SlideShare une entreprise Scribd logo

Blockchain and Smart Contract Long Term Security (updated)

Télécharger en tant que PPTX, PDF
P
Peter Robinson

Presentation looking at the long term security of blockchain and smart contract platforms: Bitcoin, Ripple, and Ethereum. This is based on the presentation I delivered at the Blockchain conference in Sydney in November 2016. It assumes a solid understanding of blockchain technologies. A knowledge of cryptography would be helpful.

Technologie
1  sur  38
Copyright © 2016 Peter Robinson Blockchain and Smart Contract Long Term Security Peter Robinson, peter.robinson@sent.com Updated November 18, 2016
Copyright © 2016 Peter Robinson Overview ▪ Distributed Ledger and Smart Contract systems have as an underlying assumption that once transactions are in a block chain, they are locked-in forever. ▪ This presentation analyses whether this immutability can actually be delivered in the long term, given increasing traditional computational power, the emergence of quantum computing, and the possibility of cryptographic algorithmic flaws. ▪ Additionally, an idea about distributed systems security is presented. 2
Copyright © 2016 Peter Robinson Caveat on results in these slides ▪ Tentative results are presented herein. ▪ More detailed analysis is needed. 3
Copyright © 2016 Peter Robinson Agenda ▪ Blockchain and Smart Contract Platforms Long Term Security: ▪ Cryptography and Cryptanalysis. ▪ Blockchain Platforms and Cryptanalysis. ▪ Mitigations. ▪ Mitigation for Active Attacks against Distributed Systems. 4
Copyright © 2016 Peter Robinson Cryptography & Cryptanalysis
Copyright © 2016 Peter Robinson Cryptography: Algorithms ▪ Digest Algorithm (Hash): SHA256, SHA512, RIPEMD160, KECCAK, SHA3/256: ▪ Variable length input -> Fixed Length Output. ▪ Signing: ECDSA (secp256k1)/Digest Algorithm, RSA/Digest Algorithm: ▪ Sign with private key, verify with public key. 6
Copyright © 2016 Peter Robinson Cryptography: Message Digests / Hashes 7 ? Preimage Resistance Hash n h(x) x Second Preimage Resistance Hash n h(x) ? Hash h(x’) ≠ = ? Collision Resistance Hash n/2 h(x) ? Hash h(x’) ≠ =
Copyright © 2016 Peter Robinson Cryptography: Signatures ▪ Forgeability: Recover private key from public key. ▪ Non-repudiation: Have two public keys P1 and P2 which verify the same signature. ▪ Integrity: Have two message digests M1 and M2 which when signed with public key P result in the same signature. 8
Copyright © 2016 Peter Robinson Cryptography: Security Strength (Assuming no Quantum Cryptanalysis) 9 Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512 SHA3,512 512 SHA512 SHA3,512
Copyright © 2016 Peter Robinson Traditional Computing Power 10 Ref 1: http://www.extremetech.com/wp-content/uploads/2015/04/MooresLaw2.png
Copyright © 2016 Peter Robinson Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 512 SHA512, SHA3,512 Cryptography: Security Strength assuming no Quantum Cryptanalysis 11 2010 2030?
Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ Shor’s Algorithm: Allows ECC private key to be calculated from ECC public key. ▪ Gover’s Algorithm: Allows algorithms to be executed in square-root time: ▪ Affects message digest algorithms and symmetric key algorithms. ▪ Security Strength after Quantum = (Security Strength Before Quantum) / 2 12
Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ When will Quantum Computing and Quantum Cryptanalysis be a reality? ▪ Michele Mosca, Institute for Quantum Computing and Department of Combinatorics and Optimization, University of Waterloo, said2: ▪ “I estimate a 1/7 chance of breaking RSA-2048 by 2026 and a 1/2 chance by 2031” ▪ Predicts a “Moore’s Law” type of increase in capability. 13 Ref 2: Mosca, M. (2015) “Cybersecurity in an era with quantum computers: will we be ready?” Available: https://eprint.iacr.org/2015/1075.pdf
Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 14 Security Strength* RSA ECC Hash Preimage Hash Collision 4 5 19 secp256k1 26 2048 40 RIPEMD160 64 SHA256, Keccak-256, SHA512/256 80 RIPEMD160 128 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 256 SHA512, SHA3,512 2012 *: Shor algorithm security strength calculated as log2(K * K * log(K) * log(log(K))) Late 2020s or 2030s?
Copyright © 2016 Peter Robinson Cryptographic Algorithmic Flaws 15 Ref 3: Preneel, B. (2013) “Introduction to the Design and Cryptanalysis of Cryptographic Hash Functions” Available: https://www.cosic.esat.kuleuven.be/summer_school_albena/slides/preneel_hash_july2013_shortv1_print.pdf
Copyright © 2016 Peter Robinson Blockchain Platforms and Cryptanalysis
Copyright © 2016 Peter Robinson Three Attack Scenarios ▪ Attack existing blocks. ▪ Attacking new blocks as they are being made: ▪ Miners either altering transactions being included in blocks or being able to always mine the best block. ▪ Users either craft transactions masquerading as other users or craft transactions to double spend. 17
