Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
IS BLOCKCHAIN THE NEW CYBER DARK ART?Ben Smith CISSP, CRISC, CIPTField Chief Technology Officer (US)RSA
@Ben_Smith
C O N F I D E N T I A L
2 Source: http://article.gmane.org/gmane.comp.encryption.general/12588/
3
The Blockchain
4
What is Blockchain?
What Properties Make it Interesting?
What Limitations Should You Consider?
AGENDA
5
WHAT IS BLOCKCHAIN?
66 Source: images licensed from Aleksei Fetisov, olgamilagros © 123RF.com
Each maintain a copy of the digital ledger.
1
Group transactions into blocks using a (Merkle) hash tree
2
Execute a distributed consensus protocol
to validate transactions
3
Build a hash chain over the blocks,
which forms a ledger where transactions
are ordered for consistency
4
PEERS
88
PRIMARY BLOCKCHAIN CATEGORIES
Anyone can participatein consensus protocol
Only accessible to those who have been given an invite
PUBLIC / PERMISSIONLESS
PRIVATE / PERMISSIONED
9
RSA Algorithm
1977
ChaumianDigital Cash
1982
Proof-of-Work Protocols
1993
Digital Timestamping
1991 1996
Proof-of-Work-based digital currency
1978
Cryptographic Hash Functions
10
BITCOIN’S ACADEMIC PEDIGREE
Source: Arvind Narayanan, Jeremy Clark; ACM Queue; August 2017
linked timestamping, verifiable logs
digitalcash
proofof work
Byzantine fault
tolerance
public key as
identitiessmart
contracts1980
1985
1990
1995
2000
2005
2010
2015
MerkleTree
Haber & Stornetta
Haber & Stornetta
Ecash
OfflineEcash
DigiCash
Micro-mint
Anti-spam
hashcash
Client puzzles
Sybil attack
Nakamoto consensus
Paxos made simple
PBFTGoldberg dissertation
Chaumanonymous
communicationByzantine Generals
Chaumsecurity w/o
identification
Szabo essay
Bit gold
Bitcoin
Private blockchains
Ethereum
b-money
Benaloh & de Mare
Bayer, Haber, Stornetta
Paxos
Computational imposters
11
WHAT PROPERTIES MAKE BLOCKCHAIN INTERESTING?
12
I m m u t a b i l i t y P u b l i c A c c e s sD e c e n t r a l i z a t i o n
WHY PEOPLE SEEM TO CARE
13
P r e v e n t D o u b l e S p e n d i n g
L i m i t Tr u s tP r i v a c y
DIGITAL CURRENCY: USEFUL PROPERTIES
14
P s e u d o n y m i t y v sA n o n y m i t y
H a r d t o R e v e r tS l o w Ve r i f i c a t i o n
DRAWBACKS
15
SHOULD YOU EVEN USE A BLOCKCHAIN?
Public Permissioned Blockchain
Private Permissioned Blockchain
Are there multiple writers?
PermissionlessBlockchain
Don’t use Blockchain
Can you use an always
online TTP?
Are all writers known?
Are all writers trusted?
Is public verifiability required?
Do you need to store state?
Source: Karl Wust, Arthurd Gervais. “Do you really need a blockchain?” https://eprint.iacr.org/2017/375.pdf
16
BLOCKCHAINS VERSUS DATABASES
Permissionless Blockchain Permissioned Blockchain Central Database
Number of untrusted writers
Consensus mechanism
Centrally managed
Throughput Low High Very High
Latency Slow Medium Fast
Number of readers High High High
Number of writers High Low High
High Low 0
Mainly PoW, some PoS BFT Protocols (e.g. PBFT) None
No Yes Yes
Source: Karl Wust, Arthurd Gervais. “Do you really need a blockchain?” https://eprint.iacr.org/2017/375.pdf
17
CHALLENGES AND PITFALLS
18
BITCOIN INCENTIVE ARGUMENTS
Nakamoto: “The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules favourhim with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.”If blockchain is used outside of financial transactions, economic incentives to cooperate may no longer apply…
more profitable to play by the rulesthan to
undermine the system
GDPR and the right to be forgotten
Distribution of data
Enforceability of contracts
I N N O V A T I O NW H AT K E Y A S S U M P T I O N SA R E N E E D E D F O R S U C C E S S ?
I S I T R E A L LY I N N O VAT I V E ? D O E S I T D I S T I N C T LYS O LV E A P R O B L E M ?
H O W D O E S I T F I T A S PA R T O F A N E N D - TO - E N D S Y S T E M ?
21
Blockchain has fascinating properties, making it suitable for cryptocurrencies
However, outside of cryptocurrencies, blockchain is often not the “right” solution
Compare blockchain-based approaches against simpler alternatives (e.g., databases, digital signatures, timestamping, etc.).
TAKEAWAYS
CISSP CRISC CIPT RSA FIELD CTO (US)@BEN_SMITH