Sunteți pe pagina 1din 10

The ultimate bitcoin / altcoin and blockchain FAQ

This FAQ answers your (critical) questions. It is in the first degree a “for dummies” FAQ in order to
generate a better understanding in this domain for the wider public. Of course, a more in-depth
explanation is available from the author.

Note: the copyright of this FAQ belongs to the Scribd account holder

The FAQ looks at financial-economic, technical and mostly (information) security aspects.

What are cryptocurrencies in essence?

In essence, cryptocurrencies are composed of sets of bits and bytes that form “coins” as basic units with
a certain attributed financial value. Cryptography is used to prevent that rogue coins are created, to
ensure that the number of coins are limited, to ensure that they can be only owned by one party at a
time, to ensure that the ownership of each coin is determined and to ensure that any transaction (=
change of ownership) is duly recorded.

The (original) idea was that a cryptocurrency, like bitcoin, could be used in the same way as classical fiat
money: to purchase goods and services, to make payments and to keep in accounts. However, all this
would happen without state interference and control.

Why would anyone want to use cryptocurrency instead of regular currency?

Up until now, the actual use of cryptocurrencies as actual currency is very low. Some organizations are
offering this service, maybe in order to come across as futuristic or as a proof of concept.

The idea is that money becomes free and independent (from banks and government authorities) because
there is a belief (mostly among libertarians and anarchists) that classical fiat currency is flawed. The hope
is too that this will be a far more efficient system and that transactions will become cheaper as well.

Currently, the reality is quite different as the main interest is in speculation on the rising values of
bitcoin / altcoin to make easy profits.

What determines ownership of virtual coins?

In essence, the ownership of virtual coins is determined by possession of private keys. Those private keys
allow via a cryptographic (digital) signature to change possession: e.g. spending the coins. The public key
in the bitcoin transaction indicates who owns it now, but the signature of the previous owner “seals” it.

An intermediate service provider, like an online wallet, can store their owners’ private keys or the owners
can store their keys themselves. This can happen on their computers or phones or in (external) hardware,
including “secure” hardware tokens, like smart cards or secure USB devices.
What are the main technical / security challenges? Is it secure?

Keeping secure possession of these private keys, and ensuring they are used only for valid and approved
transactions is one of the main challenges. There is no standard holistic approach to the security aspects
of bitcoin and altcoin (yet). It’s a free “unregulated” sector after all.

Another factor that shouldn’t be overlooked is unnoticed compromise of a private key to transfer
ownership, followed by other transactions on the same bitcoin(s).

If the securing of private keys is entrusted to an intermediate service provider, the owners need to trust
this service provider to do this well “continuously” and to secure their keys and the access to use those
keys during the whole lifecycle of the keys. This is a matter of (objective and independent) validation of
their service, regular compliance audit with security policies and practices that are relevant and current;
regular repeating of risk management processes; having enforceable indemnification means that are in
line with real liabilities; and schemes that allow general users to verify all of this. If the stakes are high
(e.g. common people having their life savings in bitcoin or altcoin) it’s no mean feat. If it’s just for playing
a bit, of course all of this doesn’t matter.

If the owners keep their own private keys, then they have to protect them against (for example, this list is
NOT exhaustive):

