The decentralized Bitcoin currency and its security
Date : January 07, 2014
Introduction
The Bitcoin crypto-currency, which was released in 2009 by a person (or group of people) known as “Satoshi Nakamoto”, became famous by the end of 2012. As of today, no link was made between this nickname and the identity of real people. Nakamoto announced that he has been working on the Bitcoin project for two years before he released it on a mailing list, in a paper describing this electronic currency.
Since then, more and more stakeholders of the Internet started to accept this new currency as a payment method, without a consensus being made internationally on the legal aspect of this decentralized currency: some countries have therefore completely banned the usage of Bitcoin (e.g. China) whereas others are still in a brainstorming phase (e.g. the United States).
In the daily Cert-IST media watch bulletin for 2013, we have seen several news linked to Bitcoin vulnerabilities:
- The discovery of flaws and attacks on Bitcoin exchange places: DDoS on Mt. Gox in March, security flaw on Bitcoin Central in April, flaws discovered in August in the Android implementation of the Bitcoin client
- The emergence of a new type of malware (such as the Skynet botnet, of the malware recently discovered by LogRythm) able to steal electronic wallets or engage the victim’s computer in Bitcoin mining.
This article give an overview on the technical inner workings of this crypto-currency, and tries to determine if the recent security events related to Bitcoin are consequences of a lack of security in the technology itself or consequences of external factors.
Inner workings of a Bitcoin transaction
Bitcoin was initially made available by its author in the form of the source code for a client program (Bitcoin-Qt) along with a network protocol. The currency works on a peer-to-peer model which does not require a central server. At the opposite of the classical banking system where people trust banks to secure their money transactions, the trusted third-party role in Bitcoin is implemented by the network itself and the whole set of its users.
To buy and sell with bitcoins, one must generate a couple of private and public keys. The public key (known as public address), which is made of digits and letters, allows receiving money from another user on the network. The other part (the private key) is secretly kept and constitutes the Bitcoin wallet: a signed transaction is generated (with these keys) each time money is sent from one user to the other.
Each member of the network keeps a record for each transaction performed by any other users through a ledger (named “blockchain”) which is created on his computer when he joins the network for the first time. This ledger stored on each client is therefore quite big. The bitcoin balance for a user is known by browsing back the ledger and adding the transactions made to and from this user. This means that no central authority is storing an account’s balance. The Bitcoin currency thus offers a limited anonymity, as it is possible to know the history and amount of every transaction made by any user.
When a transaction in bitcoins is created, it is signed by the private key of its sender, and is sent on the network which will propagate it from peer to peer. The transaction is therefore considered as “unconfirmed”, until other users of the network verify it with the sender public key.
The computers which take part in the verification of bitcoin transactions are called miners. To verify a transaction, the first step is to check its authenticity with the public key. The second step is to check that this transaction is possible (in other words that the sender has enough bitcoins to give to the recipient). This phase is managed by referencing older transactions which will be as many inputs to proof that money is available.
Once verified, the miners are responsible for grouping operations in blocks, which constitute a unique block-chain of verified transactions on the network (each block referencing the previous one, as in a linked list).
The addition of a block to the chain is however not trivial: miners must compute a SHA-256 hash from a set of new transactions and a random number such that the result of this computation begins with a certain number of zeroes. As this result is statistically hard to obtain, miners must successively try several numbers until one of them manages to solve this mathematical challenge and adds a new transaction block to the chain. A consensus concerning the validity of transactions is established thanks to the unlikeliness of this event. The Bitcoin protocol is designed to adapt the difficulty of this challenge so that, on average, a single client manages to solve it every 10 minutes. Therefore, as there is only one new block propagated on the network following this event, the block-chain is unique to the whole network and the consensus is reached.
The new block added to the chains also contains an ex-nihilo transaction to reward the miner who managed to solve the hash challenge. This process allows new bitcoins to be added to the network.
Security strengths
Due to the completely distributed network design and the great number of participants, it is extremely hard to perform a DDoS attack against Bitcoin. The client implementations also contain several checks, performed upon reception of a message, which allow to avoid relaying useless data on the network (this should have constituted a DDoS attack by diffusion).
