A Defense Advanced Research Projects Agency-funded study about blockchains and their cybersecurity risks has revealed that several blockchain immutability scenarios resulted from subverting the property of its implementation, networking or consensus protocol.
DARPA said Tuesday it tapped Trail of Bits, a cybersecurity research and consulting firm, to conduct the research considering the increase in use of distributed ledger technology like blockchains and the vulnerabilities that could potentially affect the systems.
Some of the key research findings are: Stratum, which is the standard protocol for coordination within blockchain mining pools, is unencrypted; there is no explicit penalty for dishonest Bitcoin node operators; the number of parties capable of disrupting a blockchain is low; and Bitcoin traffic is unencrypted.
The challenge with using a blockchain is that one has to either (a) accept its immutability and trust that its programmers did not introduce a bug, or (b) permit
upgradeable contracts or off-chain code that share the same trust issues as a centralized approach, the study reads.
“The report demonstrates the continued need for careful review when assessing new technologies, such as blockchains, as they proliferate in our society and economy,” said Joshua Baron, DARPA program manager overseeing the study. “We should not take any promise of security on face value and anyone using blockchains for matters of high importance must think through the associated vulnerabilities.”