SlideShare une entreprise Scribd logo

Blockchain and Smart Contract Long Term Security (updated)

Télécharger en tant que PPTX, PDF
P
Peter Robinson

Presentation looking at the long term security of blockchain and smart contract platforms: Bitcoin, Ripple, and Ethereum. This is based on the presentation I delivered at the Blockchain conference in Sydney in November 2016. It assumes a solid understanding of blockchain technologies. A knowledge of cryptography would be helpful.

Technologie
1  sur  38
Copyright © 2016 Peter Robinson Blockchain and Smart Contract Long Term Security Peter Robinson, peter.robinson@sent.com Updated November 18, 2016
Copyright © 2016 Peter Robinson Overview ▪ Distributed Ledger and Smart Contract systems have as an underlying assumption that once transactions are in a block chain, they are locked-in forever. ▪ This presentation analyses whether this immutability can actually be delivered in the long term, given increasing traditional computational power, the emergence of quantum computing, and the possibility of cryptographic algorithmic flaws. ▪ Additionally, an idea about distributed systems security is presented. 2
Copyright © 2016 Peter Robinson Caveat on results in these slides ▪ Tentative results are presented herein. ▪ More detailed analysis is needed. 3
Copyright © 2016 Peter Robinson Agenda ▪ Blockchain and Smart Contract Platforms Long Term Security: ▪ Cryptography and Cryptanalysis. ▪ Blockchain Platforms and Cryptanalysis. ▪ Mitigations. ▪ Mitigation for Active Attacks against Distributed Systems. 4
Copyright © 2016 Peter Robinson Cryptography & Cryptanalysis
Copyright © 2016 Peter Robinson Cryptography: Algorithms ▪ Digest Algorithm (Hash): SHA256, SHA512, RIPEMD160, KECCAK, SHA3/256: ▪ Variable length input -> Fixed Length Output. ▪ Signing: ECDSA (secp256k1)/Digest Algorithm, RSA/Digest Algorithm: ▪ Sign with private key, verify with public key. 6
Copyright © 2016 Peter Robinson Cryptography: Message Digests / Hashes 7 ? Preimage Resistance Hash n h(x) x Second Preimage Resistance Hash n h(x) ? Hash h(x’) ≠ = ? Collision Resistance Hash n/2 h(x) ? Hash h(x’) ≠ =
Copyright © 2016 Peter Robinson Cryptography: Signatures ▪ Forgeability: Recover private key from public key. ▪ Non-repudiation: Have two public keys P1 and P2 which verify the same signature. ▪ Integrity: Have two message digests M1 and M2 which when signed with public key P result in the same signature. 8
Copyright © 2016 Peter Robinson Cryptography: Security Strength (Assuming no Quantum Cryptanalysis) 9 Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512 SHA3,512 512 SHA512 SHA3,512
Copyright © 2016 Peter Robinson Traditional Computing Power 10 Ref 1: http://www.extremetech.com/wp-content/uploads/2015/04/MooresLaw2.png
Copyright © 2016 Peter Robinson Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 512 SHA512, SHA3,512 Cryptography: Security Strength assuming no Quantum Cryptanalysis 11 2010 2030?
Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ Shor’s Algorithm: Allows ECC private key to be calculated from ECC public key. ▪ Gover’s Algorithm: Allows algorithms to be executed in square-root time: ▪ Affects message digest algorithms and symmetric key algorithms. ▪ Security Strength after Quantum = (Security Strength Before Quantum) / 2 12
Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ When will Quantum Computing and Quantum Cryptanalysis be a reality? ▪ Michele Mosca, Institute for Quantum Computing and Department of Combinatorics and Optimization, University of Waterloo, said2: ▪ “I estimate a 1/7 chance of breaking RSA-2048 by 2026 and a 1/2 chance by 2031” ▪ Predicts a “Moore’s Law” type of increase in capability. 13 Ref 2: Mosca, M. (2015) “Cybersecurity in an era with quantum computers: will we be ready?” Available: https://eprint.iacr.org/2015/1075.pdf
Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 14 Security Strength* RSA ECC Hash Preimage Hash Collision 4 5 19 secp256k1 26 2048 40 RIPEMD160 64 SHA256, Keccak-256, SHA512/256 80 RIPEMD160 128 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 256 SHA512, SHA3,512 2012 *: Shor algorithm security strength calculated as log2(K * K * log(K) * log(log(K))) Late 2020s or 2030s?
Copyright © 2016 Peter Robinson Cryptographic Algorithmic Flaws 15 Ref 3: Preneel, B. (2013) “Introduction to the Design and Cryptanalysis of Cryptographic Hash Functions” Available: https://www.cosic.esat.kuleuven.be/summer_school_albena/slides/preneel_hash_july2013_shortv1_print.pdf
Copyright © 2016 Peter Robinson Blockchain Platforms and Cryptanalysis
Copyright © 2016 Peter Robinson Three Attack Scenarios ▪ Attack existing blocks. ▪ Attacking new blocks as they are being made: ▪ Miners either altering transactions being included in blocks or being able to always mine the best block. ▪ Users either craft transactions masquerading as other users or craft transactions to double spend. 17