Copyright © 2016 Peter Robinson Bitcoin: Cryptographic Usage4 ▪ Main Hash: HM(x) = SHA256(SHA256(x)) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 18 Ref 4: Giechaskiel, I., Cremers, C., Rasmussen, K. (2016) “On Bitcoin Security in the Presence of Broken Crypto Primitives”
Copyright © 2016 Peter Robinson Ripple Cryptographic Usage ▪ Main Hash: HM(x) = 256 bit truncated SHA512(x) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 19
Copyright © 2016 Peter Robinson Ethereum Cryptographic Usage ▪ Main Hash: HM(x) = KECCAK-256(x) ▪ Address Hash: HA(x) = 160 bit truncated KECCAK-256(x) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 20
Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 21 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x))
Copyright © 2016 Peter Robinson Attack Existing Blocks Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision None None Second pre-image Repudiate transaction Repudiate transaction Pre-image Uncover public key associated with address None 22
Copyright © 2016 Peter Robinson Attack Existing Blocks Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 23
Copyright © 2016 Peter Robinson Miner Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover public key associated with address Complete failure of the blockchain: be able to determine best block more easily than other miners. 24
Copyright © 2016 Peter Robinson Miner Attack Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 25
Copyright © 2016 Peter Robinson User Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover key associated with address None 26
Copyright © 2016 Peter Robinson User Attack Signature Algorithm Issues Breakage Effect Selective forgery None Integrity break Execute transactions and then repudiate them Repudiation Execute transactions and then repudiate them 27
Copyright © 2016 Peter Robinson Mitigations
Copyright © 2016 Peter Robinson Mitigations: Better Use of Existing Algorithms ▪ Use stronger algorithms for Address Hash and Main Hash. ▪ Address Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) ▪ Main Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) 29
Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 30 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 SHA 512(SHA 512(x)), SHA3/512(x) 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x)), SHA3/512(x) SHA 512(SHA 512(x)), SHA3/512(x) 512 SHA 512(SHA 512(x))
Copyright © 2016 Peter Robinson Mitigations: Post-Quantum ▪ USA’s NIST are looking to standardize post-quantum algorithms by 20225. ▪ Lattice Based Signature Algorithms: ▪ Different type of mathematics to RSA and ECC. ▪ Historically, Lattice based algorithms have been found to be not as strong as first thought after two to five years of cryptanalysis. ▪ Sphincs: ▪ Based on well understood message digest algorithms. ▪ Larger public keys, private keys and signatures. 31 Ref 5: http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/pqcrypto-2016-presentation.pdf
Copyright © 2016 Peter Robinson Mitigations: Be Prepared to Change ▪ Blockchain platforms need to have migration plans in place. ▪ Allow for multiple algorithms: ▪ Should allow for faster transition in case of a sudden event: stop accepting transactions which use one algorithm. ▪ Can lead to downgrade attacks. ▪ Learn from other domains such as Transport Layer Security. ▪ Plan for: ▪ Larger signatures and larger identifiers. ▪ Re-sign entire blockchain. ▪ Roll-over all keys to newer algorithms. 32
Copyright © 2016 Peter Robinson Mitigation for Active Attacks against Distributed Systems
Copyright © 2016 Peter Robinson Using Blockchain to provide Defence in Depth against Active Attacks ▪ Web applications and SaaS can be delivered as scalable cloud services. ▪ These services can be viewed as distributed systems. ▪ Active attackers may Powerfully Own (POWN) parts of the distributed system. ▪ Distributed Ledgers could be used as a resilient distributed database. ▪ Challenges: ▪ Performance. ▪ Non-proof of work consensus algorithms which are resilient to active attack. ▪ Dynamic scaling. 34
Copyright © 2016 Peter Robinson Closing
Copyright © 2016 Peter Robinson Future Work ▪ More detailed analysis to verify the results presented herein. ▪ Hyper Ledger needs to be reviewed. ▪ Proof of Stake protocols need to be considered. 36
Copyright © 2016 Peter Robinson Summary ▪ Cryptography is a dynamic field. Things change: ▪ Quantum Cryptanalysis may become a reality. ▪ Processing power is still ever increasing despite declarations, “Moore’s Law is dead”. ▪ Breaks in cryptographic algorithms happen from time to time. ▪ Plan for change: ▪ Do mitigation planning and determine migration paths. ▪ Start executing changes now which can be done now. 37
Copyright © 2016 Peter Robinson Questions 38

