Hashing it Out Over Blockchain Security
At their core, networks such as Ethereum and Bitcoin are simply real-world implementations of the academic concept that is blockchain technology.
At Metcy we spend considerable energy seeking to separate the hype around Web3 from the true principles underlying recent advancements in blockchain technology. After all, it is only through a genuine understanding of the extents and limitations of any concept that you can really begin to understand the potential for value add in existing systems.
One of the most common victims of the hype cycle has been a real knowledge of how blockchain technology truly works and its level of security. Enter one of the most frequently asked questions.
If blockchain is so secure, why are there ever any breaches in a chain?
This confusion is typically associated with a recent public theft of cryptocurrency or some breakdown of trust within a system. However, to answer this question fully requires clarification of a few key assumptions that are often overlooked.
First, there is no single blockchain, just as there is no single type of cell phone or no single computer operating system. The concept of a blockchain exists as a higher-level system that can be implemented in several different ways. This is similar to the concept of education. You may have graduated from your university with a degree in computer science. In general, the topics covered may be similar to those covered at another school, but they won’t be the exact same. Each university implements its idea of what a computer science degree should be slightly differently.
In this way, how the Bitcoin network constructs a blockchain is slightly different from how Ethereum constructs its blockchain. This means that their security protocols, speed of operation, and general accessibility are different, which brings us to the next critical point.
The concept of a blockchain is purely academic and different blockchain technologies (e.g. Ethereum) simply exist as attempts to implement this concept through a set of managed tradeoffs. The idea of nodes constantly in contact seeking to validate an unchangeable ledger seems simple in theory. However, implementation typically requires the builders of the chain to decide how much they care about absolute security versus how much they care about speed and ease of use.
In modern blockchains, this is often seen as the option to utilize either proof of work (PoW) or proof of stake (PoS) functions. In PoW, miners are forced to solve extremely complex problems to validate blocks on the chain under a cryptographic hash function known as SHA-256. This is an incredibly secure approach given each block in the chain is validated by all players. An issue here though is that scalability is debatable. The amount of time required to process transactions on Bitcoin’s network for example is potentially prohibitive to large-scale, real-world functioning.
PoS offers a different approach. Validators are selected at random based on the amount of tokens they hold in the network. This approach is significantly more scalable and faster than PoW, but the tradeoff is that security may be slightly lower.
As noted by Professor Omid Malekan at Columbia Business School, “Beyond immediate security, PoS risks centralization as token ownership also determines governance, and ‘the rich get richer’ because they are likely to stake their coins. Custodians and exchanges also become natural power players since they can stake their client coins. PoW has more diffuse power since miners are often not the biggest coin owners.”
The tradeoffs here are clear. When designing large, public blockchains systems, it is hard to achieve extreme efficiency without sacrificing some level of security.
Still, readers should take comfort in the knowledge that Ethereum and Bitcoin are some of the most battle-tested networks in existence and have implemented a number of enhanced security protocols and forks to fix any potential issues.
The truth is that it is not the underlying blockchain itself that truly poses security risks. It is where the chain interacts with the real world.
That means third-party applications, new forms of smart contracts, crypto wallets, or hardware with signature key information. Security flaws exist where blockchain technology begins to intersect with use cases in the real world or where the secure functions of the chain are removed and placed onto other more secure platforms. For example, private wallet keys being stored on unsecure servers. This is where there is both opportunity for business usage and where issues can arise.
The push and pull between preserving blockchain’s security traits while simultaneously allowing data accessibility and usage has proven to be one of the most significant challenges to the adoption of the technology into core systems and one of the issues Metcy’s proprietary APIs will help solve by allowing secure, fast on-chain access to chain data without the need for storage.
This linkage approach, resting on the idea that blockchain data should not be replicated, only discreetly accessed, will ensure businesses have continued access to the most reliable, mined data needed.
As for the future of different approaches, it is likely that new means of block validation will emerge over the next few years as cryptographers and entrepreneurs seek to enhance the availability of the technology. As long as professionals in the space remain aware of where risks lie, security concerns should remain manageable alongside growth.
