Blockchain was supposed to be decentralized, of all the things it promised. Yet, there is a clear drift of centralization in the crypto-industry. Are we throwing its security strength under the bus?
Nearly 75% of the world’s hash power on the Bitcoin network is in Chinese-managed mining pools, point out Ben Kaiser and other researchers from Princeton University and Florida International University. While pool miners cannot be directly controlled by China, the study brings to fore the concern that the managers (responsible for assigning mining jobs and propagating completed blocks) are located within China and subject to Chinese authorities.
Furthermore, a fresh CryptoCompare study unveiled a growing level of centralization. With as many as 55% of projects in the cryptocurrency market centralized and 30 % semi-centralized, the notion of decentralization is taking a big spin now. Decentralization has been elbowed out in a hard-to-miss way by increasing shares of centralized and decentralized models from a governance angle between 2013 and 2018. Interestingly, the same pattern is visible when the break-down is viewed from a market-cap angle between the same years.
The word that ties it all together is this – centralization. Whether it is geographical in the first case, where Chinese authorities are now, reportedly, at a better vantage point to wield indirect control over all that big hash muscle; or model-based, as seen in the second case; it raises a lot of questions and fears.
No points for guessing why.
Decentralization was the single-word sales-brochure for blockchain to start with. Being scattered allowed this technology to be more secure, to be censorship-proof and to be agile. But as blockchain struggled with issues of speed, block size limits, mining power, efficiency etc., the road changed. Innovations, as well as tinkering with its quintessential aspects, started happening.
The blockchain decentralization games
The bedrock of blockchain, per se, began to be fiddled with when alternatives to the basic consensus protocol Proof of Work (PoW) emerged one by one. For instance, Proof-of-Stake (PoS) arrived to solve the energy challenges of PoW.
To cite a quick explanation from a Persistent whitepaper “
“Instead of a user spending say $2,000 buying mining equipment to engage in PoW algorithm and winning a mining reward, with PoS she can buy $2,000 worth of cryptocurrency and use it as a stake to buy proportionate block creation chances in the blockchain system by becoming a ‘validator’.”
A spin on PoS followed soon with Delegated Proof of Stake (dPoS) model where delegates can be appointed to inject more democratization in the model. Then, there was Proof of Elapsed Time (PoET) to address the energy usage issue of PoW by enforcing random waiting times for block construction. Soon enough, the world now had every possible model – Proof of Capacity (PoC) where users commit hardware capacity, Proof of Burn (PoB) where users give in coins for gaining a share in the consensus, and even a 4-processor solution for reaching agreements as proposed by Marshall Pease and co-scholars.
Security – collateral damage?
Yes, the Byzantine Generals dilemma, introduced in the original Satoshi whitepaper itself, has been addressed in creative ways by researchers and industry stakeholders in the last decade- as seen in all the models listed above.
What this wave has done is interesting. Now we have more options for mining at a better speed, with better block sizes, and with a pragmatic fee structure; but tapping these advantages have brought decentralization’s raw qualities on a backburner of sorts.
If you could ever ask a clever serial killer (hope you don’t know any) for the ultimate trick of fooling investigation noses, chances are you would be introduced to a cushion. The more pins one spreads out on a cushion, the harder it is to trace that one ‘important’ pin. Decentralization accorded that very strength to blockchain by spreading miners all across the cushion. The surface area was more random, formidable, overwhelming, too-dispersed and vague for any hacker to easily pick up one pin in particular. But centralization and concentration of power nudged away this ‘scattered’ advantage, questions and fears on security became frequent and more worried than ever.
Even PoW has been vulnerable to a 51% attack, but the ease and time advantage that centralized mining allows is much worrisome now. Rogue activity, at least in theory, tends to get a highway with centralized models, instead of trails all around a forest that PoW was all about.
A word of caution – From the horse rider’s mouth
Let’s ask a hybrid crypto Exchange that is trying to bring a lot of exchanges together with what it claims is a new technology- Coin DCX. Notably enough, CTO and co-founder Neeraj Khandelwal does not mince any words when he says that blockchain is certainly more secure when it is decentralized.
“Centralization does raise strong security concerns. Hackers can get fast access to large funds with centralized exchanges (where keys lie on the company servers). In absolute terms, even a decentralized exchange can get hacked but the incidence is low.
Trying to solve liquidity and mainstream adoption issues come with a security angle. It is a balance that has to be struck amidst speed, scale, and security.”
Turn to Sanjay Katkar, CTO, Quick Heal Technologies Limited and he would bring the attention to the current threat landscape that is manifesting the very fears we assume were far away.
“Crypto-mining is a strong concern and threat to computing power, and centralized approaches give more power to hackers here.”
He also emphasizes clarity on ‘authority’ with new consensus models from a security perspective. Threat levels would only grow if these questions are not reckoned in time.
That said, proponents of PoS models contend that security is better taken care of in PoS because a hacker would have to ‘buy’ the 51 % power instead of technically snatching that many mining pools, thus reducing the very incentive to hack a PoS system. Also, an incidence of use of faulty blocks and over-spending resources shrinks in a PoS scenario.
As Abhishek Sharma reasoned in a post.
“People won’t ever cheat because it can cost them, and denial of service attacks are still impossible, as you would only accept a block from someone who’s been selected by the network to stake the next block.”
The rise of specialized mining hardware also tends to introduce a disguised PoS effect into the future of PoW. If you can buy that hardware, you inject a stake in it, nonetheless. But then, the system is no longer as trustless as was ideally intended to be with PoW.
In a study titled, ‘A Survey on the Security of Blockchain Systems’ Xiaoqi Lia from the Hong Kong Polytechnic University, along with other researchers, points out elements of PoW-based blockchains.
“If a single miner’s hashing power accounts for more than 50% of the total hashing power of the entire blockchain, then the 51% attack may be launched. Hence, the mining power concentrating in a few mining pools may result in the fears of an inadvertent situation, such as a single pool controls more than half of all computing power.”
The study also noted vulnerabilities around selfish mining attacks, BGP (Broader Gateway Protocol) hijacking attacks (wherein control of network operators can allow attackers an easy way) and timestamp dependence. “In the blockchain, every block has a timestamp. Some smart contracts’ trigger conditions depend on timestamp, which is set by the miner according to its local system time. If an attacker can modify it, timestamp-dependent contracts are vulnerable.”
Note the part on how the number of the successfully to-be-hijacked Internet preﬁxes depends on the distribution of mining power. “Because of the high centralization of some Bitcoin mining pools, if they are attacked by BGP hijacking, it will have a signiﬁcant eﬀect.”
Baby with the bath water
These questions matter, especially if we want enterprises and general industry adoption to gain speed with blockchain. Mohit Vohra, Managing Consultant, PwC India is quick to underline that a lot of grey areas persist on the security angle, especially with public blockchain (even if private vendors are able to address these gaps for enterprise solutions).
“Over a period of time blockchain will evolve and new models would be leveraged but apt use cases would be important here.”
Security does not have to suffer in the quest for speed and mining muscle. Jeopardizing the very advantage of blockchain, the one that made it shake the world into an exciting storm– that would be some paradox to live with.
Khandelwal opines that blockchain has to evolve well to support both scale and security because that would be crucial to maintaining when mass adoption of this technology actually happens.
Smart cops always look at a case from the eyes of the murderer. And right now all they are looking at is – a cushion with missing pins.