Computer & Network Security
Blockchain is one of the main drivers behind an ongoing digital revolution in the financial industry, referred to as Fintech [Financial Technology]. It aims to challenge traditional financial market structures, which have been slow to adapt to market and regulatory needs, as evident in the aftermath of the global financial crisis. Fintech has been getting a lot of attention recently with global investments increasing rapidly, which can be attributed to the success and implication of Bitcoin technology. Bitcoin gave rise to and is an example of a Distributed Ledger Technology (DLT), a loose term, referring to the combination of several components such as the blockchain, peer-to-peer networking, distributed data storage, automating business logic, cryptography, and several others. The objective of DLT is to provide a new innovative way of handling digital assets, such as recordkeeping, storing, and transferring. In this report, we dive into the technicality of the blockchain, and its one notable success, Bitcoin.
BREAKING DOWN THE BLOCKCHAIN
“Blockchain technology” has been a recent buzzword claimed by several to be a revolutionary idea which will radically transform the shape of the economy. However, it is quite an abstract concept with most people in the industry having only a vague understanding of it. Essentially, it refers to a distributed public ledger that holds transaction records for anything of value in a decentralized way. The goal is to arrive at a single version of truth using cryptography and various consensus protocols. Below, we describe the fundamental principles of the blockchain:
Distributed Database: The Blockchain stores all transactions records that have been executed since the creation of the database. This is done in a distributed manner so the copy of the database is replicated throughout the network removing any risk of a single point of failure, as well as increasing data transparency.
Decentralization: In the context of blockchain technology, decentralization refers specifically to the following two dimensions; Architectural and Political. Architectural decentralization means having multiple computers in the network making up the blockchain system. Political decentralization is about having no central point of control, so a single organization or individual does not maintain and regulate the blockchain. Instead, the regulation is achieved through protocols and cryptographic security measures that run on the nodes that make up the blockchain network. It is this dimension of decentralization which makes the blockchain a remarkable concept and separates it from traditional methods that requires a trusted intermediary to regulate transactions.
Immutability: The blockchain is updated via consensus verification protocols that enable the network to collectively insert new transactions, ensuring a single version of the ledger at all times. These protocols further prevent any malicious nodes from manipulating or inserting fraudulent transactions ensuring the authenticity of the blockchain.
Bitcoin was the first successful conceptualization of the blockchain which came into existence in January 2009. In October 2008, a pseudonymous programmer(s) under the name Satoshi Nakamoto wrote a white paper titled “Bitcoin: A peer-to-peer Electronic Cash System” that described the bitcoin protocol. The main problem that the paper aimed to solve was the ‘double spending problem’, a problem unique to digital currency as it can be reproduced easily and spent twice. Currently, banks regulate the movement of digital currency assuring that a double spend doesn’t occur. Satoshi Nakamoto came up with an ingenious way of solving this problem using a peer to peer network and a “Proof-Of-Work” system which removes the need for regulation by a trusted third-party institution. To get a firm grasp of how this Proof-Of-Work system works, some understanding of Public Key cryptography, Digital Signatures and cryptographic hash functions is essential.
The peer-to-peer solution laid out by Nakamoto essentially lets anyone become a bank by storing the shared public ledger, taking part in validating transactions and keeping it up to date. This shared public ledger consists of discrete blocks sequentially linked together. Each block consists of a certain number of transactions and a public header linking to the previous block. The only requirement for participating in the blockchain is contributing computational resources to it, which is required to run the Proof-Of-Work system.
Fig 3: Bitcoin mining process
The Key idea behind Proof-Of-Work is to make it computationally expensive for anyone who wants to validate transactions and contribute blocks to the blockchain. This is achieved by getting nodes who want to contribute to the blockchain solve a cryptographic hash puzzle, also known as ‘Mining’. The only way to solve this puzzle is by constantly trying to guess the answer, but when the answer is found, it is a one step process to verify if it’s the correct answer. Hence the name, “Proof-Of-Work”. Once a miner solves the puzzle and broadcasts it to the network, everyone can instantly verify if it was correctly solved, and if so, they can add it to the block chain. Each block mined also creates a small amount of bitcoin which is awarded to the miner.
This incentivizes miners to mine blocks and helps gradually increase the supply of bitcoin. Proof-Of-Work assures that the influence someone has on the entire blockchain is proportional to the total CPU power they contribute to validating transactions. As long as the majority of the CPU power (more than 50%) being dedicated to the blockchain is not coming from a centralized source, it becomes virtually impossible to create a double spending attack or insert fraudulent transactions into the blockchain.
