BaFin-Tech 2018 BlockChain & Security (from #developerview) DLT Lab 10 th April 2018 sven.lehnert@main-incubator.com, @itnext_de
Experiences from practice Agenda: Blockchain Security 1 Theory: Blockchain general 2 Theory: Basic Concepts 3 Focus: Smart Contracts 4 Conclusion E Extra: Cryptocurrencies 2
1 Basics 1 Blockchain an attempt of a definition A Blockchain, or distributed ledger, is a technological protocol that enables data to be exchanged directly between different contracting parties within a network without the need for intermediaries. Each transaction is communicated to all network nodes, and once verified and confirmed, is added to an immutable transaction chain. [Deloitte] 3
Cryptographic Hashing Asym. Public-Key Crypto Distributed P2P Computing 2 Basics: Three pillars as technical ground 1 POW Merkle Tree Consensus Trustless Network Open Source, or publicly verifiable code basis
2 Basics: Blocks 2 The math is strong in our tech-family! 9F069D0A8450C6EBA947D6FF81934DE9B5948E87CCE8C1DC30544CD3D2A3A601 95702EA004BCEBD29618382993D4A8EA731E627C665C223A4D1A46905221397B 5
2 Basics: Hashing 2 Blocks are chained via Hashes Image: https://www.youtube.com/watch?v=sso_eiwhsd4 6
2 Basics: Hashing 3 Tampering is made hard! Image: https://www.youtube.com/watch?v=sso_eiwhsd4 7
2 #frompractice: Architecture & Processes 4 Holistic security is not only technology, but also people and processes! Immaturity and complexity of the technology* Lack of standards and regulations around Blockchain technology Widespread belief that a Blockchain is secure by design #frompractice: - what (critical data?) to share and with whom? - how to deal with multi tenancy? - how can we ensure secure storage of customer s private keys? - how and where should passwords and keys be generated? - how can we securely update the chain code? *Text: partly from Deloitte, Image: IBM
2 #frompractice: encryption 5 Encryption done in one of my Trade Finance projects Every participant has already a private and public key pair Public key is shared among all participants Private key is kept private We encrypted every transaction with new symmetric secret key, then The symmetric secret key is sent to every participant encrypted with participant s public key Symmetric secret key can be extracted only by the authorized participant using it s private key
Focus: Smart Contracts
3 Focus: Smart Contracts 1 DRAFT Code is Law! Really? 11
3 Focus: Smart Contracts 2 12
3 Focus: Smart Contracts 3 The DAO Hack The DAO hack led to a hard fork (chain split) (Ethereum Classic was born = Code is Law) 13
3 Focus: Smart Contracts 4 DRAFT Law is Law!! 14
3 #frompractice 4 Another Trade Finance example: European Commercial Paper (R3 Corda) Real legal contract as reference or attachment here!
Conclusion
4 Conclusion: Secure or not? 1 Predictions DRAFT Blockchain does not reinvent the wheel, though it is a sweetspot of technologies like cryptography, digital signatures and distributed computing, making it therefore possible to create an Internet of Possession in a secure and democratic way.
4 Conclusion: Secure or not? 2 Predictions In the blockchain world, each user can and should own their data, and 'central' players are less vulnerable to data losses and breaches. [William Mougayar] DRAFT When decentralized blockchain protocols start displacing the centralized web services that dominate the current Internet, we'll start to see real internet-based sovereignty. The future Internet will be decentralized. [Olaf Carlson-Wee]
Do you want to know more?
Extra: Cryptocurrencies
E In Cryptocurrencies we trust Do we? 1 Interaction: 21
E Cryptocurrencies 2 Bitcoin / Cryptocurrencies from a User s perspective It s all about the keys Posessession is nine-tenth of the law - In Bitcoin it s 10/10! (Private) Keys: o You can loose it o Misplace it o Have it stolen Or accidently give the wrong amount to someone There is no recourse it s like: you just throwed away your money from a high bridge! DRAFT 22
E Cryptocurrencies 3 Bitcoin is kind of inofficial digital Cash or Gold, so you don t want to loose it.. What you can do You can backup your keys like any file Store multiple copies Print it on paper and keep it in a bank tresor (cold storage) 23