- Inappropriate key pair generation


- Key compromise at the time of generation or initial transport (if applicable)
- Loss of the private key by destruction of the key holders or loss of the key holders
- Compromise of the backed-up private key (if applicable)
- Ineffective backup and availability strategies
- Hacking of their keys in software stores
- Robbery of their keys in hardware stores
- Unsuitable hardware stores with vulnerabilities that can be exploited
- Fake news quality guarantees on the “secure” key stores
- Hacking of their client machines (PC, phone etc.) and/or infection by malware that results in
compromise or (in case suitable hardware key protection is used) misuse of their keys, which
results in loss of their coins as the coins are transferred to the attacker
o Note. Misuse of private keys does not imply that the keys must be stolen or
compromised themselves. They can be securely stored somewhere.
- The making of unintended transactions as a result of social engineering, compromised system
security (of the PC, phone and their underlying OS and/or ICs / CPUs) and other hacking
techniques (like different types of man-in-the-middle / man-in-the-browser / man-in-the-phone
attacks)
- Erroneous transactions and how to deal with their results
- The eroding of the cryptographic strength of the keys at a given time
- New vulnerabilities in their environment (platform, OS, drivers, wallet software, software key
stores, firmware, ICs / CPUs)
- New types of threats
- The complexities of handling hardware tokens, checking offline challenges etc. Often more
sophisticated security comes at price of less ease of use. At some point users are willing to make
a compromise for the sake of convenience
Furthermore, cryptocurrencies based on blockchain are mainly a (limited and partial) technical solution
for mitigating (some) security risks. Technical security is never effective by itself. It has to be
complemented with the right policies, processes, skills, and user awareness. Cryptocurrency / blockchain
also (still) miss a holistic and standardized approach to risk avoidance & minimization, risk mitigation, and
risk transfer to consider this approach as secure.

(Why) would bitcoin and altcoin become a target of cybercrime?

As bitcoin / altcoin appears to become more valuable by the rising market rates, there is certainly a
growing financial incentive for cybercrime.

The following factors make it a more appealing target:

- A higher level of relative anonymity (in the current implementation) makes it more likely that the
cybercriminal can get away with hacking and theft, scams and other crimes paid via bitcoin (like
ransoms for abductions), or the use of bitcoin and altcoin for money from criminal activities,
money laundering, financing of terrorism, and tax avoidance.
- No formal party to limit risks (by limiting transaction values) and monitor (suspicious)
transactions. Once a transfer is made, in principle nobody cares.
- Dodgy security of exchanges and wallet software: Even in their relative short life, we have already
seen several hacks and security incidents with major impact. In contrast with serious and well-
established banks with an interest in having long-term customers and giving them a satisfying
level of trust, they may have a short-term business plan, they may also be in a start-up phase and
are still immature, they may place too much trust in the “intrinsic” security of blockchain, and
they are not regulated and thus cut (more) corners …
- Reliance on technical security (only) and lack of a holistic approach: see previous question and
answer.

Do cryptocurrencies have to remain more anonymous?

In principle, it is certainly not necessary for cryptocurrency transaction in a blockchain to be more


anonymous than our classical means. In fact, the opposite can be true. If a reliable and recognized party
identifies, vets and binds the users with their accounts and public keys, and ensures that the security of
the binding in the future, using such a method could even lead to better traceability. Unfortunately, this
goes against the goals of the originators of bitcoin: dodging regulation and eliminating public authorities
that have control over the blockchain and the transactions in it. If this is to be implemented, the face of
bitcoin / altcoin will not only change drastically, but the main supporters might leave to another coin or
scheme.

What is blockchain and its function for cryptocurrency in essence?

Blockchain was first used as an underlying concept to implement bitcoin. Hence, it’s often confused as
being a distributed ledger, while a distributed ledger can be implemented in many (other) ways. Some
examples of altcoins exist that do not use blockchain at all and even look more promising in terms of
efficiency and cost.

Blockchain refers to the cryptographic chaining of data blocks using cryptographic hashing (SHA256 in
bitcoin). The blocks collect transactions in a Merkle tree, which is a hash tree. Basically, you can calculate
the chain of hashes and detect any integrity breaches like that.
So in essence, blockchain could be seen as a secure electronic evidence preservation method.

In bitcoin implementations, complexities have been added, like a nonce that has to be found by intensive
searches by the miners that together with the rest of the new block will be hashed and must result in a
predefined pattern. This makes adding blocks to the chain a task that requires extensive resources. We
will assume that this is an essential part of blockchain, otherwise it’s just a combination of hash lists and
hash trees, which is not really a new or original concept. This mining activity, which is also combined with
the more useful task of validating the hashes to ensure there is no falsification, is there to limit the
number of blocks that can be created in time and it also puts a limit on the miners as the activity is very
computing intensive. However, it is also an enormous waste of energy. The miners are rewarded with
new bitcoins in the new blocks that for them.

