Introducing blockchain security
Blockchain technology has many advantages, the most important of which is probably its security. With the use of cryptography, decentralization, and consensus algorithms, blockchain protocols provide way to securely store and exchange information without the need for an overseeing institution or preexisting trust between parties.
Here are the reasons why blockchain security works.
The basics of blockchain security
Satoshi Nakamoto, the enigmatic creator of the original Bitcoin, is at the core of it all. Using his seminal whitepaper, Bitcoin: A Peer-to-Peer Electronic Cash System, Nakamoto proposes a way to make secure payments and avoid the problem of double spending.
The proposed system is based on decentralization. If the ledger containing the transactional history of a peer-to-peer network is shared among all members, then everyone can verify that no fraudulent transactions have been recorded. Getting everyone on the network to agree on which ledger is the correct version is all that is needed. In his Proof of Work mechanism, Nakamoto uses cryptography.
Bitcoin uses cryptography in two different ways. Among other things, it underpins digital signatures that prove the validity of individual transactions. Verified transactions are then organized into discrete data packets called blocks. Here’s where it gets interesting. People who add new blocks to the ledger – we call them miners – include a special number in the block to ensure that the block produces a certain outcome when run through a mathematical algorithm called a cryptographic hash function.
Finding such a number requires a lot of computational effort, but verifying that it’s valid is extremely easy – we just need to run the block through the hash function and see if it produces the expected result. These numbers are known as proof of work.
Lastly, every new block contains the proof of work of the block before it. Therefore, blocks are cryptographically linked.
The whole system ensures that proof-of-work blockchains are immutable and resistant to attacks.
Proof of stake
Proof of work has been instrumental in the development of the first generation of block chain protocols, but the algorithm has limitations – mostly its limited scalability and high energy consumption. Modern blockchain development has been focused on finding alternatives to PoW and Proof of Stake is one of the most prominent consensus algorithms.
The PoS model requires people to stake tokens in order to become validators. The stake requirement ensures that a validator acts in the interest of the blockchain network. As a result, if validators are diligent in performing their duties – which include creating new blocks and validating those that they do not create – they are eligible for staking rewards.
By contrast, validators who engage in fraudulent activities, such as creating or validating malicious blocks, risk losing some of their staked tokens to a process called slashing. Furthermore, PoS models typically employ complex random algorithms to decide who gets to create the next block, which adds another layer of security by making coordination of large scale attacks impossible.
Public vs private blockchains
With the inception of Bitcoin more than a decade ago, the design principles of blockchain technology were established. Originally, blockchain protocols were public, permissionless, and decentralized, and they needed a consensus algorithm to ensure that network participants always agreed on which version of the blockchain ledger was correct.
The design of the next wave of blockchain protocols such as Ethereum and Litecoin was informed by those concepts. Blockchain developers began experimenting with more relaxed implementations of those core tenets as blockchain technology evolved. Therefore, they began to realize that sometimes these more relaxed approaches offered interesting new possibilities. Private blockchains are one example of this.
When we disregard the permissionless principle completely, we get private blockchains. To put it another way, we create a blockchain network, but instead of leaving it open for anyone to join, we make it so that only entities with permission can join. This is why private blockchains are also known as permissioned blockchains.
Public blockchains have a higher level of security than private blockchains. They are not completely trustworthy and are typically used to connect a small number of network members. A smaller network is more vulnerable to attacks, especially if a bad actor is able to impersonate a legitimate member. As well, there is no guarantee that the network’s ledger cannot be tampered with,
All of that creates the impression that private blockchains are inferior to public ones. This conclusion is not without merit, but it also misses the point. A more accurate description would be that private protocols are tailored to serve a specific use case, and because of that their creators are prepared to sacrifice some aspects. Private blockchains, for instance, are useful for creating enterprise-grade solutions that businesses can use without compromising their privacy.
In the meantime, there are certain techniques that allow private protocols to utilize the immutable ledgers of public blockchains like Ethereum to address some of their security shortcomings. Zero-knowledge proofs, for example, allow a private protocol to submit evidence to a public ledger that its stored data is valid without revealing the data itself.
Private blockchains, by focusing on a relatively small number of stakeholders with known identities, are able to rely on a Proof of Authority (PoA) consensus algorithm. Furthermore, PoA algorithms address a security weakness inherent in PoS design in addition to being lighter than their PoW and PoS counterparts.
Proof of Authority
In Proof of Stake systems, people with staked tokens in a network are incentivized to act in the network’s best interests, or else they risk losing their stake. As such, it appears reasonable to conclude that a larger stake translates to greater motivation for the stakeholder to ensure the network’s success. The problem with this line of thinking is that it overlooks the fact that while identical stakes may be equally valuable from a monetary perspective, they may not be equally valuable to their holders. People with 20% of their holdings staked in a network are likely to be much more invested in that network’s success than those with only 1% staked, regardless of the actual stake size.
PoA attempts to resolve this problem by having network validators stake their reputation instead of tokens. Because their reputation is on the line, stakeholders are motivated to work for the network’s success.
PoA has the drawback that it requires validators to be known entities, which makes it unsuitable for large-scale decentralized systems.