Copyright © 2016 Peter Robinson Bitcoin: Cryptographic Usage4 ▪ Main Hash: HM(x) = SHA256(SHA256(x)) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 18 Ref 4: Giechaskiel, I., Cremers, C., Rasmussen, K. (2016) “On Bitcoin Security in the Presence of Broken Crypto Primitives”
Copyright © 2016 Peter Robinson Ripple Cryptographic Usage ▪ Main Hash: HM(x) = 256 bit truncated SHA512(x) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 19
Copyright © 2016 Peter Robinson Ethereum Cryptographic Usage ▪ Main Hash: HM(x) = KECCAK-256(x) ▪ Address Hash: HA(x) = 160 bit truncated KECCAK-256(x) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 20
Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 21 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x))
Copyright © 2016 Peter Robinson Attack Existing Blocks Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision None None Second pre-image Repudiate transaction Repudiate transaction Pre-image Uncover public key associated with address None 22
Copyright © 2016 Peter Robinson Attack Existing Blocks Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 23
Copyright © 2016 Peter Robinson Miner Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover public key associated with address Complete failure of the blockchain: be able to determine best block more easily than other miners. 24
Copyright © 2016 Peter Robinson Miner Attack Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 25
Copyright © 2016 Peter Robinson User Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover key associated with address None 26
Copyright © 2016 Peter Robinson User Attack Signature Algorithm Issues Breakage Effect Selective forgery None Integrity break Execute transactions and then repudiate them Repudiation Execute transactions and then repudiate them 27
Copyright © 2016 Peter Robinson Mitigations
Copyright © 2016 Peter Robinson Mitigations: Better Use of Existing Algorithms ▪ Use stronger algorithms for Address Hash and Main Hash. ▪ Address Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) ▪ Main Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) 29
Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 30 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 SHA 512(SHA 512(x)), SHA3/512(x) 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x)), SHA3/512(x) SHA 512(SHA 512(x)), SHA3/512(x) 512 SHA 512(SHA 512(x))
Copyright © 2016 Peter Robinson Mitigations: Post-Quantum ▪ USA’s NIST are looking to standardize post-quantum algorithms by 20225. ▪ Lattice Based Signature Algorithms: ▪ Different type of mathematics to RSA and ECC. ▪ Historically, Lattice based algorithms have been found to be not as strong as first thought after two to five years of cryptanalysis. ▪ Sphincs: ▪ Based on well understood message digest algorithms. ▪ Larger public keys, private keys and signatures. 31 Ref 5: http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/pqcrypto-2016-presentation.pdf
Copyright © 2016 Peter Robinson Mitigations: Be Prepared to Change ▪ Blockchain platforms need to have migration plans in place. ▪ Allow for multiple algorithms: ▪ Should allow for faster transition in case of a sudden event: stop accepting transactions which use one algorithm. ▪ Can lead to downgrade attacks. ▪ Learn from other domains such as Transport Layer Security. ▪ Plan for: ▪ Larger signatures and larger identifiers. ▪ Re-sign entire blockchain. ▪ Roll-over all keys to newer algorithms. 32
Copyright © 2016 Peter Robinson Mitigation for Active Attacks against Distributed Systems
Copyright © 2016 Peter Robinson Using Blockchain to provide Defence in Depth against Active Attacks ▪ Web applications and SaaS can be delivered as scalable cloud services. ▪ These services can be viewed as distributed systems. ▪ Active attackers may Powerfully Own (POWN) parts of the distributed system. ▪ Distributed Ledgers could be used as a resilient distributed database. ▪ Challenges: ▪ Performance. ▪ Non-proof of work consensus algorithms which are resilient to active attack. ▪ Dynamic scaling. 34
Copyright © 2016 Peter Robinson Closing
Copyright © 2016 Peter Robinson Future Work ▪ More detailed analysis to verify the results presented herein. ▪ Hyper Ledger needs to be reviewed. ▪ Proof of Stake protocols need to be considered. 36
Copyright © 2016 Peter Robinson Summary ▪ Cryptography is a dynamic field. Things change: ▪ Quantum Cryptanalysis may become a reality. ▪ Processing power is still ever increasing despite declarations, “Moore’s Law is dead”. ▪ Breaks in cryptographic algorithms happen from time to time. ▪ Plan for change: ▪ Do mitigation planning and determine migration paths. ▪ Start executing changes now which can be done now. 37
Copyright © 2016 Peter Robinson Questions 38

