Securing Blockchains
Andrew Miller
IC3 Retreat
May 17, 2016
Blockchain is
an opportunity to build
resilient by design
infrastructure
A blockchain is a Virtual Trusted Computer
Consistency - Every server gives the same result
Availability - New transactions are processed (quickly)
Withdraw $500
Does Alice’s account have $500?
OK, subtract $500 and dispense cash
Alice
Alice: $800
Alice: $300
Withdraw $500
“Alice”
Does Alice’s account have $500?
OK, subtract $500 and dispense cash
Withdraw $500
“Alice”
Does Alice’s account have $500?
OK, subtract $500 and dispense cash
Alice: $800
Alice: $-200!!!
Distributed systems are notoriously difficult
“A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.”
– Leslie Lamport, 1987
The good news - 30 years of science to draw upon
Lessons from 30 years are not always applied
Stellar
Fork predicted months in advance, based on flaws discovered during peer-review
What goes wrong? (and how IC3 can help)
- “Don’t roll your own crypto” build from existing reliable components
- Implementation errors program analysis, secure language design
- Defective protocols we prove that protocols are secure
- Mismatched interfaces between systems
we build generic abstractions that can be put together safely
The traditional distributed systems setting
“Consortium blockchain”
Nodes are run by well-known, trusted entities
The “permissionless blockchain” setting is new
13
Sybil attack
- Miners are neither employees nor contractors
- Spending on “defense” is % of market cap
…. yet they are the ones doing the work
$1M spent per day on Bitcoin mining
Market cap: $6B
Mining is 98% of the Bitcoin’s operational cost
The cost to attack the network with hashpower: ~ $1M/day
Permissioned vs Permissionless Blockchains
We don’t know (yet) how to replicate Bitcoin’s success
We know how to build secure and scalable permissioned blockchains
The 5 layers of blockchain architecture
Network: broadcasting transactions and blocks
Consensus: the agreement-reaching engine
Storage: bootstrapping new nodes, storing archival data
Application: transactions, smart contract language
View: cached summary of the transaction log
The 5 layers of blockchain architecture
Network: broadcasting transactions and blocks
Consensus: the agreement-reaching engine
Storage: bootstrapping new nodes, storing archival data
Application: transactions, smart contract language
View: cached summary of the transaction log
The 5 layers of blockchain architecture
Network: broadcasting transactions and blocks
Consensus: the agreement-reaching engine
Storage: bootstrapping new nodes, storing archival data
Application: transactions, smart contract language
View: cached summary of the transaction log
What we want: a Virtual Trusted Computer
What programs run on the trusted computer?
Smart Contracts: programs for the Trusted Computer
Example:
if GOOGL is trading at more than
$800 per share on May 20, 2016
then transfer 5 shares of GOOGL from Alice to Bob,
and have Bob pay Carol $15,000
Contract
The Story
Smart Contract programming is error-prone
Fall 2014: Smart contracts in UMD security class
Mistakes exhibited by students are also
found in today’s Ethereum smart contracts
What happens when a third player tries to join the contract?
Avoidable mistakes!
We have the tools to correctly engineer consensus protocols and secure blockchains.
Security hazards abound.
Avoid repeating past mistakes!
Backup slides
Reality: Computers and network links sometimes fail
Open research questions
How can we use existing “authorities” as oracles?
See demo: TownCrier
How can we provide privacy at the same time as auditability?
See talks: Hawk, and Solidus
How can we make blockchains scalable and efficient?
See talks: BitcoinNG, Federated Consensus, HoneyBadgerBFT
Can we integrate blockchains within existing law / institutions?
“Blockchain technology”
a toolbox of applied cryptography and distributed computing techniques, for building trustworthy shared databases
- hashes and authenticated data structures
(e.g. a literal “blockchain”)
- digital signatures
- consensus protocols
- zero-knowledge proofs, homomorphic encryption
- computer languages for business+security policies
(e.g. “smart contracts”)
DuckCoin - threshold signature
OK
OK
OK
NO
What’s my account balance?
Smart contracts - computer programs that
enforce business and security policies
Example: a jointly-owned fund with three principals
Each principal may authorize transfers of up to $1000 per day
Authorization from any majority (2 of 3) can transfer any amount
Smart contracts - computer programs that
enforce business and security policies
data: principals = [p1,p2,p3]
on request(transfer $X to #Recipient):
if (this request is signed by 2/3 principals) then approve
if (this request is signed by 1/3 principals and
this principal has spent < $limitPerDay - $X) then approve
otherwise deny
Example: a jointly-owned fund with three principals
Smart contracts - computer programs that
enforce business and security policies
Each principal may authorize transfers of up to $1000 per day
Authorization from any majority (2 of 3) can transfer any amount
Properties - robust with regard to loss/theft of any 1 principal’s key
How would you implement this in a business contract?
Who has “custody” of these funds?
DuckCoin - a pedagogical blockchain design
DuckCoin - a pedagogical blockchain design
Three “nodes” - Huey, Dewey, and Louie run a consortium blockchain
Step I. run a consensus algorithm to put transactions in order
Step II. sign and publish each transaction and updated balances
Step III. store balances in an authenticated data structure
The system is designed to withstand 1 node failure
and graceful degradation (other failures are detected)
DuckCoin - consensus protocol
X
Transfer $5,000 to Bob
- Jointly process user requests
- Withstand 1 node crashing
- Prevent “double spends”
Transfer $5,000 to Carol
DuckCoin - authenticated data structure
Block
Block
Block
Transaction
Transaction
Transaction
Transaction
Transaction
Transaction
Transaction
Transaction
Transaction
Balance
Balance
Balance
Balance
Balance
Balance
Balance
Balance
Balance
Security Analysis ← This part is important!!!!
Assumptions:
How many nodes can fail, how reliable are communications?
Examples:
What happens if 2 nodes crash? If 1 node is commandeered?
What happens if the network intermittently disrupted?
Guarantees:
Safety/consistency Liveness/availability
Auditability Privacy
Bitcoin Mining: a
force field for open blockchains
The good news - 30 years of science to draw upon
Large toolbox of provably-secure protocols
- PBFT
- Paxos
- Raft (just to name a few)
Scientific methods for rigorously evaluating new protocols
What properties do they guarantee?
What assumptions do they rely on?
Bitcoin Mining is a surprising new solution for the “open blockchain” setting