Proof-Of-Work is just one way of solving the double-spending problem. Since its inception, other crypto-currencies have been created with some modification to the protocol that have additional features or overcome some limitations of bitcoin.
BITCOIN — ‘NOT REALLY ANONYMOUS’
Recent occurrences of ransomwares require Bitcoin to be paid as a ransom, giving the public a perception that Bitcoin is an anonymous e-cash system. Even though bitcoin addresses aren’t linked to its user’s identity, it should instead be considered a pseudonymous system since all transactions reside on a public blockchain, allowing anyone to analyze the transactions. Furthermore, several studies have shown that de-anonymizing bitcoin users is possible based on methods using transaction graphs or other external sources of data. Despite this, criminals are still motivated to use Bitcoin as there are techniques making it extremely hard to trace bitcoin users. One such technique is the laundering of bitcoins using services such as Bitmix or BitLaundry. Because of this, Bitcoin is most likely still going to be the main source to collect ransoms, unless another crypto-currency is created with a feature to keep its users 100% anonymous.
Despite the robustness of the protocol and the security measures put in place using cryptography, bitcoin as well as other cryptocurrencies should not be considered 100% secure. Software vulnerabilities are inevitable and the ever-increasing complexity of blockchain protocols is only going to increase the risk of bugs in software. Below are some of the vulnerabilities that have been exploited in the crypto-currency space due to software vulnerabilities:
Furthermore, crypto-currencies have given rise to new types of threats in cyberspace. One such case is the Cerber Ransomware, which was updated to look for Bitcoin wallet data stored in a computer as well as infect it with ransomware. Another recent threat which has come about is having a malware infect multiple machines and use them to mine bitcoins. Since bitcoin uses proof-of-work which requires computing power to mine bitcoins, the use of computing power will always be in demand. In 2015, an incident was reported where a malware infected a university network and harnessed the computational resources to mine bitcoins.
Since the inception of Bitcoin, there has been an exponential increase in blockchain-based startups as well as investment in blockchain technology. Most global banks have started experimenting with the blockchain technology in several ways such as partnering with fintech startups, joining technology consortiums, or developing their own in-house technologies. A major player in the Blockchain space is the R3 consortium, which launched in September 2015 and consists of over 80 global financial institutions (e.g., Bank of America Corp, HSBC, Intel, SBI group and others), all working together to develop and experiment with Blockchain technology. Specifically, R3 has announced that they are working on a distributed ledger platform known as Corda which is designed for regulated financial institutions to manage financial transactions. It should be noted that Corda isn’t a blockchain but it is heavily influenced and inspired by the current blockchain systems. This approach is taken as the current blockchain applications don’t directly apply to financial institutions which should consider a need for regulation, privacy and scalability. In their first two tranches of series A fundraising, they have managed to successfully raise 107 million USD, the largest DLT investment so far. In the figure below, a few of the big consortiums are shown with some of their respective members.
Due to the innovations and investments in the blockchain space, it seems to be gathering unnecessary hype with its benefits being exaggerated by the media which are not considering the vast technological improvement required to be effective. Furthermore, blockchain technology aims to radically change the current financial infrastructure, which can’t happen overnight and will certainly gain resistance from regulators and the government worried about risks of the new technologies involved. Due to this, Blockchain technology has landed on the top of Gartner’s hype cycle curve as “Peak of inflated expectations”, showing that it is a technology with great potential but will require significant time and effort to reach global adoption.
Fig 5: Gartner Hype Cycle for Emerging Technologies, 2016
IN A NUTSHELL
A recent research paper by the MIT Sloan School of Management titled “Some Simple Economics of Blockchain” asserts that Distributed Ledger Technology(DLT) affects two key costs, the cost of verification and the cost of networking. This be an opportunity and a threat to the financial industry. As DLT offers a replacement to the traditional underlying technology used by financial institutions, adopting it will significantly reduce cost and create new types of transactions. Some of the benefits specific to the capital markets as shown:
Fig 6: Benefits of adopting Blockchain for capital markets
However, the financial sector should also be cautious of the threat DLT poses, since it can be used to offer a replacement for financial institutions of today by offering another way of generating value and distributing it across the globe. For example, one can certainly envision Bitcoin or another crypto-currency replacing the role of services such as SWIFT and ACH, and performing these services more effectively by reducing auditing and regulation costs.
Create your free account to unlock your custom reading experience.