The distributed ledger is the fundamental technology behind blockchains like Bitcoin and Ethereum. The latest report, titled “Are Blockchains Decentralized?” by security research firm Trail of Bits, poses a question on the thesis of decentralization as the longstanding notion of blockchain, arguing that it may be more centralized-oriented than the crypto industry tends to think.
Immutability Subject to be Exploited
The report, commissioned by the US government’s Defense Advanced Research Projects Agency (DARPA), doubts immutability as commonly referred to as a primary feature of the distributed ledger technology, allowing cryptographic information to be unchangeable once being documented on the network.
“Immutability can be broken not by exploiting cryptographic vulnerabilities but instead by subverting the properties of a blockchain’s implementations, networking, and consensus protocols.”
The report found that expired Bitcoin nodes and unencrypted blockchain mining pools could make it possible for various bad actors to “garner excessive and centralized control over the network.”
Outdated Nodes
Given that a vast majority of Bitcoin nodes are not participating in mining for securing the network and expired nodes are still running on the blockchain, the report argued that it made the network subject to vulnerabilities such as consensus errors which could lead to “a blockchain fork.”
Nodes are used to ensure the security of the blockchain and validate on-chain transactions. When they are compromised, the network is subject to external attacks. The report noted that when outdated nodes continue to operate, lowering the percentage of hashrate needed to execute a standard 51% attack, the network is thus at risk of being compromised. It further explained:
“Moreover, only the nodes operated by mining pools need to be degraded to carry out such an attack. For example, during the first half of 2021 the actual cost of a 51% attack on Bitcoin was closer to 49% of the hashrate.”
Mining pools could also pose a threat to the safety of every included node on the Bitcoin network, the report stated. Citing Bitcoin’s mining pool protocol Stratum as “unencrypted” and “unauthenticated,” the paper pointed out that once a third party within the network route is perpetrated, transactions on the ledger could be potentially corrupted by external actors.
For a blockchain to be optimally distributed, the report said, there must be a so-called Sybil cost. However, there is currently no known way to implement Sybil costs in a permissionless blockchain like Bitcoin or Ethereum without employing a centralized trusted third party (TTP).