Recommandé

RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)
Naoto MATSUMOTO
 
Securing PostgreSQL from External Attack
Securing PostgreSQL from External AttackSecuring PostgreSQL from External Attack
Securing PostgreSQL from External Attack
All Things Open
 
Blockchain
BlockchainBlockchain
Blockchain
ForgeRock Identity Tech Talks
 
Intro to smart contract on blockchain en
Intro to smart contract on blockchain enIntro to smart contract on blockchain en
Intro to smart contract on blockchain en
Nicholas Lin
 
State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP
Tomoaki Sato
 
Defining Smart Contracts
Defining Smart ContractsDefining Smart Contracts
Defining Smart Contracts
Tim Swanson
 
Participant driven-health
Participant driven-healthParticipant driven-health
Participant driven-health
Melanie Swan
 
Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.
Cabot Wealth Management, Inc.
 

Recommandé

RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)
Naoto MATSUMOTO
 
Securing PostgreSQL from External Attack
Securing PostgreSQL from External AttackSecuring PostgreSQL from External Attack
Securing PostgreSQL from External Attack
All Things Open
 
Blockchain
BlockchainBlockchain
Blockchain
ForgeRock Identity Tech Talks
 
Intro to smart contract on blockchain en
Intro to smart contract on blockchain enIntro to smart contract on blockchain en
Intro to smart contract on blockchain en
Nicholas Lin
 
State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP
Tomoaki Sato
 
Defining Smart Contracts
Defining Smart ContractsDefining Smart Contracts
Defining Smart Contracts
Tim Swanson
 
Participant driven-health
Participant driven-healthParticipant driven-health
Participant driven-health
Melanie Swan
 
Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.
Cabot Wealth Management, Inc.
 
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsRetirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
AnandRaoPwC
 
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Raffaele Mauro
 
Effacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementEffacts Academy - Smart Contract Management
Effacts Academy - Smart Contract Management
Legal Manager
 
Bitcoin e Smart Contract
Bitcoin e Smart ContractBitcoin e Smart Contract
Bitcoin e Smart Contract
Diritto & Information and Communication Technology
 
Smart contractjp smartcontract_about
Smart contractjp smartcontract_aboutSmart contractjp smartcontract_about
Smart contractjp smartcontract_about
Tomoaki Sato
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationCryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Raffaele Mauro
 
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiQuantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
Professor Lili Saghafi
 
How smart are those smart contract
How smart are those smart contractHow smart are those smart contract
How smart are those smart contract
Roman Mandeleil
 
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldAdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
Nigel Mark Dias
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Raffaele Mauro
 
區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構
Nicholas Lin
 
Ethereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart ContractsEthereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart Contracts
jarradh
 
Blockchain, smart contracts - introduction
Blockchain, smart contracts - introductionBlockchain, smart contracts - introduction
Blockchain, smart contracts - introduction
Lukasz Jarmulowicz
 
Blockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesBlockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutes
Andreu Rodríguez i Donaire
 
Introduction to blockchain and smart contracts
Introduction to blockchain and smart contractsIntroduction to blockchain and smart contracts
Introduction to blockchain and smart contracts
Validity Labs
 
智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介
Nicholas Lin
 
Smart contracts
Smart contractsSmart contracts
Smart contracts
Philippe Camacho, Ph.D.
 
