IS BLOCKCHAIN THE NEW CYBER DARK ART?Ben Smith CISSP, CRISC, CIPTField Chief Technology Officer (US)RSA

@Ben_Smith

C O N F I D E N T I A L

2 Source: http://article.gmane.org/gmane.comp.encryption.general/12588/

3

The Blockchain

4

What is Blockchain?

What Properties Make it Interesting?

What Limitations Should You Consider?

AGENDA

5

WHAT IS BLOCKCHAIN?

66 Source: images licensed from Aleksei Fetisov, olgamilagros © 123RF.com

Each maintain a copy of the digital ledger.

1

Group transactions into blocks using a (Merkle) hash tree

2

Execute a distributed consensus protocol

to validate transactions

3

Build a hash chain over the blocks,

which forms a ledger where transactions

are ordered for consistency

4

PEERS

88

PRIMARY BLOCKCHAIN CATEGORIES

Anyone can participatein consensus protocol

Only accessible to those who have been given an invite

PUBLIC / PERMISSIONLESS

PRIVATE / PERMISSIONED

9

RSA Algorithm

1977

ChaumianDigital Cash

1982

Proof-of-Work Protocols

1993

Digital Timestamping

1991 1996

Proof-of-Work-based digital currency

1978

Cryptographic Hash Functions

10

BITCOIN’S ACADEMIC PEDIGREE

Source: Arvind Narayanan, Jeremy Clark; ACM Queue; August 2017

linked timestamping, verifiable logs

digitalcash

proofof work

Byzantine fault

tolerance

public key as

identitiessmart

contracts1980

1985

1990

1995

2000

2005

2010

2015

MerkleTree

Haber & Stornetta

Haber & Stornetta

Ecash

OfflineEcash

DigiCash

Micro-mint

Anti-spam

hashcash

Client puzzles

Sybil attack

Nakamoto consensus

Paxos made simple

PBFTGoldberg dissertation

Chaumanonymous

communicationByzantine Generals

Chaumsecurity w/o

identification

Szabo essay

Bit gold

Bitcoin

Private blockchains

Ethereum

b-money

Benaloh & de Mare

Bayer, Haber, Stornetta

Paxos

Computational imposters

11

WHAT PROPERTIES MAKE BLOCKCHAIN INTERESTING?

12

I m m u t a b i l i t y P u b l i c A c c e s sD e c e n t r a l i z a t i o n

WHY PEOPLE SEEM TO CARE

13

P r e v e n t D o u b l e S p e n d i n g

L i m i t Tr u s tP r i v a c y

DIGITAL CURRENCY: USEFUL PROPERTIES

14

P s e u d o n y m i t y v sA n o n y m i t y

H a r d t o R e v e r tS l o w Ve r i f i c a t i o n

DRAWBACKS

15

SHOULD YOU EVEN USE A BLOCKCHAIN?

Public Permissioned Blockchain

Private Permissioned Blockchain

Are there multiple writers?

PermissionlessBlockchain

Don’t use Blockchain

Can you use an always

online TTP?

Are all writers known?

Are all writers trusted?

Is public verifiability required?

Do you need to store state?

Source: Karl Wust, Arthurd Gervais. “Do you really need a blockchain?” https://eprint.iacr.org/2017/375.pdf

16

BLOCKCHAINS VERSUS DATABASES

Permissionless Blockchain Permissioned Blockchain Central Database

Number of untrusted writers

Consensus mechanism

Centrally managed

Throughput Low High Very High

Latency Slow Medium Fast

Number of readers High High High

Number of writers High Low High

High Low 0

Mainly PoW, some PoS BFT Protocols (e.g. PBFT) None

No Yes Yes

Source: Karl Wust, Arthurd Gervais. “Do you really need a blockchain?” https://eprint.iacr.org/2017/375.pdf

17

CHALLENGES AND PITFALLS

18

BITCOIN INCENTIVE ARGUMENTS

Nakamoto: “The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules favourhim with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.”If blockchain is used outside of financial transactions, economic incentives to cooperate may no longer apply…

more profitable to play by the rulesthan to

undermine the system

GDPR and the right to be forgotten

Distribution of data

Enforceability of contracts

I N N O V A T I O NW H AT K E Y A S S U M P T I O N SA R E N E E D E D F O R S U C C E S S ?

I S I T R E A L LY I N N O VAT I V E ? D O E S I T D I S T I N C T LYS O LV E A P R O B L E M ?

H O W D O E S I T F I T A S PA R T O F A N E N D - TO - E N D S Y S T E M ?

21

Blockchain has fascinating properties, making it suitable for cryptocurrencies

However, outside of cryptocurrencies, blockchain is often not the “right” solution

Compare blockchain-based approaches against simpler alternatives (e.g., databases, digital signatures, timestamping, etc.).

TAKEAWAYS

CISSP CRISC CIPT RSA FIELD CTO (US)@BEN_SMITH