Security firm Trail of Bits posted a report on potential vulnerabilities that can allegedly affect the Bitcoin (BTC) and Ethereum (ETH) blockchain. Called “Are Blockchains Decentralized?”, the report was funded by the U.S. Department of Defense via its Defense Advanced Research Projects Agency (DARPA).
The report is focused on Bitcoin and Ethereum but approaches other blockchain-based platforms using Proof-of-Work (PoW) and Proof-of-Stake (PoS) and Byzantine Fault Tolerant consensus protocols in general.
The investigation concluded that these networks’ cryptographic components are “robust”, and claims vulnerabilities exist in the blockchain implementation, and consensus protocols. In other words, the security firm believes blockchain can be exploited, but that the cryptography that supports them is strong.
Trail of Bits arrived at the following conclusions during their investigation: Bitcoin, Ethereum, and other blockchains have a “privileged set of entities” with the power to change their transactions, unencrypted traffic, nodes running old “vulnerable” software, and others.
Overall, the report claims blockchain networks are not decentralized, and that they are vulnerable to a series of potential attack vectors and disruption from outside actors. In particular, they pointed out that current blockchain networks lack “Sybil cost” meaning they can be “easily” attacked:
For a blockchain to be optimally distributed, there must be a so-called Sybil cost. There is currently no known way to implement Sybil costs in a permissionless blockchain like Bitcoin or Ethereum without employing a centralized trusted third party (TTP)Until a mechanism for enforcing Sybil costs without a TTP is discovered, it will be almost impossible for permissionless blockchains to achieve satisfactory decentralization.
Needless to say, the crypto community has rejected the conclusions of these findings. The two larger cryptocurrencies by market cap BTC and ETH were founded on the idea of creating decentralized, trustless, transparent, and open systems. The report challenges basically claim they have failed in that regard.
Are Bitcoin And Ethereum Truly Decentralized?
The report is highly controversial due to its findings, the accuracy of its conclusions, and because it received funding from the U.S. Pentagon, this country’s government officials have made hostile statements towards the crypto industry and cryptocurrencies.
The CTO and Co-founder at Swan Bitcoin Yan Pritzker and its Editor-in-Chief Tomer Strolight fact-checked the investigation and arrived at discrepancies. Their arguments were in support of Bitcoin that “most blockchains are centralized to varying degrees (…)”.
The report from Pritzker and Strolight studies Trail of Bits claims one by one. First, they said Bitcoin lacks a “privileged set of entities” capable of changing its code, as it’s the user running the nodes that decide which software code they run. They add:
Even if we focus on the most popular Bitcoin client, bitcoin-core, the claim that four people control the source code is also FALSE (…). Many other blockchains employ a forced-upgrade mechanism such as Ethereum’s difficulty bombs. In those cases, we find the claim to be largely TRUE (…).
In addition, Pritzker and Strolight highlighted the difference between mining pools and miners to point out that the former can’t disrupt the network, as the DARPA-funded report says. On BTC’s Sybil attack cost, the report claims the following noting how the cryptocurrency was created with the purpose of preventing this attack vector to its network:
The invention of Nakamoto Consensus (i.e. Bitcoin’s reliance on proof of work for source of truth) was literally designed to prevent Sybil attacks. Satoshi wanted any participant to be able to add a block, but choosing one user at random would be open to individuals pretending to be many users. But work cannot be faked (…).
At the time of writing, BTC’s price records a 3% in the last 24 hours and trades at $20,000.