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoBlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
Oleg Kudrenko
 
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
WithTheBest
 
Block chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersBlock chain 101 what it is, why it matters
Block chain 101 what it is, why it matters
Paul Brody
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
Igalia
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
OWASP
 

Contenu connexe

En vedette

En vedette (20)

Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsRetirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
 
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
 
Effacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementEffacts Academy - Smart Contract Management
Effacts Academy - Smart Contract Management
 
Bitcoin e Smart Contract
Bitcoin e Smart ContractBitcoin e Smart Contract
Bitcoin e Smart Contract
 
Smart contractjp smartcontract_about
Smart contractjp smartcontract_aboutSmart contractjp smartcontract_about
Smart contractjp smartcontract_about
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationCryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
 
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiQuantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
 
How smart are those smart contract
How smart are those smart contractHow smart are those smart contract
How smart are those smart contract
 
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldAdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
 
區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構
 
Ethereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart ContractsEthereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart Contracts
 
Blockchain, smart contracts - introduction
Blockchain, smart contracts - introductionBlockchain, smart contracts - introduction
Blockchain, smart contracts - introduction
 
Blockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesBlockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutes
 
Introduction to blockchain and smart contracts
Introduction to blockchain and smart contractsIntroduction to blockchain and smart contracts
Introduction to blockchain and smart contracts
 
智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介
 
Smart contracts
Smart contractsSmart contracts
Smart contracts
 
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoBlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
 
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
 
Block chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersBlock chain 101 what it is, why it matters
Block chain 101 what it is, why it matters
 

Similaire à Blockchain and Smart Contract Long Term Security (updated)

HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
Igalia
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
OWASP
 
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routersConfiguring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
phosika sithisane
 
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
ProQuest
 

Similaire à Blockchain and Smart Contract Long Term Security (updated) (20)

HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
 
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
 
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routersConfiguring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
 
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn't
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
 
Hacking (with) WebSockets
Hacking (with) WebSocketsHacking (with) WebSockets
Hacking (with) WebSockets
 
POA based Side-Chain Architecture
POA based Side-Chain ArchitecturePOA based Side-Chain Architecture
POA based Side-Chain Architecture
 
The bitcoin blockchain
The bitcoin blockchainThe bitcoin blockchain
The bitcoin blockchain
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
 
blockchain.pptx
blockchain.pptxblockchain.pptx
blockchain.pptx
 
Communities and DDoS Mitigation at CATNIX
Communities and DDoS Mitigation at CATNIXCommunities and DDoS Mitigation at CATNIX
Communities and DDoS Mitigation at CATNIX
 
Public blockchains and municipalities en v1.0_hc
Public blockchains and municipalities en v1.0_hcPublic blockchains and municipalities en v1.0_hc
Public blockchains and municipalities en v1.0_hc
 
SHA-3 and Blockchain Security
SHA-3 and Blockchain SecuritySHA-3 and Blockchain Security
SHA-3 and Blockchain Security
 
Datastax day 2016 introduction to apache cassandra
Datastax day 2016 introduction to apache cassandraDatastax day 2016 introduction to apache cassandra
Datastax day 2016 introduction to apache cassandra
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Dernier (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Blockchain and Smart Contract Long Term Security (updated)

