Speaker: Rosenthal, D.
Date: 30 July 2019
SMA hosted a speaker session presented by Dr. David Rosenthal (Retired) as a part of its SMA General Speaker Series. During his presentation, Dr. Rosenthal adopted a skeptical view of cryptocurrencies and blockchain technology. He stated that the goal of his presentation was to explain how the way in which the pieces of a system (e.g., one that conducts money transactions or stores files) fit together makes the problems that the technology encounters in practice difficult to fix. In other words, the problems are “inherent in the underlying requirements.” Dr. Rosenthal stated that one should not trust any single centralized entity, but rather a decentralized system. A decentralized system has checks and balances; the consensus of a large number of entities is required in order to allow a state transition to occur. He also stressed the importance of having a “permissioned” system, where a central authority authorizes entities’ involvement. Dr. Rosenthal highlighted the pitfalls of having a permissionless system (e.g., a permissionless system is vulnerable to Sybil attacks, in which one actor creates many seemingly independent voters who are actually all under his control). However, he stated that in the end, both permissionless and permissioned blockchains are fatally flawed. He spoke about proof-of-work in a permissionless system and presented the Brunnermeir and Abadi’s Blockchain Trilemma, which argues that blockchain must choose between two of the following three attributes: correctness, decentralization, and cost-efficiency. Dr. Rosenthal explained that Bitcoin in particular sacrifices cost-efficiency in favor of the other two attributes. Next, he stated that the security of a blockchain depends “not merely on the security of the protocol itself, but on the security of both the core software and the wallets and exchanges used to store and trade its cryptocurrency.” He spoke further about how to guarantee the security of cryptocurrency-based blockchains, Cryptokitties (a game that claimed that it could handle unlimited decentralized applications but ultimately collapsed), “smart contracts,” and “pump-and-dump” cryptocurrency schemes. To conclude, Dr. Rosenthal explained why, despite both permissioned and permissionless systems’ flaws, these systems are perceived as huge successes and highlighted the software supply chain security implications associated with the misuse of Certificate Authorities (CAs).
To access Dr. Rosenthal’s slides and some additional notes on this presentation, please visit https://blog.dshr.org/2019/07/blockchain-briefing-for-dod.html