Recommandé

RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)Naoto MATSUMOTO
 
Securing PostgreSQL from External Attack
Securing PostgreSQL from External AttackSecuring PostgreSQL from External Attack
Securing PostgreSQL from External AttackAll Things Open
 
Blockchain
BlockchainBlockchain
BlockchainForgeRock Identity Tech Talks
 
Intro to smart contract on blockchain en
Intro to smart contract on blockchain enIntro to smart contract on blockchain en
Intro to smart contract on blockchain enNicholas Lin
 
State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP Tomoaki Sato
 
Defining Smart Contracts
Defining Smart ContractsDefining Smart Contracts
Defining Smart ContractsTim Swanson
 
Participant driven-health
Participant driven-healthParticipant driven-health
Participant driven-healthMelanie Swan
 
Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.Cabot Wealth Management, Inc.
 

Recommandé

RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)RADIUS Auth+Messaging for Telemetering (memo)
RADIUS Auth+Messaging for Telemetering (memo)Naoto MATSUMOTO
 
Securing PostgreSQL from External Attack
Securing PostgreSQL from External AttackSecuring PostgreSQL from External Attack
Securing PostgreSQL from External AttackAll Things Open
 
Blockchain
BlockchainBlockchain
BlockchainForgeRock Identity Tech Talks
 
Intro to smart contract on blockchain en
Intro to smart contract on blockchain enIntro to smart contract on blockchain en
Intro to smart contract on blockchain enNicholas Lin
 
State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP State Of Smart Contract Platforms from Smart Contract JP
State Of Smart Contract Platforms from Smart Contract JP Tomoaki Sato
 
Defining Smart Contracts
Defining Smart ContractsDefining Smart Contracts
Defining Smart ContractsTim Swanson
 
Participant driven-health
Participant driven-healthParticipant driven-health
Participant driven-healthMelanie Swan
 
Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.Curing Cancer. In the Clouds. The Final Frontier.
Curing Cancer. In the Clouds. The Final Frontier.Cabot Wealth Management, Inc.
 
