back to article DARPA study challenges assumptions about distributed ledger (and Bitcoin) security

US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants can gain control over the entire system. The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the …

  1. boatsman


    this technology is designed as computer democracy ... 51% of a unknown subset of the nodes in the network.....

    .... might be 1 (one) single person or organisation behind these nodes .... who knows.... there is no trustworthy registry of computer owners... :-)

    thus, any malicious player (all state actors, therefore, plus Bezos, Musk et all .... ) with deep pockets can control bitcoin and < ... your fav crypto coin(s) ....>

    and of course, (malignant ) version of the software ... unknown

    it simply will not work for any real world scenario where trust is crucial.


  2. iron Silver badge

    Yup. I've been saying that the blockchain is not immutable and that power to control it is in the hands of only a few nodes for years.

    The crypto bros would not listen to me, they will not listen to DARPA either.

    1. Charlie Clark Silver badge

      Oh, I think it remains "immutable", you can't change the history, but that, along with the distributed network, was supposed to prevent abuse. However, it's now clear that the network is nothing like as distributed as it needs to be and that communication between nodes itself isn't secure: are you sure the message was genuine?

  3. sansva

    It seems that this is ultimately a logistics problem that could be solved by restricting/controlling what entities are able to become valid nodes. I suspect that if Big Provider weren't so intent on ripping off consumers and thus allowing every one to have their own static IP v6 address that establishing identity and limiting node membership to specific identities would solve this problem. It's funny how many problems relate back to identity.

    1. Yes Me Silver badge


      Using IPv6 addresses as identities is impossible. They are topological addresses (exactly like IPv4). The IPv6 addresses of my laptop change whenever I move to a new network, and the IPv6 addresses of my smartphone change when I move from WiFi to cellular or back.

      Because of the way Internet routing works, it cannot be otherwise.

      ("Addresses" in the plural, because any up-to-date IPv6 host uses temporary addresses to protect privacy: it isn't an oversight that IPv6 addresses are not tied to identity, it's a design goal.)

  4. Claptrap314 Silver badge

    What exactly is new here?

    And by "new", I mean, "Not already discussed on the cyperpunks mailing list in the '90s?" Certainly, we did not call the pools by that name. But the concepts were all there.

    The fact that this "report", or whatever they are styling it, doesn't even mention the 40% attack on Bitcoin means either someone needed to get something published, or that this paper is an attack on crypto. (This is coming from the US govt, of course.)

    I was a cypto-skeptic in the '90s. I've never attempted to create an account. I've publically called BTC & friends "beenie babies" & "tulips" & worse. But this "report" contains less value than an airdrop in Somalia.

    1. Anonymous Coward
      Anonymous Coward

      Re: What exactly is new here?

      Thanks for beating me to saying this. Half the report this quotes seems to be rehash of the whitepapers all of this was based on. Duh, yes in Bitcoin 51% of the pool can steer future transactions. That is literally how it is designed to operate. Yes, there are issues with that, and yes newer protocols have taken different approaches.

      The article also points out that the mining pools, and the bitcoin market in general has been take over by large groups and individual whales. While that's not great, it also fails to mention that OG Bitcoin isn't being used as a digital currency to any meaningful degree. A certain south American country aside. It's been taken over as vehicle for speculation, and isn't even trying to compete at that level. So whining about it becoming "undemocratic" is meaningless. Don't like it? There are plenty of alternatives.

      Some of the other coins ARE being used as currency, but arguably the best example is the one no-one wants to talk about. Monero. Probably 75-85% shady business, but you can't argue it isn't getting the job done at a technical level. Don't want to be tangled up in other people dirty laundering? Plenty of other choices, and if you still can't find one that suits your needs in the 19,000 shitcoins and alt-tokens? Start your own and make it 19,001!

      Sarcastically and in no seriousness I wonder if the original article was just an excuse to use the computers at work to do Crypto "research" and sign of on the electrical bill. Papers author could have spent two months in the can and came to more original conclusions.

    2. Michael Wojcik Silver badge

      Re: What exactly is new here?

      It's also worth noting that the issues mentioned in the article – I haven't read the DARPA report – have all been documented in published research before. There were papers on Bitcoin network partitioning in Colyer's Morning Paper when that was still active, for example.

      But reproduction and confirmation of results is useful, even if it isn't new to people who have been following the research.

  5. Dasreg

    God mode

    There is no secure public connection

  6. MrGreen


    More FUD from the US government. They are paving the way for their Central Bank Digital Currency.

    Why don’t they release a paper on how many times the centralised banking system has been hacked?

    1. Blank Reg

      Re: FUD

      There is no need for spreading FUD, crypto is worthless and the sooner they all hit their true value of zero the better for all of us.

  7. Anonymous Coward
    Anonymous Coward

    Counterpoint (s)

    Below is a response to this study that I found online suggesting that while some of this is applicable to most "crypto", little if any of what they discussed is relevant to real world Bitcoin. Considering how long the Bitcoin network has been operating and how large its market cap has grown, it's impressive that no one has been able to exploit the Bitcoin protocol to date.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like