Another concept central to blockchain, is that there are many nodes that are doing mining and validation
in parallel. This makes it a de-centralized and distributed activity. The “right” and acceptable result of
those blockchaining activities by the different nodes is determined by consensus. Typically, this is based
on “proof of work”. Hence, that’s why some people call it a distributed ledger with no central authority.
Other strategies use “proof of stake” or even “proof of authority”. This brings us away from the original
purpose of having no authority controlling it.

Similarly, then we also have the idea of private blockchains. Yet, in such an environment, there is at least
some sort of “private” consortium that has control over the nodes. And as “proof of work” with many
nodes participating in the consensus mechanism is costly and slow, the nodes are then often reduced to a
minimum. Private blockchains often also add access control layers to prevent public access to the
blockchain. Of course, with such access control layers, the real authority is related to the access control
policy and mechanisms. Thus, we end up with unnecessary complex “secure” (distributed) database for
electronic evidence. The reason must therefore be obvious why we will not consider that a real
blockchain solution anymore for this discussion. (Of course, any organization is free to call it what they
want. If it sounds better like that for them, if that makes it “sellable” inside to management, then fine.
Maybe it will even become a real valuable project for them.)

We have to note that there are many different blockchain variations and implementations, some offering
many additional features, like virtual machines to automate matching and settlement. For the sake of this
discussion, we will not assume them to be part of the central blockchain concept. Otherwise, soon,
everything can be called “the blockchain”, so what’s the use?

Because of the “success” of bitcoin in the media, blockchain has become a very popular hyped term.
Obviously many people want to ride this wave to make business and money with it.

Unfortunately, due to the vagueness of the concept, the hype and the fake news about blockchain, many
“managers” have concluded that they have to invest heavily in blockchain experimental projects.
However, this is often a “technology first, we will think of the actual business requirements later” type of
approach without an actual business case.

With a “requirements first” approach, the focus for many use cases would be elsewhere.

Doesn’t blockchain provide “security by design”?

It is a widely held belief that blockchain is “secure by design”, so what could go wrong?
As explained in the previous answers, the actual security feature in blockchain is protection of integrity of
data. Actually, it’s more a matter to make it impossible for forgeries to go undetected if validation is done
well. However, that’s basically everything.

There is no “security by design” in the central blockchain concept – though of course it is possible to add
other security technologies on top to complement this – in the following areas:

 Initial access and creation of transactions at the “client side”. Blockchain is an evidence
preservation method. It doesn’t describe the security of the client side where evidence creation
takes place (e.g. the secure creation of signatures). Moreover, this is actually one of the biggest
challenges in the internet for e-business (to use an old term). In fact, it’s the main reason why
most banks (of a minimum level of maturity) that have e-banking applications, supplement their
technical security to authenticate and sign transactions with several other layers of risk
avoidance, limitation, detection, insurance etc. Please also refer to the part discussing the
security of wallets and bitcoin / altcoin exchanges.
 The lacking of an official party to monitor (suspicious) transactions and to rectify them. Once
something is written in the blockchain (even a fraudulent transaction), it is there to stay. And,
there is – by design – no (central) authority to police it.
 Confidentiality protection. Except for the use of hashing, there is no intrinsic confidentiality
protecting strategy or security controls.
 Protection of personal data. If any personal data (and this includes pseudonym data as well as
personal identifiable data by means of patterns!) is written into the public blockchain, it’s in
principle public.
 Non-repudiation. In some cases the ability to prove beyond reasonable doubt (e.g. in court) that
a transaction was made by a certain party, even if denied by that party can become important.
This is not part of the current blockchain security, or in a very limited way only. There is no
binding between public keys and certified vetted entities.
 Availability of data. Because there are several nodes holding a copy of the blockchain, it’s
considered that the blockchain is not subject to availability concerns. This is an
oversimplification. The following threats exist:
o Denial of service attacks on the blockchain / bitcoin / altcoin networks
o If a cryptocurrency becomes so successful that it has become systemic, large and
powerful malicious parties can have a concerted attack at all the nodes at once to
“destroy” the availability of the blockchain data. When enough Byzantine generals (refer
to the Byzantine generals problem) become corrupted and unreliable, the blockchain
becomes unreliable too. There is no “general” strategy on limiting access to the bitcoin
blockchain as it is public.
 In limited node environments, or environments with no pure “Proof of Work”,
this can become more problematic
o (Concerted) attacks on exchanges and wallets

The above are examples of areas where security is missing or weak. They are not exhaustive. I would
expect anyone getting into this field to do a thorough risk analysis. Then again, from what I’ve seen, I can
imagine several companies and organizations doing this in a negligent way – even big and famous ones.

