Cryptocurrency and Blockchain Security

This initiative brings together cryptocurrency developers and security engineers to find and prevent potentially catastrophic cryptocurrency bugs. The goals of this initiative are to bring cryptocurrencies up to the standards in banking and aviation and strengthen public trust in cryptocurrency technology

Crypto security is a public good and various threats need to be identified and addressed. One type of possible threat are bugs. As catastrophic bugs pose a major threat to cryptocurrencies - A significant attack could plummet the entire space into a winter that could last years, causing users to lose billions of dollars. We need to recognize and prevent possible bugs as Crypto-secured currencies will come under increasingly sophisticated attacks as market cap grows and a threat to one currency is a threat to the entire ecosystem. To do this we have started whole network monitoring, as it is important for the health of cryptocurrency networks (catch problems early, detect malicious attacks, warn of selfish behavior. We are monitoring mining pools and the peer-to-peer network

Director Neha, Software Developer Gert-Jaap, Phd student Daniel M. (Harvard) and recent MIT DCI MEng Graduate James discuss Proof-of-Work; and the Digital Currency Initiative’s recent projects around Proof-of-Work. Including Monitoring Pool Mining (Gert-Jaap), Double Spend Attacks (Daniel M. and Neha) and 51% Attacks (James).

Projects and Research

ADESS: A Proof-of-Work Blockchain Protocol Modification to Deter Double-spend Attacks

A principal vulnerability of a proof-of-work ("PoW") blockchain is that an attacker can rewrite the history of transactions by forking a previously published block and building a new chain segment containing a different sequence of transactions. If the attacker’s chain has the most cumulative mining puzzle difficulty, nodes will recognize it as canonical. We propose a modification to PoW protocols, called ADESS, that contains two novel features which increase the cost of launching a double-spend attack. The first innovation enables a node to identify the attacker chain by comparing the temporal sequence of blocks on competing chains. The second innovation is to penalize the attacker by requiring it to apply exponentially increasing hashrate in order to make its chain canonical. For any value of transaction, there is a penalty setting in ADESS that renders a double-spend attack unprofitable.

Pool Detective

51% Attacks

Pool Detective is a system we built at the DCI, and are currently running, to monitor the behavior of mining pools that operate on Proof-of-Work cryptocurrencies such as Bitcoin, Litecoin and others. Mining pools have ultimate control over the work that constituent miners process and therefore their (mis)behavior can have large consequences for the security of Proof-of-Work networks. We're conducting this research because we think it's important to perform detailed monitoring and analyze the behavior of pools, and no one else is doing that up to this level of detail.

The reorg tracker analyzes consensus security of proof-of-work cryptocurrencies to provide empirical data on the rate of reorgs, detect double-spends, determine how much fifty-one percent attacks cost and which coins are attackable in practice. The tracker actively observes over twenty cryptocurrency networks, and correlates deep reorgs with the Nicehash order book, price data and double-spent transactions to estimate fifty-one percent attack profitability. To date the reorg tracker has detected over forty reorgs over six blocks deep across different cryptocurrencies, and several likely successful double-spend attacks.

Why we should not be Voting on the Blockchain

Double-Spend Counter Attacks

Voters are understandably concerned about election security. News reports of possible election inter- ference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide.This article examines the suggestions that “vot- ing over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading.

Proof-of-Work mining is intended to provide blockchains with robustness against double-spend attacks. However, an economic analysis that follows from Budish (2018), which considers free entry conditions together with the ability to rent sufficient hashrate to conduct an attack, suggests that the resulting block rewards can make an attack cheap. We formalize a defense to double-spend attacks. We show that when the victim can counterattack in the same way as the attacker, this leads to a variation on the classic game-theoretic War of Attrition model. The threat of this kind of counterattack induces a subgame perfect equilibrium in which no attack occurs in the first place.

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

Responsible Vulnerability Disclosures in Cryptocurrencies

By Ethan Heilman (Boston Uni), Neha Narula (MIT Media Lab), Garrett Tanzer (Harvard), James Lovejoy (MIT Media Lab), Michael Colavita (Harvard), Madars Virza (MIT Media Lab), and Tadge Dryja (MIT Media Lab). Paper accepted to FSE

We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EU-CMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).

By Rainer Böhme, Lisa Eckey, Tyler Moore, Neha Narula, Tim Ruffing, Aviv Zohar
Communications of the ACM, October 2020, Vol. 63 No. 10, Pages 62-71
10.1145/3372115

Despite the focus on operating in adversarial environments, cryptocurrencies have suffered a litany of security and privacy problems. Sometimes, these issues are resolved without much fanfare following a disclosure by the individual who found the hole. In other cases, they result in costly losses due to theft, exploits, unauthorized coin creation, and destruction. These experiences provide regular fodder for outrageous news headlines. In this article, we focus on the disclosure process itself, which presents unique challenges compared to other software projects.15 To illustrate, we examine some recent disclosures and discuss difficulties that have arisen.