Is Crypto Really Trustless?
Today we will thoroughly consider one of the fundamental concepts of cryptocurrency known as “Trustless.”
Trustless can be understood as something that does not require any additional trust. Trustless is one of the most advertised characteristics of almost any blockchain and its major strong point.
One initial idea behind the first cryptocurrency Bitcoin was that it would provide technical measures for network users to interact with each other without the need for actual trust.
Is it enough to trust proven cryptography algorithms, such as SHA256? In other words, is it reasonable to expect that the use of such algorithms will make impossible the dishonest behavior of all who wish to use the cryptocurrency?
The problem is that even if we trust the algorithms themselves (without thinking about the black swans among them), it is important not to forget that the network consists not only of users with full nodes.
In this article, I will try to describe the possible points of trust-related risks using the Bitcoin network as an example.
First group of trust generating risks are known as “Errors”. To become a Bitcoin user, you need to download a Bitcoin wallet. A wallet is a program on your computer or smartphone that allows you to receive and send your Bitcoins to other wallet owners. And already at this stage, you need to trust the selected wallet. Since a wallet is a complicated program, there may be mistakes in it. After all, the program is written, albeit very qualified, but by people. And such an error may be critical.
This is, in fact, written on the page of the developers of Bitcoin Core, which is the main BTC wallet.
«this is a security-critical project where any mistake might cost people lots of money»
Secondly, the deliberate sabotage of the wallet code is also possible, i.e. a situation where, under pressure from outside or for some other reason, one or more developers of a Bitcoin wallet intentionally add an error to the code. That is why the safest wallets are open source wallets. The code of such wallets is laid out in open free access to the Internet. Anyone with the necessary knowledge can check them for safety before using such a wallet.
But here’s the catch. Only a few people in the world can check thousands of lines of the most complex program code qualitatively enough. This means that you also have to trust these people if you do not possess such a level of code testing skills.
Thus, it turns out that for most people, the openness of the code of popular wallets gives absolutely nothing as you will have to trust the people who have verified it.
Let us check the Bitcoin Core wallet as an example. It is being developed by the same developers who have been updating and developing a decade old Bitcoin protocol. They continue to change and improve the code originally written by Satoshi Nakamoto himself.
An interesting point here is that there is most likely has nothing left of the original Satoshi code. The entire code is currently rewritten by the Bitcoin Core team and volunteers who send them edits. Tens of thousands of code edits have been made over the last ten years.
The Bitcoin Core team is considered a high-profile team of programmers. Many of them, moreover, have a large number of Bitcoins. Therefore, it is in their personal interest to write and deploy a quality wallet code. Otherwise, their coins can depreciate after the collapse of the network.
But this does not remove the need to trust the team of Bitcoin Core!
To illustrate my thoughts further, there is a series of competition between programmers called Underhanded-C. At this competition, programmers try to write malicious code so that people testing and validating this code could not guess that it is malicious. But that is not all!
The main point of this competition is to write a malicious error in the code in such a way that upon detection it looks like a common typo or a random error and not malicious intent. Only the best programmers are capable of such feats.
And it does not matter how many types of Bitcoin wallets, miners and other software exist. All described above will be relevant for them as well.
One of the safest options is just to create a paper wallet and store it. However, such a method does allow everyday use and is only suitable for “cold storage.” There is, of course, hardware wallets like Trezor or Ledger which I use myself.
But with them, in fact, everything is the same as with the software. Maybe even worse.
You need to trust the software inside the wallet – firmware – as well as the developers updating it. In addition to this, you need also to trust manufacturers of hardware design chips in your wallet.
If you thought that errors are only in programs, then I want to remind you of a very recent error in all Intel Core processors. They allowed access to user data without user consent. And the worst thing is that a mistake in hardware design is not so easy to fix as a line in the code. You need to release a new chip or board.
Intel still hasn’t completely solved the above-mentioned problem. And it took about 2 years since the discovery. Yes, firmware developers can temporarily close such hardware errors by making changes to the firmware code. Meaning, that the firmware in your Ledger does not allow you to use a hardware error in the chips of this Ledger. But then we return to the issue of trusting the device firmware and developers as vulnerabilities were found there as well.
You can also recall possible problems and vulnerabilities in Windows, MacOS, IOS and Android. After all, you usually need an operating system to run the wallet.
This was only related to hardware wallets, but we have potential problems with other blockchain stakeholders called mining pools.
Miners are people or companies that provide their computing power to support the work and strengthen the security of the Bitcoin network. For this, they receive an award in Bitcoins proportional to the power provided to the network. Actually, this is how new Bitcoins are created until 21,000,000 coins are available.
Miners use two components for their work:
- Mining equipment. Now it is an ASIC device. Hardware for these devices and firmware in 80% of cases are created by Bitmain.
- Pools. These are remote servers, and miners connect to them to combine their capacities. Server pools belong to third-party companies. They use specialized software.
If you understood the algorithm for identifying the most vulnerable points by analogy to wallets as discussed above, you can immediately see such points here:
- ASIC Hardware
- ASIC Firmware
- Pools Software
- Pools hardware
- And the people behind it all.
The company Bitmain has already been accused of hidden shutdown options in the firmware of their miners. This option was called AntBleed.
Yes, and with pools, the situation is alarming as well. About half of them belong in the same hands. To the same company Bitmain. Just as much is needed for individual network filtering or course collapse a hundred times.
That is why Bitcoin Core has recently proposed software for pools BetterHash. This software should help isolate the ability of pool owners to damage the Bitcoin network, even if they have more than half the power they own. Problem is with forcing pools to install it.
And to finalize this article, I would also like to touch a quite well known Lighting Network.
Lightning Network is a kind of expansion of the Bitcoin network. The Bitcoin network at times of strong load is not able to process transactions quickly, and most importantly, cheaply. And the Lightning Network has to solve these problems.
Lightning Network is an add-on that is a network of nodes (serving as a mini network of microbanks in the Bitcoin network) that conduct transactions through themselves. Lightning Network is the second optional way to transfer funds to the Bitcoin network in addition to the existing one.
In theory, every network participant can become such a node. But for this, you need to reserve a certain number of Bitcoins. Plus, before sending funds, you need to pay a commission for the intention (opening of the channel) to make transactions. The problem of the Lightning Network lies in the trust of Lightning Network nodes. And to be more precise – trust in the software on the nodes and the people controlling it. This was mentioned by Dan Larimer in his discussion with Satoshi in 2010.
As you already understood, the concept of Trustless is not fully applicable to the Bitcoin network. And it applies even less to other cryptocurrencies and smart contracts. After all, smart contracts are other entities that require trust.
In fact, when somebody means Trustless, he means a subjective minimization of trust problems compared with the conventional banking system with its credit cards, the Federal Reserve and the government.
Disclaimer: The author owns Bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.
Featured image courtesy of Shutterstock.