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsRetirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsAnandRaoPwC
 
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Raffaele Mauro
 
Effacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementEffacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementLegal Manager
 
Bitcoin e Smart Contract
Bitcoin e Smart ContractBitcoin e Smart Contract
Bitcoin e Smart ContractDiritto & Information and Communication Technology
 
Smart contractjp smartcontract_about
Smart contractjp smartcontract_aboutSmart contractjp smartcontract_about
Smart contractjp smartcontract_aboutTomoaki Sato
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationCryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationRaffaele Mauro
 
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiQuantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiProfessor Lili Saghafi
 
How smart are those smart contract
How smart are those smart contractHow smart are those smart contract
How smart are those smart contractRoman Mandeleil
 
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldAdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldNigel Mark Dias
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Raffaele Mauro
 
區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構Nicholas Lin
 
Ethereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart ContractsEthereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart Contractsjarradh
 
Blockchain, smart contracts - introduction
Blockchain, smart contracts - introductionBlockchain, smart contracts - introduction
Blockchain, smart contracts - introductionLukasz Jarmulowicz
 
Blockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesBlockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesAndreu Rodríguez i Donaire
 
Introduction to blockchain and smart contracts
Introduction to blockchain and smart contractsIntroduction to blockchain and smart contracts
Introduction to blockchain and smart contractsValidity Labs
 
智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介Nicholas Lin
 
Smart contracts
Smart contractsSmart contracts
Smart contractsPhilippe Camacho, Ph.D.
 
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoBlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoOleg Kudrenko
 
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...WithTheBest
 
Block chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersBlock chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersPaul Brody
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)Igalia
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationOWASP
 

Contenu connexe

En vedette

Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsRetirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsAnandRaoPwC
 
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Raffaele Mauro
 
Effacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementEffacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementLegal Manager
 
Smart contractjp smartcontract_about
Smart contractjp smartcontract_aboutSmart contractjp smartcontract_about
Smart contractjp smartcontract_aboutTomoaki Sato
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationCryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationRaffaele Mauro
 
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiQuantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiProfessor Lili Saghafi
 
How smart are those smart contract
How smart are those smart contractHow smart are those smart contract
How smart are those smart contractRoman Mandeleil
 
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldAdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldNigel Mark Dias
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Raffaele Mauro
 
區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構Nicholas Lin
 
Ethereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart ContractsEthereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart Contractsjarradh
 
Blockchain, smart contracts - introduction
Blockchain, smart contracts - introductionBlockchain, smart contracts - introduction
Blockchain, smart contracts - introductionLukasz Jarmulowicz
 
Blockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesBlockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesAndreu Rodríguez i Donaire
 
Introduction to blockchain and smart contracts
Introduction to blockchain and smart contractsIntroduction to blockchain and smart contracts
Introduction to blockchain and smart contractsValidity Labs
 
智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介Nicholas Lin
 
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoBlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoOleg Kudrenko
 
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...WithTheBest
 
Block chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersBlock chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersPaul Brody
 

En vedette (20)

Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data AnalyticsRetirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
Retirement Isn't Linear: Mapping the Future with Big Data & Big Data Analytics
 
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
Hacking Finance: Crypto & Math based Currencies, Smart contracts and Blockch...
 
Effacts Academy - Smart Contract Management
Effacts Academy - Smart Contract ManagementEffacts Academy - Smart Contract Management
Effacts Academy - Smart Contract Management
 
Bitcoin e Smart Contract
Bitcoin e Smart ContractBitcoin e Smart Contract
Bitcoin e Smart Contract
 
Smart contractjp smartcontract_about
Smart contractjp smartcontract_aboutSmart contractjp smartcontract_about
Smart contractjp smartcontract_about
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of DecentralizationCryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralization
 
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili SaghafiQuantum Computers PART 1 & 2 by Prof Lili Saghafi
Quantum Computers PART 1 & 2 by Prof Lili Saghafi
 
How smart are those smart contract
How smart are those smart contractHow smart are those smart contract
How smart are those smart contract
 
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorldAdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
AdsCash Coin: Ethereum Smart Contract based Cryptocurrency for AdWorld
 
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
Cryptocurrencies, Blockchain & Smart Contracts: The New Wave of Decentralizat...
 