  • 1. Copyright © 2016 Peter Robinson Blockchain and Smart Contract Long Term Security Peter Robinson, peter.robinson@sent.com Updated November 18, 2016
  • 2. Copyright © 2016 Peter Robinson Overview ▪ Distributed Ledger and Smart Contract systems have as an underlying assumption that once transactions are in a block chain, they are locked-in forever. ▪ This presentation analyses whether this immutability can actually be delivered in the long term, given increasing traditional computational power, the emergence of quantum computing, and the possibility of cryptographic algorithmic flaws. ▪ Additionally, an idea about distributed systems security is presented. 2
  • 3. Copyright © 2016 Peter Robinson Caveat on results in these slides ▪ Tentative results are presented herein. ▪ More detailed analysis is needed. 3
  • 4. Copyright © 2016 Peter Robinson Agenda ▪ Blockchain and Smart Contract Platforms Long Term Security: ▪ Cryptography and Cryptanalysis. ▪ Blockchain Platforms and Cryptanalysis. ▪ Mitigations. ▪ Mitigation for Active Attacks against Distributed Systems. 4
  • 5. Copyright © 2016 Peter Robinson Cryptography & Cryptanalysis
  • 6. Copyright © 2016 Peter Robinson Cryptography: Algorithms ▪ Digest Algorithm (Hash): SHA256, SHA512, RIPEMD160, KECCAK, SHA3/256: ▪ Variable length input -> Fixed Length Output. ▪ Signing: ECDSA (secp256k1)/Digest Algorithm, RSA/Digest Algorithm: ▪ Sign with private key, verify with public key. 6
  • 7. Copyright © 2016 Peter Robinson Cryptography: Message Digests / Hashes 7 ? Preimage Resistance Hash n h(x) x Second Preimage Resistance Hash n h(x) ? Hash h(x’) ≠ = ? Collision Resistance Hash n/2 h(x) ? Hash h(x’) ≠ =
  • 8. Copyright © 2016 Peter Robinson Cryptography: Signatures ▪ Forgeability: Recover private key from public key. ▪ Non-repudiation: Have two public keys P1 and P2 which verify the same signature. ▪ Integrity: Have two message digests M1 and M2 which when signed with public key P result in the same signature. 8
  • 9. Copyright © 2016 Peter Robinson Cryptography: Security Strength (Assuming no Quantum Cryptanalysis) 9 Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512 SHA3,512 512 SHA512 SHA3,512
  • 10. Copyright © 2016 Peter Robinson Traditional Computing Power 10 Ref 1: http://www.extremetech.com/wp-content/uploads/2015/04/MooresLaw2.png
  • 11. Copyright © 2016 Peter Robinson Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 512 SHA512, SHA3,512 Cryptography: Security Strength assuming no Quantum Cryptanalysis 11 2010 2030?
  • 12. Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ Shor’s Algorithm: Allows ECC private key to be calculated from ECC public key. ▪ Gover’s Algorithm: Allows algorithms to be executed in square-root time: ▪ Affects message digest algorithms and symmetric key algorithms. ▪ Security Strength after Quantum = (Security Strength Before Quantum) / 2 12
  • 13. Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ When will Quantum Computing and Quantum Cryptanalysis be a reality? ▪ Michele Mosca, Institute for Quantum Computing and Department of Combinatorics and Optimization, University of Waterloo, said2: ▪ “I estimate a 1/7 chance of breaking RSA-2048 by 2026 and a 1/2 chance by 2031” ▪ Predicts a “Moore’s Law” type of increase in capability. 13 Ref 2: Mosca, M. (2015) “Cybersecurity in an era with quantum computers: will we be ready?” Available: https://eprint.iacr.org/2015/1075.pdf
  • 14. Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 14 Security Strength* RSA ECC Hash Preimage Hash Collision 4 5 19 secp256k1 26 2048 40 RIPEMD160 64 SHA256, Keccak-256, SHA512/256 80 RIPEMD160 128 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 256 SHA512, SHA3,512 2012 *: Shor algorithm security strength calculated as log2(K * K * log(K) * log(log(K))) Late 2020s or 2030s?
  • 15. Copyright © 2016 Peter Robinson Cryptographic Algorithmic Flaws 15 Ref 3: Preneel, B. (2013) “Introduction to the Design and Cryptanalysis of Cryptographic Hash Functions” Available: https://www.cosic.esat.kuleuven.be/summer_school_albena/slides/preneel_hash_july2013_shortv1_print.pdf
  • 16. Copyright © 2016 Peter Robinson Blockchain Platforms and Cryptanalysis
  • 17. Copyright © 2016 Peter Robinson Three Attack Scenarios ▪ Attack existing blocks. ▪ Attacking new blocks as they are being made: ▪ Miners either altering transactions being included in blocks or being able to always mine the best block. ▪ Users either craft transactions masquerading as other users or craft transactions to double spend. 17
  • 18. Copyright © 2016 Peter Robinson Bitcoin: Cryptographic Usage4 ▪ Main Hash: HM(x) = SHA256(SHA256(x)) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 18 Ref 4: Giechaskiel, I., Cremers, C., Rasmussen, K. (2016) “On Bitcoin Security in the Presence of Broken Crypto Primitives”
