‘Catastrophe’ may have been the word of choice at a blockchain security conference held at Stanford University yesterday.

While cryptocurrencies and private blockchains heighten financial control to a degree, there’s plenty that could go wrong with the new financial systems, and, perhaps spurred by interest from governments and institutions, experts from a range of disciplines are trying to figure out those unknowns.

The Blockchain Protocol Analysis and Security Engineering 2017 conference was brimming with examples of how this thinking is taking hold across the ecosystem’s disparate sectors.

Even half a year after the collapse of The DAO, the first large-scale ethereum application, it remains a major point of discussion (seeing as it also resulted in two competing ethereum blockchains), and how new scripting languages might help to fix problems there.

But, through the presentations one thread was that since the technology is so new, it’s hard to figure out which risks are real risks.

Engineering consultant and conference organizer Byron Gibson told CoinDesk:

“In terms of blockchain infrastructure, we’re trying to get a better idea of how these systems could fail catastrophically and how to prevent that.”

He added that developers and researchers are searching for the problems that will have the highest impact, whether they have a low or a high probability of occurring.

Simulations

Overall, the conference placed a strong emphasis on preparing the infrastructure to detect security problems down the road.

But, some argued that even the ways of detecting potential issues are not yet sufficiently mature.

One promising avenue might be simulations, which imitate how blockchains react under different conditions. Three presentations dove specifically into how changes could impact bitcoin or other blockchains, envisioning how Internet protocol changes or block time intervals might impact their functionality.

“These still need another 10 years or so of development before they get really, really good. But it’s a good start,” Gibson said.

And, in the eyes of many attendees, it’s still a question of pinpointing the right risks. In a talk by Arvind Narayanan, assistant professor in computer science at Princeton, he described how the end of bitcoin’s block reward could result in attacks.

While he acknowledged it’s a long-term game theory problem, it’s one that he argued is worth considering should the public blockchain come to serve a larger role in global commerce.

“We have some time,” he said.

Open-source

Alongside emerging technologies to detect problems, there might be social risks.

Associate Professor at St Mary’s University School of Law, Angela Walch, pointed out in her presentation that the financial structure, as managed by several big institutions, never had to depend on open software before.

If public blockchains like bitcoin one day rule, the infrastructure would depend on a different set of rules, which she argued, pose new risks.

“I don’t think I have any answers here, but I have a lot of questions,” she said when kicking off her presentation.

Others weren’t so worried about the dependence on a loose group of developers. One audience member pointed to the open-source operating system Linux as an examples of a successful grassroots initiative.

While Linux isn’t used by your average computer users, it’s rampant, and has been ported to more devices than any other operating system. Still, Walch said it’s wise to start with skepticism.

“There are risks that I think you can’t ignore or push under the rug. I think they need to be acknowledged more openly even if there’s a small chance of the worst case scenario actually happening,” Walch later told CoinDesk.

She added:

“I think the outcomes are potentially catastrophic and you need to take them into account.”

Debate frictions

Gibson also pointed out that there are new types of blockchains emerging right now, and that each might have unique issues that simply aren’t common with the others.

“The permissioned ones are solving a simpler, better-understood problem than the permissionless ones. Maybe they have an advantage in that respect. But they’re still untested technology platforms,” he said.

And some seemed to think there was a rift between developers and academics at the conference. One developer attendee pointed out that, in his eyes, academics were not focused on the right problems.

Gibson had another take, arguing for a broader, more inclusive approach by all the industry’s disparate constituents.

To him, it’s worth examining the issue from all angles:

“I don’t know if there’s any one security threat that takes precedence.”

Turkmenistan crater image via Shutterstock

EventsSecurity