區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構區塊鏈智能合約應用於點數平台之架構
區塊鏈智能合約應用於點數平台之架構
 
Ethereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart ContractsEthereum - Introduction to Smart Contracts
Ethereum - Introduction to Smart Contracts
 
Blockchain, smart contracts - introduction
Blockchain, smart contracts - introductionBlockchain, smart contracts - introduction
Blockchain, smart contracts - introduction
 
Blockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutesBlockchain, Smart Contracts and DAOs in 10 minutes
Blockchain, Smart Contracts and DAOs in 10 minutes
 
Introduction to blockchain and smart contracts
Introduction to blockchain and smart contractsIntroduction to blockchain and smart contracts
Introduction to blockchain and smart contracts
 
智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介智能合約結合區塊鏈簡介
智能合約結合區塊鏈簡介
 
Smart contracts
Smart contractsSmart contracts
Smart contracts
 
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg KudrenkoBlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
BlockChain, Bitcoin and Smart Contracts - Oleg Kudrenko
 
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
Building decentralized applications (dapps) on Ethereum - Eva Shon, & Igor Li...
 
Block chain 101 what it is, why it matters
Block chain 101 what it is, why it mattersBlock chain 101 what it is, why it matters
Block chain 101 what it is, why it matters
 

Similaire à Blockchain and Smart Contract Long Term Security (updated)

HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)Igalia
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationOWASP
 
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Amazon Web Services
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 Aaron Zauner
 
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routersConfiguring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routersphosika sithisane
 
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017ProQuest
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tBas Lijten
 
Hacking (with) WebSockets
Hacking (with) WebSocketsHacking (with) WebSockets
Hacking (with) WebSocketsSergey Shekyan
 
POA based Side-Chain Architecture
POA based Side-Chain ArchitecturePOA based Side-Chain Architecture
POA based Side-Chain ArchitectureLuniverse Dunamu
 
The bitcoin blockchain
The bitcoin blockchainThe bitcoin blockchain
The bitcoin blockchainSalah Hawila
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018James Bromberger
 
Public blockchains and municipalities en v1.0_hc
Public blockchains and municipalities en v1.0_hcPublic blockchains and municipalities en v1.0_hc
Public blockchains and municipalities en v1.0_hcHenk van Cann
 
SHA-3 and Blockchain Security
SHA-3 and Blockchain SecuritySHA-3 and Blockchain Security
SHA-3 and Blockchain SecuritySadjad Talakoob
 
Datastax day 2016 introduction to apache cassandra
Datastax day 2016 introduction to apache cassandraDatastax day 2016 introduction to apache cassandra
Datastax day 2016 introduction to apache cassandraDuyhai Doan
 

Similaire à Blockchain and Smart Contract Long Term Security (updated) (20)

HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
 
The slower the stronger a story of password hash migration
The slower the stronger a story of password hash migrationThe slower the stronger a story of password hash migration
The slower the stronger a story of password hash migration
 
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019 Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
Cryptography in the next cycle - SEP304 - AWS re:Inforce 2019
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
 
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routersConfiguring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
Configuring cisco site to site ip sec vpn with dynamic ip endpoint cisco routers
 
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn't
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
 
Hacking (with) WebSockets
Hacking (with) WebSocketsHacking (with) WebSockets
Hacking (with) WebSockets
 
POA based Side-Chain Architecture
POA based Side-Chain ArchitecturePOA based Side-Chain Architecture
POA based Side-Chain Architecture
 
The bitcoin blockchain
The bitcoin blockchainThe bitcoin blockchain
The bitcoin blockchain
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
 
blockchain.pptx
blockchain.pptxblockchain.pptx
blockchain.pptx
 
Communities and DDoS Mitigation at CATNIX
Communities and DDoS Mitigation at CATNIXCommunities and DDoS Mitigation at CATNIX
Communities and DDoS Mitigation at CATNIX
 
