Wednesday, December 13, 2017

Australia wants you to take over Australian stocks by a 51% attack on the blockchain

As Keith informed me via Twitter,
Australian stock exchange [plans] to move to blockchain.
It should be able to fire a few settlement employees and move the record of the purchases and sales of stocks to a distributed ledger (DL), also known as a blockchain – the type of keeping of records that is used by the Bitcoin and other cryptocurrencies.

I don't know the details but whatever the details are, I think it's a terrible idea.

Copies of the transactions will be kept at hundreds or thousands of computers. It's my understanding that the whole point is that "not centralized", random computer owners in the world will be able to participate in this network, like in the case of the Bitcoin.

There are lots of critics of the Bitcoin economy but almost everyone seems to say that the blockchain itself is a groundbreaking technology that will change the use of computers in the future. I don't believe it. The praise for the blockchain has become a part of the political correctness and I think that it's fundamentally misguided. I think it's a fun theoretical construct but this whole decentralization is an extremely useless and counterproductive paradigm to replace the existing, "centralized" solutions of all these problems.

The surprising fact that follows from Nakamoto's invention is that the trust may be in principle decentralized. But whether it's decentralized in practice depends on what the nodes or miners are actually doing, which people stand behind them, how many people who matter exist (which depends on the difficulty and frequency of blocks etc.), how they think, what they intend, and whether they are talking to each other. All these microscopic details are often treated as a "black box" that you're not supposed to look into. Instead, you should worship the external beauty of the black box and say how nicely it is decentralized. People say that it's decentralized – because the trust may be decentralized in principle – but they don't seem to care whether it's decentralized in practice. So the "decentralization" really means simply "don't ask, don't tell" who is the real puppet master which is much more sinister.

Well, even in the case of the Bitcoin, the blockchain network that employs the largest fraction of computers, the actual miners are rather centralized – some 70% of them are located in mainland China. In principle, China may – and perhaps should – organize a 51% attack against the Bitcoin. When the miners are organized by one entity or encouraged to speak to each other, they may realize pretty much any plan. To show the strength, they may instantly abolish all the new payments because they may mine empty blocks only and refuse to extend any candidate chains by others that contain non-empty blocks. Then they may make an offer to the Bitcoin community: We will assign 79 million extra Bitcoins to us, and will re-enable the transactions so that you may keep on having the fun from the game. I actually think that China should do that because otherwise it's just insanely wasting its assets and potential.

In the case of the smaller cryptocurrencies, you don't need a "conspiracy" that is as large as China's miners. Hardware worth $10 million is enough to have enough mining power to beat the rest of the world and retroactively edit the distributed ledger, the blockchain.

So while the Bitcoin is "marginally safe" because there is some reason to hope that China will perhaps not do what it can do, it can't be said about any other smaller cryptocurrency. Each of them may be rather easily conquered by one of the mining pools. To move the real world, e.g. the Australian stock exchange, on something where the outsiders may participate in the "consensus" is just extremely dangerous. The blockchain is all about cryptography which makes things hard to decipher. But it makes the actions of malicious agents less visible, too. It's not really progress.

I sort of implicitly assumed that the blockchain will run on some proof-of-work, like the Bitcoin. But even if there is another system to "vote", there exist analogous 51% attacks, perhaps even simpler ones. Also, the attackers may be located in Australia. A movement of teenage "stock traders" who participate at such a consensus could agree on a plan to take over the stocks.

I just don't understand why any company would want to decentralize its power over the data it depends upon. It looks fundamentally and universally stupid to me. It almost looks like throwing its cash over the fields and meadows. Yes, the cash becomes decentralized but is it really a good thing? What's the advantage of moving the power to some murky players who aren't known and whose intents aren't known and often can't be known? Do the directors of the stock exchange expect the responsibility or accountability to be distributed, decentralized, or outsourced as well? I think that this is how NiceHash has stolen their own users' money.

The Australian stock exchange could use Ethereum or some network of computers that is large enough. But the number of transactions could quickly run amok. And Ethereum arguably can be attacked, too.

These are the rough reasons why I think that when people regain some common sense (or when they become targets of first major similar attacks), they will realize that the blockchain as a general idea is basically unusable as a safe replacement of the existing solutions.

No comments:

Post a Comment