Could Blockchain be a technological fraud?

The above question was asked last year of the Trail of Bits company by the US Defense Advanced Research Projects Agency (DARPA). The crux of the question was whether Blockchain would indeed be decentralised as it is claimed to be, and to what degree. In addition, another concern related to the risks inherent in Blockchain – whether they had been ignored or misrepresented – or even ridiculed – by groups seeking to profit from the race around the technology.

Blockchains are the basis of several applications, the best known being the support for cryptocurrencies. Among them, Bitcoin. One of its main features is that it operates securely, without any centralised control. In addition, its records are immutable, and not susceptible to malicious alterations.

To answer DARPA’s question, Trail of Bits researchers conducted analyses and meta-analyses of academic papers and real-world revelations that had never before been aggregated. They also developed tools and conducted groundbreaking research.

The study focused mainly on the two most popular blockchains: Bitcoin and Ethereum. Proof of Stake (PoS – a consensus protocol used to validate transactions on blockchains) and fault-tolerant consensus protocols were also investigated.

To knock down the argument that blockchains operate in a decentralised manner, Trail of Bits’ study addressed several aspects:

• Authority Centrality(It is also often called Centrality of Governance): What is the minimum number of entities required to bring the system to a standstill?

• Centrality of Consensus: Similar to the previous aspect, to what extent is the source of consensus centralised?

• Motivational Centrality: how are participants discouraged from acting with ill intent (e.g. publishing malformed or incorrect data)? To what extent are possible triggers centrally controlled? If so, can the rights of a malicious participant be revoked?

• Topological Centrality: How resilient is the consensus network against outages? Is there a subset of nodes that form a vital bridge in the network, without which it would bifurcate?

• Network Centrality: Are nodes sufficiently geographically dispersed that they are evenly distributed across the internet? What would happen if a malicious ISP or country decided to block blockchain traffic?

• Software Centrality: To what extent does the security of blockchain depend on the software on which it is implemented? Could any bug (inadvertent or intentional) break the immutability of the blockchain?

One of the key findings of the study showed that the immutability of blockchain could be broken not by exploiting cryptographic vulnerabilities, but by subverting properties of implementations, networks and protocols. The research showed that a subset of participants could gain undue, centralised control over the entire system. So it comes back to mind the question: is blockchain decentralised?

Moreover, the number of entities sufficient to paralyse a blockchain network is relatively low: four for Bitcoin, two for Ethereum and less than a dozen for most proof-of-stake networks. Could this be a feature of decentralisation?

In the case of the Bitcoins blockchain, the study revealed that 60% of traffic goes through only three ISPs. Are these three ISPs enough for the cryptocurrency network to be considered decentralised? And if these providers were attacked by criminal actors, what would become of Bitcoins?

To complicate matters, the survey found that 21% of Bitcoin network nodes were using an old version of the Bitcoin Core client system, which became known to be vulnerable in June 2021. The study also warned that Bitcoin traffic is not encrypted. Any third party on the network route between nodes, e.g. internet service providers, Wi-Fi access point operators or governments) can observe and choose to discard any messages they wish.

Sceptical and critical voices

Recently,1,500 highly qualified experts sent a letter to the US Congress warning about blockchain technology and claiming that it is ill-suited for almost any purpose under the argument of serving the public interest. The group calls on parliamentarians to take a critical and sceptical stance toward industry claims that it is an innovative technology and to resist pressure from financiers, lobbyists and digital asset industry boosters.

The letter points out that not all innovation is entirely good and that the history of technology is littered with dead ends, false starts and wrong turn. According to the letter, digital ledgers – as blockchains are also called – are not a new thing and have been known and used since 1980 for rather limited functions. Current blockchain technologies, on the other hand, facilitate few real economy applications. On the other hand, they have been a vehicle for unhealthy and highly volatile speculative investment schemes, not to mention threats to national security through money laundering and ransomware attacks, and financial stability risks, among other problems cited in the statement.

Jorge Stolfi, a renowned computer science professor at Unicamp and one of the signatories of the letter, had already made such a warning through a tweet last May in which he claimed that blockchain is a fraud. In an article published by El País, he explains that he considers the technology to be fraudulent because it promises to do something it cannot actually deliver. Moreover, even if it were capable, it is not something useful for building real and beneficial systems for society.

A known critic of Bitcoin, Stolfi has already gained the attention of Vitalik Buterin, founder of Ethereum, who acknowledged on Twitter the contributions of the academic to curb excesses in the segment, which goes deeper in his criticism. He considers, for example, cryptocurrencies a pyramid scheme and a tool for crime and has already called for the Securities and Exchange Commission (CVM) to put an end to this class of digital currencies, comparing them to a Ponzi scheme, but much worse.