Security Research
Showing results for 
Search instead for 
Do you mean 

Bitcoin and Security: part 2 of 3

John_Park on ‎07-03-2014 05:02 AM

As we discussed in the first post of this series, Bitcoin’s founders have addressed the traditional security triad of Confidentiality, Integrity, and Availability in interesting ways. Today I’d like to look more closely at how Bitcoin tackles two potential problems – counterfeiting and the distribution of bitcoins within the ecosystem – through ingenious use of technologies. I’ll also spend some time looking at Bitcoin’s underlying assumptions about trust.


With modern-day technology, enforcing counterfeits or guaranteeing a limited supply of some item is not a trivial task, but not extraordinarily difficult either. The tech industry has been doing this for decades with online banking, ecommerce sites, and online game currency.


How Bitcoin is different from a typical financial system is that it is not just setting up of an infrastructure for transactions, but it is a whole new currency and a new whole new concept for currency systems. In effect, this is what medieval alchemists were trying to do: making money from nothing. And Bitcoin, if it works correctly in practice as in theory, is little short of alchemy. Creating a new currency system, and maintaining it to work as designed, is a whole new class of daunting task. It requires among other things a new perspective on systems engineering, incorporating well-understood technology and even using “weaknesses” in one technology to solve problems in another.



Peer-to-peer and the counterfeiting question


Peer-to-peer (P2P) systems are, by nature, amorphous. Peer-to-peer sessions can split into two groups and still function without much degradation. This feature makes P2P connections extremely resilient, which is a highly desirable quality and explains why the foundation of the Internet is built on P2P networks.


Under normal conditions, even when the block chain is split into two branches, there will not be a problem in the Bitcoin architecture. It would be a situation similar to source code split and merge; if every participant in the system is benign, the split block chain can be “merged” back without a conflict.


Security, of course, is about what happens on a bad day (or when not every participant in the system is benign). If the block chain splits into two branches, a time window opens during which the Bitcoin system would be vulnerable to “double-spending”. "Double-spending" is sending the same bitcoin more than once to different parties. If it can be done quickly enough, the receiver might not know that the bitcoin has been spent on the other branch. This is Bitcoin's version of counterfeiting. (For those familiar with online games, it is similar to "duping".)


Let’s walk through a case of double-spending. Alice sends 10 BTC to Bob on one branch, and 10 BTC to Carol on another branch. Both are valid transactions authorized by Alice. If Alice has more than 20 BTC, this is not a problem. When one branch dies, its transactions would simply be added to the main branch as delayed transactions. But if Alice has less than 20 BTC, only the first transaction will get authorized, and the second transaction will get rejected since in the Bitcoin system a wallet cannot have a negative value.  Depending on which branch survives, either Bob or Carol is out of luck.


One offline analogue to this problem is land fraud. A fraudster can attempt to sell the land deed of one piece of property to multiple people. Unless there is centralized record keeping, a land deed could be counterfeited, and an “exclusive” contract could be signed multiple times fraudulently. Centralized recordkeeping of land deeds prevents that sort of collision.


For a cryptocurrency system to work, even though we don't necessarily need or want a centralized server, we do need a centralized master record. More specifically, we need a time-stamping server to notarize which transaction came first, in case of "double spending.” Peer-to-peer makes the network a robust distribution system, but more is needed. Fortunately, more is provided as Bitcoin developers turned their attention to a second problem.



Fair distribution: Giving away money


However funny it may sound, the more difficult problem in creating a new currency system is giving away the money. 


From a purely technical point of view, the Bitcoin system does not need to increase its money supply. Five bitcoins, or 21 million bitcoins, or 1,000,000 – the specific limit does not matter. Any number for the limit is arbitrary, since Bitcoin can be finely divisible. (For the record, the smallest unit of Bitcoin divisibility is 0.00000001 BTC – a unit known as one satoshi.)


The distribution issue has to do more with the release schedule. The system should not exclusively favor the small group of very early adopters, as not many people would join a system that would seem rigged. If it can’t be adopted by a wide array of users, it would become just another niche toy project. It is implicitly understood and agreed by bitcoin owners that they need to distribute bitcoin to more people, so that it is not just early adopters but later-stage participants who receive "free" bitcoins. On the other hand, the system should not be biased blindly toward the late adopters simply to get more people into the system.