Public blockchains and municipalities en v1.0_hc
Public blockchains and municipalities en v1.0_hcPublic blockchains and municipalities en v1.0_hc
Public blockchains and municipalities en v1.0_hc
 
SHA-3 and Blockchain Security
SHA-3 and Blockchain SecuritySHA-3 and Blockchain Security
SHA-3 and Blockchain Security
 
Datastax day 2016 introduction to apache cassandra
Datastax day 2016 introduction to apache cassandraDatastax day 2016 introduction to apache cassandra
Datastax day 2016 introduction to apache cassandra
 

Dernier

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 

Dernier (20)

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 

Blockchain and Smart Contract Long Term Security (updated)

  • 1. Copyright © 2016 Peter Robinson Blockchain and Smart Contract Long Term Security Peter Robinson, peter.robinson@sent.com Updated November 18, 2016
  • 2. Copyright © 2016 Peter Robinson Overview ▪ Distributed Ledger and Smart Contract systems have as an underlying assumption that once transactions are in a block chain, they are locked-in forever. ▪ This presentation analyses whether this immutability can actually be delivered in the long term, given increasing traditional computational power, the emergence of quantum computing, and the possibility of cryptographic algorithmic flaws. ▪ Additionally, an idea about distributed systems security is presented. 2
  • 3. Copyright © 2016 Peter Robinson Caveat on results in these slides ▪ Tentative results are presented herein. ▪ More detailed analysis is needed. 3
  • 4. Copyright © 2016 Peter Robinson Agenda ▪ Blockchain and Smart Contract Platforms Long Term Security: ▪ Cryptography and Cryptanalysis. ▪ Blockchain Platforms and Cryptanalysis. ▪ Mitigations. ▪ Mitigation for Active Attacks against Distributed Systems. 4
  • 5. Copyright © 2016 Peter Robinson Cryptography & Cryptanalysis
  • 6. Copyright © 2016 Peter Robinson Cryptography: Algorithms ▪ Digest Algorithm (Hash): SHA256, SHA512, RIPEMD160, KECCAK, SHA3/256: ▪ Variable length input -> Fixed Length Output. ▪ Signing: ECDSA (secp256k1)/Digest Algorithm, RSA/Digest Algorithm: ▪ Sign with private key, verify with public key. 6
  • 7. Copyright © 2016 Peter Robinson Cryptography: Message Digests / Hashes 7 ? Preimage Resistance Hash n h(x) x Second Preimage Resistance Hash n h(x) ? Hash h(x’) ≠ = ? Collision Resistance Hash n/2 h(x) ? Hash h(x’) ≠ =
  • 8. Copyright © 2016 Peter Robinson Cryptography: Signatures ▪ Forgeability: Recover private key from public key. ▪ Non-repudiation: Have two public keys P1 and P2 which verify the same signature. ▪ Integrity: Have two message digests M1 and M2 which when signed with public key P result in the same signature. 8
  • 9. Copyright © 2016 Peter Robinson Cryptography: Security Strength (Assuming no Quantum Cryptanalysis) 9 Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512 SHA3,512 512 SHA512 SHA3,512
  • 10. Copyright © 2016 Peter Robinson Traditional Computing Power 10 Ref 1: http://www.extremetech.com/wp-content/uploads/2015/04/MooresLaw2.png
  • 11. Copyright © 2016 Peter Robinson Security Strength RSA ECC Hash Preimage Hash Collision 80 1024 RIPEMD160 112 2048 128 3072 secp256k1 SHA256, Keccak-256, SHA512/256 160 RIPEMD160 256 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 512 SHA512, SHA3,512 Cryptography: Security Strength assuming no Quantum Cryptanalysis 11 2010 2030?
  • 12. Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ Shor’s Algorithm: Allows ECC private key to be calculated from ECC public key. ▪ Gover’s Algorithm: Allows algorithms to be executed in square-root time: ▪ Affects message digest algorithms and symmetric key algorithms. ▪ Security Strength after Quantum = (Security Strength Before Quantum) / 2 12
