The Blockchain Security Debate

The Blockchain Security Debate


Recently, a massive wave of articles has been discussing the question whether Bitcoin was using too much electricity to be sustainable. Since Bitcoin’s Proof-of-Work does use a great amount of power, questions arise if it is still the best and safest solution to secure a blockchain network? This article searches for the answer from a security-based viewpoint. Crypto-security goes further than simply protecting a network from 51% attacks, and this panel discussion that happened on the 29th of May at Blockshow Europe in Berlin discusses some of its aspects.

Speakers on the panel are Paul Puey, Mikhail Savchenko, Arianna Simpson, Rodrigo Russell, Sebastian Gajek, and Alejandro De La Torre. All of them are involved with cybersecurity in different ways, some are mining pool operators, others are solving security issues using their applications. The general talk is about wallets, people, smart contracts, mining, mobile, and security in general, and they inspired us to write about the topic and explore these algorithms.

Which one is more secure, PoW or PoS?

Before coming to an answer to this question, we need to understand the implications of security, what is necessary, how we can measure safety, and explore the pros and cons of both algorithms.

Initially, these concepts were created to mitigate denial of service attacks and spam by requiring that the network does some work. This work was usually performed by a computer, which processed empty data for a short period. Proof of Work and Proof of Stake are not all that different in anything except for the used resource.

That’s not to say that this difference is not important, not at all. It is significantly changing the entire system, especially when applied to blockchains and cryptocurrencies. So, they exist to mitigate attacks and spam, to make it expensive to try blocking or harming the network. Compared to biology, it’s like a Central Nervous System that facilitates an immune response, and you feel pain, thus moving away from the danger.

With blockchains, this risk is called the 51% attack, most commonly as double spending attacks. When we are talking about Bitcoin, attacking the network would take a lot of money, time and energy. This security, however, is not a given for most other PoW cryptocurrencies, as they have significant lower costs for an attack. Smaller currencies do not have a mining network as strong as Bitcoins to deter attacks from malicious actors. It is normal for an attack on a smaller network to cost as little as $500.

Most of these dangers also apply to the Proof of Stake concept. There is a risk for a 51% attack on a PoS network, but it becomes available once an individual owns enough of the cryptocurrency, as opposed to holding miners. To attack a PoS network you need to stake more than the rest, but buying these coins on the open market will take a long time. It is also going to be incredibly expensive.

So, which one is safer for blockchain operators? Neither. That’s the simple answer anyways. If we are talking about Bitcoin’s oOW, and soon to be Ethereum’s PoS, then we can have some assurance that 51% attacks would be expensive. It’s the small blockchains’ safety that is in danger of 51% attacks.

Vice President of, Alejandro de la Torre said during the panel discussion: “We all focus on the cool blockchain features, such as immutability, but we all forget that they come from Proof of Work. Just because you have SHA-256, that doesn’t necessarily mean your coin has enough mining power to maintain security.” As such, it is evident that smaller coins are at risk of being completely overtaken.

ASIC miners make PoW currencies safe and expensive to attack

Don’t take it from me, take it from Andreas Antonopoulos. He says: “ASIC resistance is futile and undesirable, as it is motivating malicious actors to seek out botnets and use them to attack your cryptocurrency. Even if you use GPUs, they will target gamer’s computers and use them.”

This month, many currencies are under 51% attack from various malicious parties. Bitcoin news talks about Zen Cash being taken over, Bitcoininst claims Bytecoin is vulnerable for ~$600, and Bitcoin Gold got attacked last month.

I believe that most of them are unaware of this fact. Anybody with a technical mind capable of programming can make some changes and fork a cryptocurrency. This should be a lesson for every person interested in forking, not to make changes in isolation, but instead involve the broader community and elicit support from them. Learn and adapt, keep your mind open, and your ego in check. Being open will save you and your project safe from malicious actors.

In comparison Proof of Stake has no direct mining, but rather has a complex structure that facilitates the production based on stake. Github has a lot of documentation related to PoS. Following inspiration to investigate the recent reveals of blockchain capable phones, we reached out to one of the attendees on the panel with the following question:

Will the movement towards mobile usage affect consensus protocols?

We asked this question to Paul Puey. Considering that maybe this movement towards the mobile usage of blockchain technology will lead to a change in protocols.

He said: “That affect question affects more of a full node which will never be on a mobile device. Mobile apps don’t have anything to do with POW vs POS, nor will they be involved in consensus mechanisms in the foreseeable future.”

What about the safety of value?

Let’s leave small blockchains behind and talk about the big ones. Both Bitcoin and Ethereum are PoW secured right now, with Ethereum having plans to switch to PoS with Casper.  The electricity that is used in the production of the blocks for these networks is the cost that computers pay to create the currency. We are minting cryptocurrency using wind, solar, hydro, nuclear, and coal energy. Cryptocurrency is merely condensed electricity.

This concept is lacking in Proof of Stake systems, where money can be printed without any energy investment into the network. Ethereum will be different when it enables PoS, due to the large following and proven value perceptions. Of course, the risk of loss is there, but it’s unlikely that they will lose any users over this change.

It might however drastically affect the price, as many miners will leave the network and transfer to smaller blockchains. This move by Ethereum is placing the greater blockchain community under a lot of pressure. The miners will flood other blockchains and may be tempted to use the relatively chaotic environment to attempt 51% attacks.  

Conclusion & Recap

Proof-of-Work concepts exist to mitigate damage to a network. They are a shield against denial of service attacks and spam. They are a necessary part of cryptocurrencies that provides thousands of people with the secured decentralized ledgers. PoW is the process of taking processing power, using it to hash for solutions to a problem and rewarding the fastest solvers with a prize.

Proof-of-Stake is the process where existing coins are locked to the network, and their stake is used to validate transactions. Upon validating transactions and creating a block, the stake is rewarded with additional coins.

My personal conclusion is that Proof-of-Work is creating a precious coin, one that better equipped to withstand an attack and loss of value. Proof-of-Stake is also secure, as it takes some stake, and processes transactions based on that. Unfortunately, the logical sequence suggests that unless the original data placed inside the Proof of Stake process is inherently valuable, the resulting coins will not have any real value. This conclusion is voiding the speculative nature of reality, as humans tend to value the same things differently.

Regardless of which algorithm a specific cryptocurrency will adopt, the most critical part of the whole experience is to keep the value and ownership safe. The best way to do this is to hire a security expert when implementing your blockchain. If you use POW, it is a better approach to give an incentive for ASICs to join your network. Otherwise, you risk becoming one of those currencies that cost about $500 to attack.


Featured Image via BigStock.