The past couple of months have been full of hard lessons for everyone in the cryptocurrency space. Bugs in the DAO code lead to hard forks of ETH which lead to Replay Attacks and now a market battle between Ethereum and Ethereum Classic.
In the process the DAO hacker has managed to indirectly harm everyone from ETH holders to anyone doing business with Coinbase, one of many potential victims of the Replay Attack.
If the problems with Ethereum weren’t enough, there are now reports that $72 million worth of Bitcoin may have been stolen from Bitfinex.
Even steemit.com was hacked. The difference is that Steem responded quickly, decisively, and with long-lasting technological solutions rather than one-time patches that do nothing to prevent future issues.
All of this is Preventable
For over 3 years I have been working to design and build next generation blockchain technologies. Steem is the product of many hard lessons in usability, scalability, and security. Most of the lessons learned are not available on any other platform.
Preventing Replay Attacks
Way back in November 2013 I introduced the concept of Transactions as Proof of Stake also known as TaPoS.
The idea behind TaPoS is that each time a transaction is signed it should reference a recent block ID. By referencing a recent block ID the signer is also certifying their opinion on the state of the blockchain and the pre-condition for the validity of the transaction.
Over the long term this means that every stake holder is directly certifying / checkpointing the blockchain and creates a measure of consensus that is even harder to forge than redoing all of the Proof of Work on bitcoin and “migrating” the transactions.
Preventing Rebirth of Forks
Assuming a blockchain will never have to hard fork is denying reality. Bugs will happen, new features will be needed, and lack of adaptability to market conditions will eventually kill any company, product, or cryptocurrency.
The decision to hard fork should be baked into the consensus process prior to any fork occurring. If consensus is reached that a fork should occur, then all nodes that do not have the code for the fork should shutdown by consensus.
Stated another way, the only way to “revive” a fork such as Ethereum Classic would be to implement a true fork and require everyone to update their code.
Ethereum Classic is an example of a Fork that should never have existed. If the Ethereum blockchain had a true consensus process in place for deciding when to fork and when to die then the entire market could rest assured they are on the right fork.
Instead decisions about which fork to adopt are handled outside of blockchain consensus and therefore chaotic in nature. Failure to provide a governance structure will lead to market chaos, uncertainty, and situations like Ethereum Classic.
Recovering from Hacks
Attempting to prevent hacks is a nobel, but futile effort. Hacks are instant, and permanent. Even with advanced multi-sig accounts, such as those supposedly used by Bitfinex, are unable to prevent the instantaneous loss of millions of dollars of cryptocurrency.
The problem is that you do not know you have been hacked until it is too late to fix it or recover. Hackers can slowly gather keys over time and then wait until the perfect moment to strike.
The strength of a system is not measured by how thick and impenetrable the skin is, but by its ability to heal quickly after being cut. Bitcoin, Ethereum, and most other blockchains have no system in place for healing.
Every Steem account is associated with a recovery account. The recovery account can be any other user on the system who knows you by some means other than your public key. In the event that your account is stolen, the recovery account combined with your old public key has the ability to restore the account to its rightful owner.
This is not just multi-sig. Multi-sig is a fixed set of signers who must cosign a transaction. The Steem recovery process considers any key used in the past 30 days to be one party to the recovery. An attacker can change the owner keys as much as they want, it will not prevent the recovery.
Your recovery account has no power over your account without one of your recent keys and it is not needed until after you are hacked. This is very different from any multi-sig solution currently on the market.
There are only two people who can recover an account, the attacker or the legitimate owner. So long as the recovery agent does full KYC prior to recovering the account no hacker will attempt to recover. In fact, there is no reason for the hacker to attempt recovery because they are already in control of the "current keys" which means they get the account by default after 30 days.
Time locked Funds
The key to security is time. It is impossible to know that your keys have been compromised until someone else signs something with them. By the time they sign, it is too late.
Imagine if there was a 24 hour delay during which your transfer could be recovered with the help of your recovery agent. With such a system in place a hacker would have to divulge the hack by using your keys, but would be powerless to prevent you from recovering your account and canceling the transfer.
If the hacker managed to compromise both you and your recovery agent, then the recovery agent would go to their recovery agent first, then recover you. This process could continue indefinitely so long as everyone could recover within the allotted time. The probability of a hacker compromising all of those accounts at the same time is vanishingly small.
All of these things require time with the ability to cancel. Without time delay hacks are impossible to detect until after they irreversible. Banks have known this for a long time. They implement daily withdraw limits, 24 to 72 hour pending periods, etc.
The vast majority of cryptocurrency wealth needs to be locked behind similar protections. The only funds that should exist as liquid “cash” are those which are needed immediately and which the holder of said funds can afford to lose.
Steem Solves these Problems
95% of all Steem value is subject to time release, all accounts can be recovered so long as you have any owner key used in the past 30 days and the signature of your recovery agent. All transactions implement TaPoS which prevents replay, and the decision to hard fork is built into the consensus protocol itself. Any nodes that don’t know the details of the hard-fork will automatically shutdown at the consensus defined time.
If Bitcoin and Ethereum implemented these features then Coinbase wouldn’t be suffering from Replay, Bitfinex would be able to recover their funds, and either Ethereum or Ethereum Classic would not exist.
These features make everyone more secure, and isn’t that the whole point of Cryptocurrencies in the first place? What good is a cryptocurrency that is statistically less secure than the funds in your bank? It is time for a change.