  • 13. Copyright © 2016 Peter Robinson Quantum Cryptanalysis ▪ When will Quantum Computing and Quantum Cryptanalysis be a reality? ▪ Michele Mosca, Institute for Quantum Computing and Department of Combinatorics and Optimization, University of Waterloo, said2: ▪ “I estimate a 1/7 chance of breaking RSA-2048 by 2026 and a 1/2 chance by 2031” ▪ Predicts a “Moore’s Law” type of increase in capability. 13 Ref 2: Mosca, M. (2015) “Cybersecurity in an era with quantum computers: will we be ready?” Available: https://eprint.iacr.org/2015/1075.pdf
  • 14. Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 14 Security Strength* RSA ECC Hash Preimage Hash Collision 4 5 19 secp256k1 26 2048 40 RIPEMD160 64 SHA256, Keccak-256, SHA512/256 80 RIPEMD160 128 SHA256, Keccak-256, SHA512/256 SHA512, SHA3,512 256 SHA512, SHA3,512 2012 *: Shor algorithm security strength calculated as log2(K * K * log(K) * log(log(K))) Late 2020s or 2030s?
  • 15. Copyright © 2016 Peter Robinson Cryptographic Algorithmic Flaws 15 Ref 3: Preneel, B. (2013) “Introduction to the Design and Cryptanalysis of Cryptographic Hash Functions” Available: https://www.cosic.esat.kuleuven.be/summer_school_albena/slides/preneel_hash_july2013_shortv1_print.pdf
  • 16. Copyright © 2016 Peter Robinson Blockchain Platforms and Cryptanalysis
  • 17. Copyright © 2016 Peter Robinson Three Attack Scenarios ▪ Attack existing blocks. ▪ Attacking new blocks as they are being made: ▪ Miners either altering transactions being included in blocks or being able to always mine the best block. ▪ Users either craft transactions masquerading as other users or craft transactions to double spend. 17
  • 18. Copyright © 2016 Peter Robinson Bitcoin: Cryptographic Usage4 ▪ Main Hash: HM(x) = SHA256(SHA256(x)) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 18 Ref 4: Giechaskiel, I., Cremers, C., Rasmussen, K. (2016) “On Bitcoin Security in the Presence of Broken Crypto Primitives”
  • 19. Copyright © 2016 Peter Robinson Ripple Cryptographic Usage ▪ Main Hash: HM(x) = 256 bit truncated SHA512(x) ▪ Address Hash: HA(x) = RIPEMD160(SHA256(x)) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 19
  • 20. Copyright © 2016 Peter Robinson Ethereum Cryptographic Usage ▪ Main Hash: HM(x) = KECCAK-256(x) ▪ Address Hash: HA(x) = 160 bit truncated KECCAK-256(x) ▪ Key Pairs: ECC using secp256k1 curve. ▪ Signatures: ECDSA, with Main Hash. 20
  • 21. Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 21 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x))
  • 22. Copyright © 2016 Peter Robinson Attack Existing Blocks Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision None None Second pre-image Repudiate transaction Repudiate transaction Pre-image Uncover public key associated with address None 22
  • 23. Copyright © 2016 Peter Robinson Attack Existing Blocks Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 23
  • 24. Copyright © 2016 Peter Robinson Miner Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover public key associated with address Complete failure of the blockchain: be able to determine best block more easily than other miners. 24
  • 25. Copyright © 2016 Peter Robinson Miner Attack Signature Algorithm Issues Breakage Effect Selective forgery Determine private key based on public key, then execute transactions Integrity break Repudiate transaction Repudiation None 25
  • 26. Copyright © 2016 Peter Robinson User Attack Message Digest Algorithm Issues Breakage Address Hash (HA) Main Hash (HM) Collision Repudiate transaction Double spend and execute transactions and then repudiate them Second pre-image Repudiate transaction Double spend and execute transactions and then repudiate them Pre-image Uncover key associated with address None 26