So what about the (security of) integrity of the blockchain itself?


It is quite robust. Hash lists are extremely difficult (if not impossible) to forge, currently. But it depends! It
depends on:

 The hashing algorithm used (and the future devaluation of it). E.g. SHA2 is the current method,
but it’s predecessors are already considered unsuitable for many use cases now.
 The advances in cryptanalysis
 The advances in quantum computing
 The intrinsic weaknesses in Public Key Cryptography, including the weaknesses of imperfect
randomness, and new guessing strategies to find matching private keys to the exposed public
keys. For this reason, other types of digital signatures, based on hashing only, such as (Leslie)
Lamport signatures have been proposed. However, this is currently only theoretical.
 Concerted substitution attacks on a majority of nodes with a higher proof of work
 Concerted substitution attacks on a large set of exchanges and/or wallets, by exploiting a
common vulnerability

The above list is not exhaustive. The general message is that even the integrity protection offered by
bockchain is not absolute. For a solution that should exists for decades (or is it just a fad of the day?) this
is something that shouldn’t be overlooked.

For what (other) uses can the blockchain concept be used?

Any kind of electronic evidence could be stored in such a blockchain. This includes electronic contracts,
electronic land titles, audit logs of accesses to medical records … You can think of many use cases. With
additional features like scripting engines and virtual machines, use cases like “smart contracts” can also
be implemented. However, this should not be considered as a real general blockchain property, but a
specific add-on of a certain platform that uses blockchain.

Which elements make blockchain problematic?

It can remove the focus from where it needs to be. As the illusion exists that blockchain is “secure”, the
real threats and risks can be overlooked.

If we take the “nonce calculation” and the “proof of work” as intrinsic parts of blockchain, then we can
also say that blockchain is inefficient, slow, costly, and unnecessarily overcomplicated.

Because it is a big hype followed by a huge herd of “business leaders”, it may become difficult to raise
critical but necessary questions.
Are there any alternatives for blockchain use cases?

Yes. And they exist since long before the blockchain. All the basic constructs, the public key cryptography,
the secure hashing, the hash trees and lists, the digital signatures, the timestamps, the evidence records
systems, the redundant re-timestamping schemes, the hashcash methods, the secure elements, the
hardware key protection technologies… and the redundant trust service providers, all existed before.

They can be used for much simpler, faster, more economical, more robust, more secure, and more useful
constructs – including electronic evidence creation, validation, and (long-term) preservation.

Why didn’t that happen before?

Actually, it did happen before. Take a look at the European “eIADS regulation” and all the standards and
norms (in the area of technology, security, compliance, certification …) and the businesses around it.

It can be said that this is not a big success as relatively few people are talking about it, and not so many
business are investing in it (yet).

The blockchain hype has the main advantage that the enormous marketing machine behind it is driven by
the bitcoin (and altcoin) news that we receive daily. Bitcoin makes millions of people blink with Dollar
signs or Euro signs in their eyes. There is no better honeypot.

Furthermore, the European “eIADS regulation” is a typical legalistic approach, very slow and political,
with limited business drive behind it.

Why the majority of private businesses and the public sector is not focusing on business process
optimization, automation and digitalization of (paper) documents is a question to ask. It’s not a matter of
technology. The challenges are cultural, in microeconomics, in organization and leadership, in (office)
politics, in mentality.

How do cryptocurrencies compare with classical fiat currencies?

They are not guaranteed by a state. They are not issued by a central bank. They are not controlled or
regulated.

