‘Catastrophe’ may have been the word of choice at a blockchain security conference held at Stanford University yesterday.
While cryptocurrencies and private blockchains heighten financial control to a degree, there’s plenty that could go wrong with the new systems, and, perhaps spurred by interest from governments and institutions, experts from a range of disciplines are trying to pinpoint those unknowns.
The Blockchain Protocol Analysis and Security Engineering 2017 conference was brimming with examples of how this thinking is taking hold across the ecosystem’s disparate sectors.
Even half a year after its collapse, The DAO – the first large-scale ethereum application – remains a major point of discussion (seeing as it also resulted in two competing ethereum blockchains). As such, talks were held on how new scripting languages might help to fix problems there.
But, through the presentations, one major thread emerged: since the technology is so new, it’s hard to figure out which risks are real ones.
Engineering consultant and conference organizer Byron Gibson told CoinDesk:
“In terms of blockchain infrastructure, we’re trying to get a better idea of how these systems could fail catastrophically and how to prevent that.”
He added that developers and researchers are searching for the problems that will have the highest impact, whether they have a low or a high probability of actually occurring.
Overall, the conference placed a strong emphasis on preparing infrastructure to detect security problems that may take root down the road. At the same time, some argued that even the ways in which potential issues can be detected are not yet sufficiently mature.
One promising avenue might be simulation, using models to predict how blockchains react under different conditions. Three presentations dove specifically into how changes could impact bitcoin or other blockchains, envisioning how Internet protocol changes or block time intervals might impact their functionality.
“These still need another 10 years or so of development before they get really, really good. But it’s a good start,” Gibson said.
And, in the eyes of many attendees, it’s still a question of pinpointing the right risks.
During one session, Arvind Narayanan, assistant professor in computer science at Princeton, described how the end of bitcoin’s block reward could result in attacks.
While he acknowledged the concept represents a long-term game theory problem, it’s one that he argued is worth considering should the public blockchain come to serve a larger role in global commerce.
“We have some time,” he said.
Alongside emerging technologies to detect problems, there might be social risks.
Angela Walch, associate professor at St Mary’s University School of Law, pointed out in her presentation that the financial structure, as managed by several big institutions, never had to depend on open software before.
If public blockchains like bitcoin one day rule, this infrastructure would depend on a different set of rules, which she argued pose new risks.
“I don’t think I have any answers here, but I have a lot of questions,” she said when kicking off her presentation.
Others weren’t so worried about the dependence on a loose group of developers. One audience member pointed to the open-source operating system Linux as an example of a successful grassroots initiative.
While Linux isn’t used by your average computer user, it has deep appeal to some sectors of the internet community and has been ported to more devices than any other operating system. Still, Walch said it’s wise to start with skepticism.
“There are risks that I think you can’t ignore or push under the rug. I think they need to be acknowledged more openly even if there’s a small chance of the worst case scenario actually happening,” Walch later told CoinDesk.
“I think the outcomes are potentially catastrophic and you need to take them into account.”
Gibson also pointed out that there are new types of blockchains emerging right now, and that each variety might pose unique issues that simply aren’t relatable with the others.
“The permissioned ones are solving a simpler, better-understood problem than the permissionless ones. Maybe they have an advantage in that respect. But they’re still untested technology platforms,” he said.
And some seemed to think there was a rift between developers and academics at the conference. One developer attendee pointed out that, in his eyes, academics were not focused on the right problems.
Gibson had another take, arguing for a broader, more inclusive approach by all the industry’s disparate constituents.
To him, it’s worth examining the issue from all angles, telling CoinDesk:
“I don’t know if there’s any one security threat that takes precedence.”
Computer glitch via Shutterstock