There are three key objectives to consider for any blockchain technology to be successful in achieving its goals. Known as the "blockchain trilemma," these are scalability, decentralization, and security.
Enhancing and focusing on one of those pillars inevitably requires sacrificing another. This is true for Bitcoin, Ethereum, and every other blockchain in existence. In Bitcoin’s case, scalability took one for the team in service of maximizing decentralization and security.
But in doing this, Bitcoin created the world's first highly secure and decentralized blockchain.
Defining Blockchain and Bitcoin Security
There are seven key pillars of blockchain security – this goes for all blockchains, not just Bitcoin. Together, they form a set of principles that guide builders, engineers, users, and institutions, while helping to ensure the safety of assets and the long-term viability of the technology.
The motivating thesis behind any blockchain technology is decentralization. Many measure this with the Nakamoto Coefficient which, in basic terms, can be a measure of how easy it would be to pull off a 51% attack on a network. Data from miners, clients, developers, exchanges, nodes, and owners is used to pull this measure together. The higher the Nakamoto Coefficient, the more secure the blockchain.
Strong cryptography is paramount to the security of transactions on a blockchain network. It helps to secure assets from unauthorized access and transfer, as well as ensure user privacy. There are two main types of cryptography used in blockchain technology: symmetric and asymmetric.
Symmetric cryptography uses similar keys for encryption and decryption, and is also used in securing website connections and personal data. The cryptographic algorithm utilizes the key in a cipher to encrypt the data and the data must be accessed. A person entrusted with the secret key can decrypt the data.
Asymmetric cryptography uses different keys for encryption and decryption. The public key allows parties who are completely unknown to each other encrypt data for transactional purposes, while the private key is used to decrypt that data. Here, the private key cannot be derived from the public key, but the public key can be derived from the private key. If executed correctly, this ensures the transactional integrity of a blockchain network and its scalable usability.
Consensus mechanisms play a vital role in ensuring the security of blockchain networks. They are designed to enable decentralized systems, where multiple participants, often called nodes, collectively agree on the validity and order of transactions. By establishing a consensus among nodes, blockchain networks achieve multiple security benefits.
Six of the major blockchains all use a similar type of consensus mechanism, usually incorporating a Byzantine Fault-Tolerant form of Proof of Stake (PoS). In this system, a two-thirds supermajority of the blockchain’s validators must agree before a new block is added to the chain. Unless this is achieved, there will be a denial of service to a party trying to add a block. This prevents malicious actors from altering the status of the blockchain, and is a form of security and integrity maintenance not possible under centralized leadership. This aspect of decentralization can cause speed of transaction issues, but helps ensure that those transactions are legitimately valid.
The Bitcoin blockchain uses Proof of Work (PoW), another consensus mechanism that requires validators to approve new transactions of bitcoins and blocks. We'll elaborate on how Proof of Work plays its part to validate security on the Bitcoin blockchain and contribute to best practices.
Bitcoin, for example, achieves immutability in part because of its status as a write-only ledger. Transactions cannot be reversed or altered once complete, meaning that the blockchain is a complete history of every transaction that has ever taken place on its network. By ensuring that transaction records cannot be easily changed, immutability increases trust that the network is indeed a valid record, as well as transparency and the traceability of data across the network.
The decentralized nature of blockchain and its distributed network of validators helps ensure network security by making it impossible for an attack on one node to endanger the integrity of the network. It also acts as a failsafe in case one or more nodes are compromised; the entire blockchain is duplicated and distributed across a vast network of computers across the world, and the nature of consensus mechanisms prevents a compromised version from achieving malicious goals. It is a built-in security control in much the same way consensus mechanisms and immutability are. Compare this to a centralized network like a traditional payments system, where a successful attack on a centralized server can reveal the personal and transactional data of potentially millions of customers.
Smart Contract Security
Smart contracts are programs that directly and automatically control the transfer of digital assets between parties, while also automatically enforcing those contracts. They function in a way that eliminates the need for a trusted third party in a transaction, and interacts with the blockchain in a way that ensures the enforcement and completion of a transaction via code, rather than through litigation. They also employ basic first-order functions to authenticate the transaction, including verifying the amount and availability of assets.
