Blockchain is a recurring term nowadays with reference to crypto-currencies. To the general audience, it is a sort of esoteric technology that makes it possible to literally follow the money.
Open and inclusive, it has represented the gold rush of the new millennium: anyone, even with no technical skills, can become a miner to have some.
On a conceptual level, a blockchain is a shared data structure whose access policy is based on the use of cryptographic functions in order to preserve data integrity. Leaving aside its inner workings, it is a sequence of blocks of variable length that can not be altered, with each element dependent on the previous ones. No sorting or deleting operations are allowed among the blocks, and the sequence can only grow, appending new elements.
These features make a blockchain suitable to model a sort of digital ledger, as those used by money transactions, but in a decentralized fashion.
As a matter of fact, although the word blockchain spread with the rising of crypto-currencies, the relatively simple principles of its business logic make it appealing for a wide set of applications. The openness and immutability features are useful not only to address money transactions, but also to tackle practical solutions to ethical issues like ensuring transparent and reliable voting systems.
In short, blockchain is not just a matter of money anymore, it is becoming a matter of freedom and equality. But how much can it be trusted? Is the crypto-shield really bullet-proof?
At Codemotion Milan 2018, Simone Bronzini, CTO at Chainside, with his ”Weaknesses of blockchain application” gave an interesting retrospective on several major issues that occurred to different blockchain systems in the last years.
From a technical point of view, aside from the use of standard and well-documented cryptographic functions, there are indeed three main factors that contribute to the security of a blockchain: its length, the number of entities that share and build the chain and, obviously, the way the chain is assembled.
The length of a blockchain is relevant in terms of security, because of the bond that ties one block to the next, making it very difficult to apply even the slightest change to the sequence.
An high number of nodes participating in the same network makes the blockchain endurable to DOS (Denial Of Service) attacks. In the case of crypto-currencies applications, the nodes are rewarded for their mining service with a percentage value of each transaction or by other valuable means. In other applications the nodes can contribute spontaneously and without any reward.
Finally, the construction of a chain is strictly bound to the use of cryptographic functions that ensure that each block is built in a way that can preserve data integrity, and its compliance can be easily validated by the network before joining the chain.
With reference to the real implementation of blockchain applications, Bronzini discussed several cases where the blockchain infrastructure exhibited its vulnerabilities at different levels, showing multiple points of failure.
Calculation overflows, bugs in the interpreter software, used to rule the transactions or in the consensus protocol used for the validation of the blocks have been identified as the major causes of chain disasters.
The blockchain maintainers had to conceive practical solutions to overcome these issues, but for some of them, the aftermath is still going on in the guise of forking chains.
Moreover, many questions on blockchain management and capabilities are still left unanswered and the research for optimal solutions is still open.
As an example, Bronzini mentioned the issues related to the Turing-completeness of the languages used to define smart contracts: how much control do we have on our expressive power?
The Rice’s theorem says: “not that much, really”, implying that we might accidentally convey into our code something that we do not really mean, leading to unpredictable results. The definition of smart contracts proved indeed to be another point of failure for blockchain applications.
As any other software, blockchain implementations can’t escape the curse of bugs and design flaws, and the attractiveness of money-related tampering opportunities exposes them to the aims of hackers, with the black or white hats on.
Therefore, the short answer is: no, of course you cannot trust a blockchain, in the same way you cannot trust any technology. Blockchain application can be considered reasonably safe, but as a matter of fact, they are not bulletproof when compared to other distributed systems.
In this particular case, aside from technical issues, the biggest vulnerability seems to be the lack of expertise and skills in this area. Whether blockchain will be a safe and enduring technology in the future or not depends largely on how many people will be actively involved as developers and maintainers, rather than simple users.