Taking bitcoin as example, as the number of bitcoin is fixed and limited, it is not possible to change the
total volume. However, it is possible to fork and creating new chains of coins. It is also possible to create
an infinite number of altcoins.

How is the value of a cryptocurrency (e.g. bitcoin) determined?

It is determined purely by supply and demand, currently. There is no intrinsic value.

Can it be manipulated?

Yes, certainly. As the market is unregulated and happens via a limited number of exchanges, obviously
this can be manipulated. Furthermore, a large amount of bitcoin is owned by a few people. We know of
many scenarios how they can play the market.

Next to that, (relative) anonymity and manipulation of exchanges and wallets can also be used to
manipulate the market value.
Which elements make cryptocurrency problematic?

Of course, it depends on how you stand on it, but lack of ability to apply macroeconomic controls, like
increasing or decreasing money supply to combat (hyper-) inflation, (hyper-) deflation, demand-supply
imbalances, lack of investment in businesses, unemployment, excessive debts etc. may be one of the first
main problems with cryptocurrencies like bitcoin.

The proponents see a big evil in macroeconomics and believe (silently) that some kind of return to the
gold standard (but then without the gold) would solve many problems. This, of course, is dubious. There
are reasons why the gold standard was abandoned. In addition during the times of gold or silver
standards etc. there were also plenty of financial crises. The general problems of bad investments,
speculation, toxic debts, environmental problems are unrelated to whether fiat currency is used or not.
The bitcoin speculation, ironically, illustrates that.

The second major issue is the fact that currently bitcoin and altcoin behaves like anything but a currency.
The majority of interest is in speculation, creating something that is probably a bubble.

The volatility makes bitcoin unsuitable as a currency.

Next to that, there are many other concerns such as lack of control to avoid tax crimes, money
laundering, funding of terrorism etc.

Will it ever reach stability or remain just a speculative bubble?

Nobody – I repeat nobody – has a crystal ball to predict the future. Please (regardless where you stand on
this) remember this.

Still there are reasons to expect that the value of bitcoin won’t settle and thus it will remain unsuitable as
a currency:

 The majority of businesses (and especially the smaller ones that play a role in our daily life) will
only invest in bitcoin terminals or accepting it as a payment method if both :
o There are enough people using it
o The value is relatively stable.
 The growing interest in bitcoin is mostly in speculation. This has an adverse effect on the use as a
currency. If for a certain amount of bitcoin you can buy a coffee today, you are not going to spend
it if you think it might be worth a car a few weeks later.
 If the value starts going down again, many of the people that are into bitcoin (for speculation)
will start selling it again. This makes the value even more volatile and the actual use as currency
smaller again.
 Even if it goes up again afterwards, who can say what it’s fair value is supposed to be? This
actually depends on the volume (and value) of goods and services that are traded in bitcoin (or
altcoins) and thus what those coins actually represent in the real economy.
 For the value to become stable an external party (like a government) may be needed to set a
“fair” starting value, e.g. by defining how much tax you have to pay in bitcoin, or to set a rate of a
minimum wage, or to set the minimum price of a commodity like gasoline. However, this
government interference is exactly what “idealist” bitcoin fans don’t want. So if that happens,
why would they stay in the scheme? And then, what’s the whole of point of having
cryptocurrencies?
 As transaction costs for bitcoin are high and the protocol works slowly with a long delay, there is
no incentive to use this as a payment channel.

But now even the JP Morgan CEO has retracted his negative stance on bitcoin / blockchain, so surely
you must be mistaken?

While this news has been twisted by some media sites, the actual message is that bitcoin is problematic,
as even if it would become very big, governments are bound to interfere. Even at the time of writing,
South Korea is imposing limitations.

What cryptocurrencies are concerned, that CEO seems to suggest that the future will be state controlled
cryptocurrencies. But actually, as most of our current money is already electronic, this may just be a
slight technical changes.

What that CEO says is that “blockchain” is real. That’s all. Even that doesn’t say much. It could mean that
there are better, more efficient ways to transfer money, do settlements and keep ledgers than the current
methods. That is certainly true.

