Cryptography is a cornerstone of blockchain technology. It is the foundation for block mining, the integrity of the blockchain itself, as well as the authenticity of all transactions and participants. Without reliable cryptographic primitives, such as hash functions or cryptographically secure random number generators, blockchains in any form would, therefore, be unthinkable. Blockchain technology, which is still young by the standards of cryptographic research, presents some challenges to science. While most blockchains use proven cryptographic primitives for signing transactions and generating proof-of-work, there is often no statement about the future security of cryptographic primitives. Over time, more and more efficient attacks on cryptographic algorithms will be developed, the computing power available to an attacker is steadily increasing, and previously unrealistic attack scenarios are suddenly gaining relevance, such as Logjam1 and SHAttered2. In addition, the security of cryptographic systems is far from dependent solely on the choice of appropriate algorithms. Rather, many attacks are aimed at the way it is used and its specific implementation. There are plenty of examples, from trivial implementation errors such as Heartbleed3, which may remain unrecognized over years, to more complex attacks that use system behaviour deviations as so-called “oracles” in order to obtain information about cryptographic keys, up to page channel attacks that evaluate (for example) the timing behaviour of implementations.

Much of today’s blockchain technology neglects these attack capabilities, relying almost exclusively on cryptographic primitives that are considered safe today. However, since blockchain applications, in particular, are designed for especially long lifetimes – think of a notary function, for example – it is essential that these systems are able to deal with new attacks and possibly broken cryptographic primitives in the future. For secure communication protocols, a selection of several cryptographic algorithms is usually used which are available for each connection setup, so that algorithms that have become unsafe can be easily exchanged. Such “crypto-agility” does not yet exist for blockchains. Rather, recent research has shown [7] that the bitcoin blockchain, for example, is not resistant to possible attacks on some cryptographic components: if it becomes possible in the future to falsify ECDSA4 signatures, bitcoins could be stolen as a result. If it were possible to invert the SHA2565 hash function, an attacker could possibly (among other things) calculate the proof-of-work efficiently and take control of the blockchain.

1 Logjam is an attack that makes it possible to break the key within an efficient amount of time by downgrading to 512-bit residue class groups during a Diffie-Hellman key exchange.

2 SHAttered is an attack that makes it possible in practice to create SHA1 collisions between two different PDF documents.

3 Heartbleed is a severe bug in older versions of the OpenSSL open source library, using encrypted TLS connections to extract private data from clients and servers.

4 Elliptic curve digital signature algorithm (ECDSA)

5 SHA (secure hash algorithm) 256 is a special cryptographic (i.e., collision-resistant) hash function.

Measures against such attacks – should they ever become possible – are extremely complex. Although the protocol can introduce a new hash function while backwards compatibility is lost, old blocks with block hashes from the old, insecure hash function have to be preserved according to the design. As a result, the new clients would now have to solve two proofs-of-work instead of just one.

In this regard, science is therefore mainly faced with the following challenges:

  1. The development of cryptographic primitives that are also resistant against future attacks, such as by quantum computers.
  2. The design of blockchain protocols that support crypto-agility and still provide security guarantees for transactions in the event of effective cryptographic attacks on individual primitives.
  3. The development of procedures that correctly implement critical operations in blockchain protocols in a demonstrable manner in order to avoid fatal implementation errors, as have frequently occurred in OpenSSL.

© Yotta Laboratories