Yesterday’s Hacker Public Radio podcast was an introduction to Bitcoin that I recorded recently. The audio is terrible, but hopefully the content is less than terrible. I’m not sure if there’s much of an audience on HPR for Bitcoin and blockchain related content – we’ll see.
Here is what I tried to cover:
I’d like to follow it up with some discussions around security and privacy challenges people face using Bitcoin, and security challenges around smart contracts and token platforms. Given the nature of audio as a platform, talking through security and privacy issues is probably easier than going through examples of smart contract security coding errors.
As I see it, the natural topics to address for security concerns start with explaining what it means to have control over your cryptocurrency. For example, not keeping it on exchanges but using some type wallet solution and safeguarding your private keys. Wallet security is the obvious next topic, in particular discussing web-based wallets and using browser plugins along with contrasting mobile wallet software with hardware soltions and paper wallets.
Perhaps the next topics to address around blochcain security would be to review the basics of the cryptography used in blockchain systems. In particular hashing, which is the basis for most Proof of Work systems as well as being used to ensure the integrity of transaction histories. Also zero knowledge proof systems, which are not yet widely used but are a critical part of privacy-focused blockchain protocols.
In terms of operational security, I’d like to discuss how the miners verify transactions to prevent inflation, and how the miners are kept in check to ensure they’re kept honest. Also along the lines of the mechanics of blockchain operation are the concepts around how blockchains can be attacked and the mechanisms that deter such attacks, along with a mention about sidechains and merged mining.
Maybe even before that it would be worthwhile to talk about the major areas of concern and the threat models to be considered. A look at core developers, miners, exchanges, forks, supply chain attacks, protocol bugs, etc. along with how they might be exploited and by whom.
Being an old Namecoin fan, I’d love to squeeze in some talk about bringing additional security and privacy benefits to existing infrastructure like DNS as well. DNS ha no shortage of problems, and blockchains have interesting answers along with their own unique challenges.
Network protocol discussions are relevant too since networks like Bitcoin need to be secure in spite of malicious nodes, misconfigured nodes, nodes running older versions of software, and unreliable nodes. Consensus algorithms are at the heart of what makes these networks function correctly and certain types of attacks try to exploit weaknesses in the protocols themselves.
Privacy focused blockchains surely deserve some exploration too. They address very real needs by individuals and companies for confidential financial transactions as well as introducing new security challenges that other blockchains do not have to deal with. Part of that general discussion has to be why it doesn’t work well to bolt on security and privacy solutions on top of existing blockchain designs that lack it.
A general survey of smart contract platform security is in order as well, since this is the source of huge financial losses, rivaled only by hacks of cryptocurrency exchanges. This is worth emphasizing, since it is likely that these platforms will become more widely used over time, not less so. There are various approaches taken by projects, and the security implications are quite significant.
I don’t have good recording equipment and I definitely do not have a great radio voice, so stay tuned here for a closer look at these topics.