Giving away free money devalues a currency; the only reason Bitcoin holds its value is its rarity. With Bitcoin, as more bitcoins are released to the system, the whole system will actually go through planned cycles of devaluation. During the year 2014, there will be an 11% increase in the supply of the total available bitcoin. If all other variables are held constant, a bitcoin at the end of 2014 will be worth 90% of a bitcoin at the beginning of the year, strictly in terms of rarity value. Slight inflation is known to be good economics, but 11% inflation is on the steep side.






As we know from basic economics theory, wealth distribution is tricky, since it has to be fair to the old owners as well as to new ones. In other words, it’s unfair and even harmful to the ecosystem to simply give new bitcoins to random people. They have to be given to the right people, so that current holders of bitcoins do not feel cheated while new holders feel they are benefiting from participation. Ideally, the value a new participant adds to the system is equal or near the worth of the newly minted bitcoins.



The genius of Bitcoin is that it solves this problem with another problem – in this case, the issue we flagged above with peer-to-peer. Both counterfeiting and distribution could have other potential solutions, but by merging these two problems to provide the solution for each other, it leads to two stronger solutions. And, it even introduces a new concept of treating CPU cycles as the universal units of worth.


The answer lies in the somewhat poorly named process of Bitcoin “mining.” There’s been a great deal of bad information put forth about what mining entails; if we take a moment to clear it up, the ingenuity of the system becomes clear.


“Mining” gives one the mental image of unearthing something precious, like gold from a mine. That’s not quite right. Yes, it’s similar to mining in that it is finding a small thing in a large field, but no, it is not like accumulating a special bitcoin byte from a mound of bits.


How it works is that every miner is handed a different problem set. Each problem set is unique in the world, since the miner's own unique ID number is keyed into the problem set. The miner uses his computing power to find a right answer, if possible; some problem sets might not even have a valid answer. (In fact, most of the problem sets do not have a valid answer. If the problem set is a “dud,” one can ask for another problem set from the system.)  Even if someone else steals his "mined" block, the block can benefit the original miner only, as the bounty transaction is keyed into the solution. In fact, When a miner finds an answer, he’ll want everyone to know about the mined block, since when it is being used by others as the previous block, it locks down the bounty transaction further into the block chain.


Since there is no organization enforcing the block chain, other miners could just ignore the block mined by you.  What encourages others to follow the single block chain thread is that only the longest chain is the valid block chain. So, it is the best interests for every miner to follow the longest chain. This ties all the Bitcoin miners into a single pool of cooperation. (The question of cooperation was part of the recent uproar over GHash.IO’s large share of the total mining pool. I’ll take up the GHash question at a later time.)


Besides the malicious case, it is possible for a situation to exist such that two answers are found almost simultaneously. In this situation, a branch split or bifurcation occurs. The Bitcoin system does have a “difficulty setting” adjustment such that answers are found at a regular interval of about 10 minutes, reducing the possibility of such race-condition conflicts, but they can’t be eliminated entirely. This situation means that miners have to select a branch from which to mine.


It is in the best interest of the miners to get on the “right” branch post-bifurcation, since the bounty is awarded on the surviving branch. There is no right answer for this. But, the next mining activity usually decides which will be the master branch, since the whole system defines the master record as the record that has the most numbers of blocks found. (In addition, Bitcoin deems a record permanent if there are six successful mining efforts, which works out to about an hour of system time.)  If you are mining on the slower branch, it is therefore in your best interest to move over to the faster branch, and practically speaking such bifurcations simply don’t last long.


In addition to the free bitcoin given away by the system, miners collect a transaction fee, attached to each transaction. The usual amount is 0.0001 BTC (6 cents at today's exchange rate), which is very cheap compared to the usual credit card transaction fee of two percent of the transaction amount. Over time, these fees will play an increasing role in proceeds from Bitcoin mining activity as the bounty from mining is scheduled to decrease over time.


While the anti-counterfeiting question deals with how the Bitcoin mining process prevents fraud, in the next section, I’ll talk about the deeper issues of trust and why the Bitcoin mining process has implemented such a different and seemingly convoluted method.