Governance and Consensus Updates
Though immutable and decentralized, a secure blockchain must also be viewed as a living being. It must evolve and adapt in order to survive and achieve its purpose. The updates and alterations to functionality and features present in a blockchain must also meet the consensus requirements of contract validation, which democratizes the governance of a given blockchain and its technology. No one party can bend the network to their will or fundamentally change the basis on which it functions; the vast array of stakeholders must decide together on how it is governed and how it operates.
Preserving the Security of a Public Blockchain
These measures of security are necessary to provide a backbone that can withstand a wide array of attacks from malicious actors who seek to undermine a blockchain and its network. These attacks can range from simple to sophisticated, and can come from a variety of vectors.
One of the most common blockchain network attacks are 51% attacks, which we mentioned briefly earlier. These occur when a miner or group of miners amasses 51% or more of a blockchain’s mining power, giving them control over the distributed ledger and freedom to manipulate it with malicious intent. Given that networks like Bitcoin are so widely distributed and heavily populated, these are very difficult to pull off. However, on smaller chains and chains that struggle with decentralization, these are more dangerous.
Another common threat is known as a Sybil attack. In these cases, hackers flood the network with fraudulent identities in an attempt to clog and oversaturate a network. These attacks can overwhelm reputation systems in peer-to-peer networks and are designed to gain influence within a system, allowing these users to carry out illegal operations. In this way, it is similar to a 51% attack.
Both of these attacks can be thwarted by responsible deployment of blockchain security mechanisms, especially in systems that rely heavily on strong decentralization and consensus protocols.
How is the Bitcoin Blockchain Secured?
That brings us to Bitcoin. As we discussed at the top of this post, Bitcoin has prioritized decentralization and security above scalability since the beginning. The network makes heavy use of all seven security measures in order to maintain its legitimacy and foster responsible governance and development.
Its write-only ledger status, highly decentralized network structure, and Proof of Work consensus transaction verification ensures that in the event of a Sybil attack, fraudulent users would not be able to rewrite the network’s history, while amassing a critical mass of fraudulent activity would prove nearly impossible due to computational power restraints.
One note here is how Bitcoin interacts with smart contracts. Since the core layer of Bitcoin’s blockchain doesn’t really support smart contracts, and thus handles their integration and security via Layer 2 protocols like Stacks, RSK, and Lightning which operate on top of the core blockchain network infrastructure. These exist to expedite transactions and help the network achieve more throughput without overwhelming its capabilities.
This solves helps strengthen security for Bitcoin in two ways. First, it increases network decentralization by finalizing transactions above the Layer 1 level and reporting them back to the main chain once finalized. Lightning nodes, for example, and Bitcoin network nodes are separate entities, expanding the overall distribution of the network and its assets. Second, it adds an extra layer of asymmetric key cryptography to Bitcoin’s off-chain transactions. This means even when assets are moved into or out of the network, their associated data is still highly protected.
Bitcoin and Best Practices for Blockchain Security
Blockchain network security is the foundation on which its entire infrastructure rests. If it’s strong, users will feel safe trusting their assets to it and the network will flourish, further strengthening itself through growth. If not, it runs the risk of being compromised before it ever gets off the ground.
The security of the Bitcoin network depends on a number of factors, and those same factors are actually more or less universal in determining the level of security found on other cryptocurrency blockchains. The decentralized nature of blockchains and the cryptographic technology found in wallets (including digital signatures) and other digital currency operations are two criteria that has helped distinguish blockchains from traditional financial systems.
Given that Bitcoin was the world's first blockchain, it has played a big role in the crypto world by also helping establish many of the best practices that exist to limit security risks and vulnerabilities in blockchain technology. To this day, developers are still working on the overall security of the blockchain to better protect transactions on the Bitcoin blockchain from thefts, hacks, and other security concerns.