Even as big investment banks become interested in bitcoin and altcoin, it’s not necessarily a good sign
(for those cryptocurrencies). In fact, I would not consider it a good sign, actually not at all, if big
investment banks start offering (hedge) funds with cryptocurrencies, start futures betting on it, or
support ICOs. It’s the making of another huge bubble, which can result in another crisis.

Some people are clearly big fans of (certain) cryptocurrencies. Who are they?

 Idealist libertarians / anarchists: They believe that the government(s) and (central) banks are evil.
Some also see a big conspiracy in fiat money. Their view is that bitcoin / altcoin will solve the
problems we have been facing with the regular financial crises.
 Crypto nerds: They think it’s super cool to use bitcoin / altcoin to pay for their coffees at the
software company campuses. Some may also have a limited understanding of basic economics
and finance, believing that bitcoins actually have an intrinsic value.
 Schemers: They are in it for the money. Big money. They have already a large share of the
bitcoins and hope to see the value rise more and more. In addition, there are no better
prophesies than the self-fulfilling prophecies. More articles and adds please! They might even
sponsor those. It’s a good investment from their perspective.
 Late gamblers: They are also gambling on it, hoping to get rich quickly, or to have a nice bonus to
spend on their addictions, or they do it simply for fun. Those with a biggest financial interest in it,
frantically hope that the values will continue to rise. They are the most fanatic supporters
because of that.
 Know-nothing herds: They have no idea what’s it all about but after reading the spectacular news
about massive gains, they are afraid that they will miss out. They might buy some (more) coins
soon.
 Sellers: They are the wallet software vendors, the vendors of hardware key tokens, the service
providers of on-line wallets, bitcoin exchanges (and their software platforms), specialized ASIC
chips … Obviously, they have an interest in the growth of bitcoin / altcoin business. Like in all
sales, perception is more important than reality.
 Miners: They also do it for the money. They hope that their big investment in computer
equipment, datacenters and enormous energy wastes will pay off for them.
 Programmers: They implement certain cryptocurrency schemes in a blockchain platforms. They
have a job interest in the success of their implementation and are often emotionally tied to it
too.
 Casino investment banks: Those are the type of financial institutions that are open to any kind of
scheme to make money and to fill their pockets with huge bonuses. They “invent” complex
financial products like CDS or other derivatives. They might also run hedge funds. They are not
afraid of toxic debts because they are “too big to fail” or if they do, they will be out in time. Lately
they also have a growing interest in bitcoin / altcoin. Another way to attract money and set up
schemes to bet on it. They already have futures gambling on a bitcoin. A second degree of
speculation. Soon they will use the general public’s household savings, and naïve / corrupt
governments to help inflate the bubble.

Some people are clearly big fans of (certain) blockchain implementations. Who are they?

Obviously, you will find the similar profiles as those mentioned in the previous answer. In addition, you
have:

 Small blockchain businesses: they are developing blockchain platforms, applications, scripts etc.
They may also provide services. Obviously, they stand to benefit from the hype. It could even be
that it is their lifeblood.
 Large vendors jumping on the bandwagon: they are the usual big software (service) vendors that
want to opportunistically make a profit from it all. They offer the private blockchain in their
cloud. Yes, they also sell the platforms for it.
 Latecomers in applied cryptography: They might think that the blockchain is very innovative and
the best out there to provide electronic evidence creation, validation and preservation methods
– regardless of the use cases.
 CEOs and other C-suite people following the flow: It is difficult, and takes courage and
intelligence, to go against the flow. So maybe many of those people will enthusiastically follow
suit, even if they don’t see the business case or actual business requirements and the real
benefits yet.

Which elements make cryptocurrency / blockchain a useful concept?

Certainly, the idea that many of the activities and processes in finance (and other sectors, private and
public) related to making transactions, payments and settlements can be more automated with less
manual intervention and thus with less cost and more agility, is a very positive idea.

Let’s not forget that these sectors have been quite conservative and even backwards for quite some time.
The better use of cryptography to support automation and better security has been largely ignored for
decades.

So it might all lead to more efficient electronic evidence creation, validation and preservation methods.