Another great advantage of Bitcoin is the non-requirement to transmit a sensible piece of information to make an operation, at the opposite of a purchase with a credit card on the Internet. When a transaction is made with Bitcoin, the private key necessary to the operation is never sent on the network. Only the record of the operation electronically signed is, and the authentication of this operation is performed by the miners. However, it is still necessary to ensure that the public address to which bitcoins are sent is genuine (to avoid for instance the scenario of a compromised online shop where the hacker replaced the website’s Bitcoin address by his own).
The algorithm and the cryptosystems choices made by its author also ensure that it is impossible to abuse the transaction system. The transaction block system statistically hard to solve ensures a transaction order, and prevents an attacker to work on the propagation times by sending two transactions: a legitimate operation towards the seller to proof the money is transferred and a second operation addressed by the attacker to himself, hoping this one would get validated before the legitimate operation (this attack is known as “double-spending attack”). The block-chain prevents to reuse the result of an operation to validate a transfer.
The robustness of Bitcoin is also proven for borderline cases. There is a very unlikely likelihood that two miners manage to resolve the hash challenge at the same time. In such a case, two block-chains, which different just by one block, would simultaneously exist on the network. This incoherent state will remain until one of the two chains is extended by another miner. When this event occurs, the remaining shorter chain is deleted from the network.
The previous point brings the notion of transaction status. When a transaction is made, the clients first display it as “0/unconfirmed”, meaning that the transaction has not been validated and integrated in a new block added to the chain yet. The client will then trace the number of blocks in the chain and the position of the transaction. The more deeply grounded in the chain the transaction is, the less likely the duplicated chain scenario can occur. It is then recommended to wait for the appearance of a new transaction block for small amounts of money, and several ones for higher amounts.
Risks
The transactions validation system being based on a mathematically hard to resolve challenge, it is very difficult for an attacker to infiltrate into the network and make it accept non-legitimate transactions. This would require to sign a fake transaction and to resolve a block containing it so the network accepts it in the chain.
However, several shops consider as valid transactions which are not verified (in the “0/unconfirmed”) status and do not wait several block creations to consider it as a realized transaction. In such a case, it is possible to imagine a scenario where the attacker isolates the target from the network and relays every of its connection to Bitcoin: they could then choose to relay only specific transactions, and freely perform “double-spending” attacks. To reduce this risk, the recommendation is to consider transactions as valid only if they have been integrated in a chained block. As this is a very unlikely event, even with a great computing power, it is almost impossible for the attacker to generate enough fake blocks to abuse the target and make them believe this transaction is validated.
The biggest risk is in reality located on the private key storage topic, which is the only way to operate a Bitcoin wallet. Some client programs store this key locally on the machine (in an encrypted form for some of them), whereas other wallets are online-based or cloud-based services and the user has then to trust the provider infrastructure security. And of course, some infrastructures are not secure. For instance, the Czech provider Bitcash.cz was compromised, and keys of 4,000 bitcoins wallets stolen…
Finally, the security matters of Bitcoin are the same as keeping our own banking credentials and the problem of authenticating an account where to transfer money.
Concerning the integrity of data given to the bank:
- In a classic banking system, the trust is given by customers to their bank and control authorities.
- In the Bitcoin system, the trust relies on cryptography robustness and irreversibility of transactions, once they are validated.
Conclusion
Incontestably, Bitcoin is an outstanding technical achievement. Its author managed to create a financial model which is decentralized and secure, and to generate trust in a crypto-currency relying on untrusted hosts of the Internet.
This quick technical survey shows that the risks of this crypto-currency and its protocol are minimal, and that the recent events affecting Bitcoin are actually related to vulnerabilities and attacks which are not fundamentally new (web site compromise, malware aiming at stealing banking information, trust given to online services), and affecting this currency ecosystem rather than the technology itself.
Sources :
Official Bitcoin website: http://bitcoin.org/
Bitcoin Wiki : https://en.bitcoin.it/wiki/Main_Page