Trust no one: Bitcoin and humans


“Least privilege” is a core security principle, stating that any user or process in a system should only have as much access to the system as they need to accomplish their tasks (and no more). While this is a simple concept, it is one of the most poorly executed, because it is just too darn hard for most people to say "I don't trust you.” Bitcoin pushes this principle to the extreme. Its strong reliance on crypto over human intervention says, in effect, "I don't trust anyone.”


To help with understanding what is really going on, let me suggest some "normal" trusted infrastructures that might have worked for Bitcoin.


A Bitcoin mining server exists basically to timestamp – that is, to show which transaction has precedence over other transactions, in case of "double-spending” or a race condition as described above. Instead of having peer-based mining servers, Bitcoin could have been designated trusted nodes to act as time-stamping servers.


This is similar to how DNS servers work; they are trusted servers with elevated privileges. The DNS system has its weaknesses, but its design is efficient and it works well enough. Another example of a trusted infrastructure is an AppStore, where Google and Apple (for instance) is a trusted party.


These are all "trusted" models, which are based on a typical government system or "king" system in which there is a small group of privileged elites or experts making the laws and resolving disputes. For most systems, this paradigm is a good design that has stood the test of time.


Trust in humans works in most cases, but it becomes troublesome when the stakes are too high. And Bitcoin is dreaming bigger. It is trying to be the world’s currency. To that end, Bitcoin has tried to avoid any privileged components, and designed an infrastructure where the least possible amount of trust is given away. It can be operated without any entrusted party, and even without the idea of an entity acting in "good faith,” by trusting only codes and cryptography.


Since codes and cryptography are all non-physical components, they do not require any protection from established governments, and can operate in the land of no law. This lack of legal tie-down could be viewed as anarchistic or black-market friendly, as it does not require any regulation to operate and can generally route around attempts at external control. I would simply describe it as very libertarian.



This is where "trust in crypto" comes in, and why I find it a more significant problem than the dispute-resolution process we covered earlier. What could go wrong with trusting the code?


With the crypto-based system, what we are trusting is basically our inability to solve a difficult problem. If there is a technological breakthrough, such as quantum computing, a currency system that trusts only in code and has no human “backstop” is in danger of immediate collapse. On top of that, if there is any flawed crypto-implementation, the integrity of the Bitcoin system would be degraded significantly. However, this isn’t a deal breaker for Bitcoin since if any of these events happen, Bitcoin is far from the only thing that breaks down. The whole e-commerce and internet communication would break down, as well.


Another problem with a pure crypto-based system is that it is not flexible enough to include human intervention.  With Bitcoin crypto is in charge, not humans, and there’s no one to help you if you’re robbed. (By way of comparison, in case of credit-card fraud, you can dispute a charge to the credit-card issuer and they’ll resolve the issue one way or another. For this convenience, you’ll pay them a fee or around 2% on every transaction as mentioned above.) The idea does cause some mental resistance, and for me it makes Bitcoin a really wild wild west. We are asked to trust in math, making Bitcoin an inherently amoral system, just as nature is amoral, just as gravity is amoral.


Bitcoin, in short, counts on humans being the weakest link in the system – untrustworthy and not entirely capable. It is hardly alone in basing itself on those axioms, and looking at the problem from a purely historical perspective, the chance of the crypto failing is less than the chance of corrupted people messing up the system. It boils down to a choice between trust in humans or trust in mathematics and code, and though the latter choice is still bothersome it remains, from the risk-assessment perspective, correct.


Bitcoin’s design shows is that it is trying to getting rid of human intervention as much as possible. That said, in the wider culture it does seem as if we are at an inflection point concerning where to put "trust" in technology. For example, the most recently revealed design of the Google self-driving car is missing a steering wheel and brake -- intentionally removing the human intervention part. In other words, Bitcoin’s not unique; it is the global trend that we are starting to put more and more trust on the machine over human.


Bitcoin’s underlying philosophy utilizes the principle of security of "give minimum privilege" – that is, do not give the sysadmin unnecessary privilege. As we have seen, it is possible to build a robust system by trusting mathematics to be amoral and people to be, at their worst, corrupt and/or incompetent at solving tech problems. Despite all these things, it is possible to make a robustly functional and usable system – but in the final part of this blog series, we will talk about how cybercriminals are adapting to Bitcoin.



0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all