Пост за гости од HodlX Поднесете го вашиот пост
Originally created to support Bitcoin, blockchain technology is becoming more popular as people discover its uses beyond cryptocurrencies. One study најде that 81 of the 100 largest companies in the world are actively pursuing blockchain-related solutions. In light of this newfound popularity, concerns over blockchain security arise.
So, let’s explore blockchain security and how it works, as well as some practical examples. But before we start, let’s all take a moment to appreciate the irony of blockchain security being questioned when it was created to provide more security in the first place.
As someone who has been involved with Web 2.0 and Web 3.0 development for years, I know security is never taken lightly. Keeping your product secure without compromising its usability is another challenge much like keeping your house safe without locking the door.
Understanding blockchain security requires grasping the key security attributes of a blockchain network. To put it another way, what are the main focus points when it comes to making sure that a blockchain network is secure?
Transaction integrity
To begin with, blockchain transaction contents should not be changed during transitions. In other words, the transaction’s integrity should remain intact. It all comes down to the very definition of a blockchain, which is a chain of blocks that contains transaction records.
Once the transaction has been validated by all nodes in the network, it becomes immutable, (i.e., it cannot be altered after validation). Every transaction in the chain is verifiable, immutable and time-stamped.
Tamper-resistance
In order to be tamper-proof, a blockchain must prevent tampering, both with the objects within an active transaction, as well as with the historical data already stored in the blockchain blocks. This is ensured by using methods like the SHA-256 hashing algorithm, public-key cryptography and Digital Signature.
Како пример, Bitcoin blockchain discourages tampering because it would result in automatic exclusion from the network. A node operator responsible for approving transactions and adding new blocks to the chain is actively discouraged from tampering with the records as it will be easily discovered.
If a node becomes inactive and no longer in consensus with the rest of the network, the node operator stops receiving mining rewards. To put it another way, Bitcoin node operators don’t have any reason to mess with the ledger.
Regardless of the consensus mechanism behind them, all blockchains should rely on incentivizing node operators not to tamper with the records. This incentivization mechanism ensures that the distributed ledger remains tamper-proof regardless of how much it grows and how many blocks are added to it.
This is similar to a security guard in a bank who would have no incentive to steal if they were rewarded for protecting the money instead. The reward encourages honest behavior and discourages any thoughts of attempting to tamper with the records.
доследност
Blockchain’s ledger should be consistent. In other words, it means all blockchain nodes should update the record simultaneously. A blockchain network, as we know, is made up of many nodes. Since blockchain is a distributed network, every time a new block is added, all nodes should be updated simultaneously.
This is similar to having an orchestra of musicians playing different instruments all in harmony. It is important that each musician is in tune with the others in order to produce a beautiful sound.
Similarly, the nodes in a blockchain network need to be in harmony in order to keep the ledger consistent. That’s a lot of pressure. What happens if one of the musicians (nodes) makes a wrong note? Do they have to start the whole song (blockchain) over again?
Resistance to attacks
Among the types of attacks that may occur on blockchain networks are DDoS (distributed denial of service) attacks, double-spending attacks, majority consensus attacks (51%) and Sybil attacks, in which malicious attackers present bogus identities in order to cause Byzantine faults.
In the case of the latter, Sybil attack resistance comes with significant complexity, performance and cost tradeoffs.
Според едно истражување, among the systems with strong Sybil attack resistance are PoW (proof-of-work)-like mechanisms that rely on some form of scarce resource constraint (CPU, memory or otherwise) and PoS (proof-of-stake)-like systems that rely on staking of resources (e.g., cryptocurrencies, stablecoins, reputation tokens).
Combinations of the two for instance, when PoW bootstrapping is used in conjunction with PoS execution also show resistance.
Overall, it is essential that a security system protects ledger contents and transactions against such malicious attacks analogous to having a robust lockset on a door that protects against burglary attempts while allowing entry to those with the key.
Data and network access
Access to blockchain data is another critical aspect of security. For blockchain to function properly, every user or node must be able to view the records saved on the ledger at any time. The ability to access this data is critical for blockchain users since it guarantees that everyone remains informed of the latest blockchain updates.
One of the technologies that ensure the security of assets while maintaining easy accessibility is MPC (multi-party computation). The MPC technology prevents the risk of a ‘single point of compromise’ by eliminating the need to store sensitive information at one location.
Multiple parties receive the private key split into shares, encrypted and divided among them. If a private key is lost or stolen, it can be reconstructed dynamically from input from all parties.
Therefore, even if one party is compromised, the blockchain transaction cannot be executed using only that shard. It’s like a bank vault with multiple locks that are opened using different keys by different people. Even if one key is stolen, the thief can’t open the vault without the other keys.
Pseudo anonymity
Pseudo-anonymity in blockchain means that only addresses are revealed not the names of the users behind them. This helps protect user privacy and allows them to perform transactions without revealing their identity, creating a trustless and secure financial ecosystem.
However, the lack of transparency in a blockchain can also be a double-edged sword. While it protects user privacy, it also makes it difficult to track down bad actors and hold them accountable for their actions. This lack of transparency can create an environment ripe for fraud and abuse.
According to Chainalysis, ransomware attackers изнудени at least $457 million from victims in 2022. So, to ensure a secure and trustworthy system, it is equally important for users to hold bad actors accountable hence, transparency needs to be balanced with privacy.
In a way, it’s like finding the right balance between a castle’s security and its friendliness. Too much security can make it difficult to access the castle, while too little can make it vulnerable to attack from outsiders.
Similarly, too much transparency in a blockchain can lead to privacy violations, while too little can lead to fraud and abuse. So, if you want to keep your castle safe, make sure you find the middle ground between ‘Fort Knox’ and ‘Disneyland.’
Финале мисли
It cannot be overstated how important blockchain security is in preventing unwanted intrusions. However, usability should also be considered. Developers need to consider attackers as well as users when creating blockchain security solutions.
Giving equal attention to usability does not mean sacrificing security. Instead, keeping the user in mind is key to designing effective security systems. Some already exist, and it will be great to see more во иднина.
Blockchain security solutions should be like a mama bear tough enough to keep intruders away but gentle enough to give users a hug when they need it.
Тарас Довгал е сериски претприемач со над 10 години искуство во развој на системи. Со страст за крипто од 2017 година, тој е ко-основач на неколку компании поврзани со крипто и моментално развива платформа за крипто-фиат. Како доживотен ентузијаст за стартување и развој на веб, целта на Тарас е да ги направи крипто производите достапни за главните потрошувачи не само техничари.
Следете нè на Twitter Facebook Телеграма
Одрекување: Мислењата изразени во The Daily Hodl не се совети за инвестиции. Инвеститорите треба да ја направат својата претпазливост пред да направат какви било инвестиции со висок ризик во Bitcoin, cryptocurrency или дигитални средства. Ве молиме, ве советуваме дека вашите трансфери и занаети се на ваш сопствен ризик и сите загуби што може да ги направите ќе бидат ваша одговорност. Дневниот Ходл не препорачува купување или продажба на криптовалути или дигитални средства, ниту пак Дејли Ходл е советник за инвестиции. Забележете дека The Daily Hodl учествува во здружениот маркетинг.
Избрана слика: Shutterstock/Креатор на простор/Владимир Сазонов
Source: https://dailyhodl.com/2023/02/15/blockchain-security-a-delicate-balance-between-keeping-hackers-out-and-letting-users-in/