges that place all user funds in a single 'secure' hot wallet, it leads to cases of hacking because control of keys is centralized. Such systems present a single point of failure. Remember 'Any system can be hacked', Even Bitcoin itself, the question is, what does it take to hack it? In the case of decentralized systems such as Bitcoin, the amount of resources needed to hack it are so substantial that it is almost impossible. Even if a hacker tries to do it, the investment is greater than the reward itself.
There are also cases where developers implement off-chain transactions in an effort to increase the speed of processing while reducing the transaction fees. In this situation, transactions are recorded on a centralized ledger and occasionally synchronized with the main chain.
Here there is a possibility of mutation of transactions or even diversion of funds while they're in the central ledger.
Off-chain vs on-chain transactions
On-chain transactions are validated by miners and recorded to the blockchain. Once a transaction has been validated, it is broadcasted. This way of processing transactions is secure although it is slow due to the network traffic, also transactions using this method have to pay high transaction fees, and finally, this method limits the scalability of a blockchain. Ethereum 2.0 solves this by doing 90% of the processing off-chain and then 10% on-chain.
Off-chain transactions are transactions processed outside of the main blockchains using layer 2 protocols(lightning network) to circumvent on-chain issues. This way transactions are cheaper and faster. Also, the blockchain can scale because on-chain traffic is low.
In general, any form of centralization opens up the system to issues such as;
double-spending - this is whereby a cryptocurrency is used more than once. It occurs when a miner alters a block by adding a transaction that allows them to reacquire the crypto used for a previous transaction in the same block. Decentralized consensus mechanisms help to prevent the problem of double-spending in blockchains.
Transaction malleability - this involves changing the digital signature of a transaction that was used to create the transaction. This is done by modifying the unlocking script. If it is changed, the serialized transaction data also changes. This can only be done before the transaction has been confirmed, after confirming the transaction is immutable. SegWit in Bitcoin was implemented to resolve this issue.
Other issues that emerge due to centralization are identity theft, corruption, theft of funds, and embezzlement among others.
The Root of Trust.
The traditional security architecture is based on the root of trust. This is a trusted core used as a foundation for the security of the system itself. We can think of it as an onion whereby each layer extends trust from the center(core). In this case, each layer builds on top of a more trusted inner layer using access controls, digital signatures, encryption, and cryptography among other primitives.
As software grows, it opens up holes that can be used to introduce bugs. The more the complexity the more the holes. The root of trust makes sure that the trust is placed in the simplest part of the system and the complex parts built on top of this. Here trust is first established within the hardware, if a single system then extends this root to the operating system, then to other apps built on top of the OS and across various servers are layered in concentric circles of diminishing trust.
On the other hand, in Bitcoin, the consensus mechanism creates a public decentralized ledger. The genesis block mined in 2009 by Satoshi Nakamoto is the root of trust and therefore trust is built up to the current block. During the design of Bitcoin systems, the root of trust should always be placed in the blockchain itself which ultimately should be fully validated.
A good way to perform a security assessment on a Bitcoin system is to consider the case when a single component is compromised. What are the implications? If the app is no longer secure after this, then we have misplaced trust. In this case, we should change the architecture and shift trust to the strongest and simplest part of the system.
Examples of Bitcoin Bugs.
The following is a list of some of the bugs that emerged in Bitcoin starting from the latest to the earliest;
- CVE-2022-31246 - This allowed malicious users to make payments using a QR code or text, the user scanning this code
- CVE-2012-4684 - it affected all Bitcoin nodes by allowing an attacker to exhaust a victim's CPU, GUI resources, and RAM among other computational resources.
- CVE-2012-1909 - this allowed transactions to be overwritten or duplicated on the blockchain. It was resolved by BIP-30.
- [CVE-2010–5139] - this bug resulted in the loss of 184 billion Bitcoins being minted. It was resolved by Satoshi Nakamoto and Gavin Andresen. They rolled back the blockchain to purge this transaction.
These are just a few bugs that have been found in Bitcoin in the past years. For more information on the common vulnerabilities and exposures of Bitcoin, refer to this page.
Summary.
Ownership is much easier to maintain if the involved party has ownership of the object in question otherwise difficult. Bitcoins on the blockchain are yours if you are in possession of keys to unlock the coins.
A decentralized system has no centralized authority and as such no power from a single person can tip the scales to favor him/herself, decentralization is one of the core Bitcoin principles and any form of centralization opens up the system to issues such as identity theft, corruption among others.
The more the complexity of the software the more the holes. The root of trust is the trusted core used as a foundation for the security of the system itself. In Bitcoin, the root of trust is the genesis block. All subsequent blocks use this block as the root of trust.
During the construction of a Bitcoin system, the root of trust should always be placed in the blockchain itself which ultimately should be fully validated.