How secure is bitcoin

2/05/2015 09:23:00 AM
It is something of a myth that bitcoin was designed to be particularly secure or anonymous. It was designed to be able to be used like cash, which is neither.
An aside in this post by David Andolfatto about the desirability of bitcoin-like cryptocurrencies got me thinking:
"Finally, because Fedcoin, like cash, is a "push" (rather than "pull") payment system, it affords greater security against fraud (as when someone hacks into your account and pulls money out without your knowledge)."
This post goes into a bit more depth about this.

Proponents often tout security and efficiency of bitcoin as a payment protocol compared to the major conventional e-payment systems like credit and debit card transactions. I think this gets two things correct: first, bitcoin is a lot more like cash than debit cards. Second, the conventional e-payments system is ridiculously inefficient--it's both insanely expensive (just ask any mom & pop shop about their merchant fees) and incredibly slow. Credit and debit transactions are allegedly instantaneous, yet very frequently I find charges don't show up until days after the purchase.

The inefficiency of conventional e-payments is also a major security flaw, for a variety of reasons. First, the same factors that cause the expensiveness and slowness of the system--the middlemen payment processors--also represent extra surfaces that hackers can attack and exploit. Second, by making the payments so slow, these systems make it hard for customers to track their account balances and easier for them to accidentally overdraft. And while that's an obvious problem for customers, it's also a major liability for businesses who will find some of their previously-authorized payments rejected long after the customer has left with their product.

What I'm less sure about is that any of this pertains to bitcoin. The above represent problems with existing e-payments services, whereas bitcoin is a technology not a service--it isn't clear to me that the underlying technology that conventional e-payment services use is responsible for any of their problems.

A bitcoin is essentially just a text file on your computer.* It doesn't even have to be on your computer per se--you could print it out and all the information would still be valid and usable. The text file isn't literally a bitcoin, but rather a record of having received a certain amount of bitcoins at a certain address. (Something similar can be said of cash. Roughly speaking, addresses are like dollar bills, except that they carry whatever denomination was used in the previous transaction.) Let's say Alice has a few of these text-files--records of having received bitcoin payments--on her computer and wants to make a bitcoin payment to Bob. The first thing she has to do is find out what address Bob wants the bitcoins sent to. Then Alice has to write a script that strings together enough of Alice's bitcoin addresses (we call these "inputs") so that the total sum of the transaction amounts for those addresses is enough to cover her debt to Bob. Any change will be refunded to a new bitcoin address for Alice. Next, Alice encrypts this script using a private key, and publishes this transaction file, along with her public key, to the bitcoin network where Bob, and the payment processors, can get it.

Bitcoin uses Inverse Public Key encryption to secure transactions. This does not provide the kind of security you might be expecting. The way it works is only the private key can encrypt text, while the public key can decrypt but not encrypt text. Thus, absolutely anyone can decrypt and read all the details of Alice's transaction. The point of this encryption, however, is to prevent anyone from being able to modify that transaction without having Alice's secret private key. If someone tries to modify the file, the public key will fail to decrypt, and no part of the transaction will be readable to the payment processors or to Bob. Moreover, the addresses are tied to owner's public key, so that the only way to write a transaction that will validate with a given input address is if the transaction was encoded with the owner's private key.

Once payment processors see that Alice has published this file to the network, they will use her public key to decrypt the file and record the details of the transaction--which addresses the bitcoins are coming from, and which addresses they are going to--into the block chain, and along the way reconstructing the entire history of transactions that those bitcoins have gone through. If this process leads back to a valid origin point--that is, transaction falls on the longest branch of the block chain--then the script is validated and as a result Bob is willing to accept it as payment (bitcoin is faith-based; Bob has faith that others will also honor bitcoin transactions appearing along the longest branch, because the bitcoin protocol says so).

The first thing that jumps out here is that this is a really complex process. And bitcoin transactions are nowhere near as cost-less and instantaneous as cash payments--you have to wait for a payment processor to find and then process the transaction, a time-consuming and resource-consuming process they won't do for free. Moreover, you have to work with scripting languages at least well enough to be able to loop through and assemble your input addresses so that the collective balance covers the debt, to manipulate tedious cytptographic keys and addresses, and know how to implement bitcoin's cryptographic algorithms, in addition to having internet access and the know-how to publish transactions to the bitcoin network. And on top of all that, all of the real security--preventing hackers from stealing your private key, anonymizing your transaction (if that is something you want), making sure you don't loose your private key and transaction records, and all of that--is left entirely up to you.

By contrast, with an old-fashioned check some idiot just writes a number and signs it. Done. The Fed does the rest.

Fortunately, there are a lot of services built to implement this bitcoin protocol for you, so that you don't have to do all that by hand every time you want to use your bitcoins. That's what all these bitcoin "wallets" are. And if you want to be able to spend when away from your computer, you need some kind of cloud-based service which runs a wallet service on a remote server somewhere. And you need a mobile service with which to access the cloud service that hosts your wallet service. Which gets back to the original point. About the fraud security of bitcoin. It's true that bitcoin is more like cash than credit or debit. It's not true that that means it doesn't have all the same vulnerabilities and weaknesses of credit or debit, or that credit and debit can't be made just as secure and efficient as bitcoin. It's all about intermediaries, and the fact that bitcoin allows you to eliminate intermediaries in principle isn't all that meaningful in practice.

*This statement is a lie-to-children. If what followed about it actually being a record not a bitcoin doesn't make sense to you, just pretend like the file is a bitcoin. Conceptually, it makes little difference.
David Andolfatto 2/05/2015 09:54:00 AM
Excellent post, Matthew. Am going to tweet to Tony Gallippi and Jerry Brito...will be interesting to hear their take on this.