  • 27. Copyright © 2016 Peter Robinson User Attack Signature Algorithm Issues Breakage Effect Selective forgery None Integrity break Execute transactions and then repudiate them Repudiation Execute transactions and then repudiate them 27
  • 28. Copyright © 2016 Peter Robinson Mitigations
  • 29. Copyright © 2016 Peter Robinson Mitigations: Better Use of Existing Algorithms ▪ Use stronger algorithms for Address Hash and Main Hash. ▪ Address Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) ▪ Main Hash: ▪ SHA 512(SHA 512(x)) or ▪ SHA3/512(x) 29
  • 30. Copyright © 2016 Peter Robinson Cryptography: Security Strength assuming Quantum Cryptanalysis 30 Security Strength Hash Preimage Hash Second Preimage Hash Collision 40 Keccak-256/160, RIPEMD160(SHA256(x)) 64 SHA256(SHA256(x)), Keccak-256, SHA512/256 80 Keccak-256/160 Keccak-256/160, RIPEMD160(SHA256(x)) 128 SHA512/256 SHA256(SHA256(x)), Keccak-256, SHA512/256 SHA 512(SHA 512(x)), SHA3/512(x) 208 RIPEMD160(SHA256(x)) 256 SHA256(SHA256(x)), SHA3/512(x) SHA 512(SHA 512(x)), SHA3/512(x) 512 SHA 512(SHA 512(x))
  • 31. Copyright © 2016 Peter Robinson Mitigations: Post-Quantum ▪ USA’s NIST are looking to standardize post-quantum algorithms by 20225. ▪ Lattice Based Signature Algorithms: ▪ Different type of mathematics to RSA and ECC. ▪ Historically, Lattice based algorithms have been found to be not as strong as first thought after two to five years of cryptanalysis. ▪ Sphincs: ▪ Based on well understood message digest algorithms. ▪ Larger public keys, private keys and signatures. 31 Ref 5: http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/pqcrypto-2016-presentation.pdf
  • 32. Copyright © 2016 Peter Robinson Mitigations: Be Prepared to Change ▪ Blockchain platforms need to have migration plans in place. ▪ Allow for multiple algorithms: ▪ Should allow for faster transition in case of a sudden event: stop accepting transactions which use one algorithm. ▪ Can lead to downgrade attacks. ▪ Learn from other domains such as Transport Layer Security. ▪ Plan for: ▪ Larger signatures and larger identifiers. ▪ Re-sign entire blockchain. ▪ Roll-over all keys to newer algorithms. 32
  • 33. Copyright © 2016 Peter Robinson Mitigation for Active Attacks against Distributed Systems
  • 34. Copyright © 2016 Peter Robinson Using Blockchain to provide Defence in Depth against Active Attacks ▪ Web applications and SaaS can be delivered as scalable cloud services. ▪ These services can be viewed as distributed systems. ▪ Active attackers may Powerfully Own (POWN) parts of the distributed system. ▪ Distributed Ledgers could be used as a resilient distributed database. ▪ Challenges: ▪ Performance. ▪ Non-proof of work consensus algorithms which are resilient to active attack. ▪ Dynamic scaling. 34
  • 35. Copyright © 2016 Peter Robinson Closing
  • 36. Copyright © 2016 Peter Robinson Future Work ▪ More detailed analysis to verify the results presented herein. ▪ Hyper Ledger needs to be reviewed. ▪ Proof of Stake protocols need to be considered. 36
  • 37. Copyright © 2016 Peter Robinson Summary ▪ Cryptography is a dynamic field. Things change: ▪ Quantum Cryptanalysis may become a reality. ▪ Processing power is still ever increasing despite declarations, “Moore’s Law is dead”. ▪ Breaks in cryptographic algorithms happen from time to time. ▪ Plan for change: ▪ Do mitigation planning and determine migration paths. ▪ Start executing changes now which can be done now. 37
  • 38. Copyright © 2016 Peter Robinson Questions 38