  • 19. Copyright © 2016 Peter Robinson Ripple Cryptographic Usage ▪ Main Hash: HM(x) = 256 bit truncated SHA512(x) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 19
  • 20. Copyright © 2016 Peter Robinson Ethereum Cryptographic Usage ▪ Main Hash: HM(x) = KECCAK-256(x) ▪ Address Hash: HA(x) = 160 bit truncated KECCAK-256(x) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 20
  • 21. Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 21 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x))
  • 22. Copyright © 2016 Peter Robinson Attack Existing Blocks Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision None None Second pre-image Repudiate transaction Repudiate transaction Pre-image Uncover public key associated with address None 22
  • 23. Copyright © 2016 Peter Robinson Attack Existing Blocks Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 23
  • 24. Copyright © 2016 Peter Robinson Miner Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover public key associated with address Complete failure of the blockchain: be able to determine best block more easily than other miners. 24
  • 25. Copyright © 2016 Peter Robinson Miner Attack Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 25
  • 26. Copyright © 2016 Peter Robinson User Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover key associated with address None 26
  • 27. Copyright © 2016 Peter Robinson User Attack Signature Algorithm Issues Breakage Effect Selective forgery None Integrity break Execute transactions and then repudiate them Repudiation Execute transactions and then repudiate them 27
  • 28. Copyright © 2016 Peter Robinson Mitigations
  • 29. Copyright © 2016 Peter Robinson Mitigations: Better Use of Existing Algorithms ▪ Use stronger algorithms for Address Hash and Main Hash. ▪ Address Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) ▪ Main Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) 29
  • 30. Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 30 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 SHA 512(SHA 512(x)), SHA3/512(x) 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x)), SHA3/512(x) SHA 512(SHA 512(x)), SHA3/512(x) 512 SHA 512(SHA 512(x))
  • 31. Copyright © 2016 Peter Robinson Mitigations: Post-Quantum ▪ USA’s NIST are looking to standardize post-quantum algorithms by 20225. ▪ Lattice Based Signature Algorithms: ▪ Different type of mathematics to RSA and ECC. ▪ Historically, Lattice based algorithms have been found to be not as strong as first thought after two to five years of cryptanalysis. ▪ Sphincs: ▪ Based on well understood message digest algorithms. ▪ Larger public keys, private keys and signatures. 31 Ref 5: http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/pqcrypto-2016-presentation.pdf
  • 32. Copyright © 2016 Peter Robinson Mitigations: Be Prepared to Change ▪ Blockchain platforms need to have migration plans in place. ▪ Allow for multiple algorithms: ▪ Should allow for faster transition in case of a sudden event: stop accepting transactions which use one algorithm. ▪ Can lead to downgrade attacks. ▪ Learn from other domains such as Transport Layer Security. ▪ Plan for: ▪ Larger signatures and larger identifiers. ▪ Re-sign entire blockchain. ▪ Roll-over all keys to newer algorithms. 32
  • 33. Copyright © 2016 Peter Robinson Mitigation for Active Attacks against Distributed Systems
  • 34. Copyright © 2016 Peter Robinson Using Blockchain to provide Defence in Depth against Active Attacks ▪ Web applications and SaaS can be delivered as scalable cloud services. ▪ These services can be viewed as distributed systems. ▪ Active attackers may Powerfully Own (POWN) parts of the distributed system. ▪ Distributed Ledgers could be used as a resilient distributed database. ▪ Challenges: ▪ Performance. ▪ Non-proof of work consensus algorithms which are resilient to active attack. ▪ Dynamic scaling. 34
  • 35. Copyright © 2016 Peter Robinson Closing
  • 36. Copyright © 2016 Peter Robinson Future Work ▪ More detailed analysis to verify the results presented herein. ▪ Hyper Ledger needs to be reviewed. ▪ Proof of Stake protocols need to be considered. 36
  • 37. Copyright © 2016 Peter Robinson Summary ▪ Cryptography is a dynamic field. Things change: ▪ Quantum Cryptanalysis may become a reality. ▪ Processing power is still ever increasing despite declarations, “Moore’s Law is dead”. ▪ Breaks in cryptographic algorithms happen from time to time. ▪ Plan for change: ▪ Do mitigation planning and determine migration paths. ▪ Start executing changes now which can be done now. 37
  • 38. Copyright © 2016 Peter Robinson Questions 38