In my review of cryptocurrencies, I mentioned that Bitcoin Cash offers "relatively less security compared to Bitcoin".
What did I mean by that?
What are the various kinds of security that a cryptocurrency offers? How to enhance them and avoid compromising them?
I will address the following questions:
"cryptocurrency" by stockcatalog is licensed under CC BY 2.0
What does security mean in a cryptocurrency?
Among the disadvantages of cryptocurrencies (mentioned here), there are security risks, and they come in many flavors.
The concept of security is only useful against specific risks.
Securing a piece of information is called "Operations Security", or OpSec, and it involves thinking about who could or would like to find out that information, and how to prevent them.
Security against unknown risks is much harder to think about. You could enumerate many risks, but there's no guarantee that you'll think of the one that occurs.
This is the risk that the person you're dealing with does not fulfill their end of the deal. Say, you send them your Dogecoin, but they don't send you the product you're buying. This is a form of fraud.
This can be mitigated by:
- Trading with people you trust
- Trading with people you have repeat business with (so their interest is not to end the profitable relationship)
- Breaking up a trade in small pieces (so that you only lose a small amount if the counterparty decides to defraud you)
- Making sure both parties understand the deal clearly before anything changes hands
- Using the services of a trusted mediator or arbiter
- For example, the Bisq decentralized exchange offers decentralized dispute resolution. The arbiter used to have the power to settle a transaction, but not anymore, because of collusion. As of now, in the case of a misunderstanding, the traders will have their transaction locked until they can agree who pays how much.
Private key security
This is, perhaps, the riskiest part of owning a cryptocurrency. People have lost a lot of cryptocurrency.
Your private key is your password for spending your funds. Many wallet programs show you an ordered list of words ("passphrase") when creating a wallet. This is functionally equivalent to a cryptographic private key.
- If you lose your private key, you will not be able to spend your currency. This is by design, to avoid requiring trust in third-parties. Mitigation:
- Backing up your private key in multiple safe physical locations (consider floods, fires, even temperature and humidity spoiling your paper)
- Trusting a third-party via a multisig (but this is riskier and more complicated in my opinion).
- If someone else finds your private key, they are able to spend your funds.
- Keep your private key hidden at all times and do not send it anywhere. Note that taking a photo with a phone usually sends it to Google or Apple, and your data security is in their hands.
- Keep the computer you use firewalled, exposed as little as possible to the Internet and to USB devices from strangers, and only visit sites and download software you trust. Computer security is complex - do not store funds you can't afford to lose if you can't figure out attack surfaces.
- Use an offline password manager; I can recommend KeePassXC.
- Keeping your money on an exchange is equivalent to letting the exchange have the private key (and you not having it). This defeats the purpose of owning cryptocurrencies. Withdraw from the exchange after trading. Learn more here.
- Keeping your money in a closed-source wallet is equivalent to letting the developer have the private key. In the particular case of Jaxx, it also used to let any other program read your private key.
- Even keeping your money on an open-source web-based wallet is riskier when the server is not on your machine.
- Even using an open-source wallet has risks. Make sure not to expose the RPC ports you're using to attackers..
When holding significant funds that would hurt you if lost, you may want to have a hardware wallet like Trezor or Ledger, or perhaps a dedicated, always-offline computer to transact using (even with the network card removed). If you are in this situation, read about the Glacier protocol, learn about the motivations behind every step, and consider following its steps.
Private computer security
Some malware gets around being unable to fish for your private key by replacing the address to send money in the clipboard with a similar-looking one from the attacker. Always double-check the address before hitting "send".
Other malware logs your keys and eventually might learn your password.
Learn how your wallet stores the keys (it is not just the passphrase in a file), and make sure they are encrypted with a password.
Consider a hardware wallet (though I am not very comfortable with that device having update capabilities, nor do I trust the cryptographic security of its random number generator - I used dice, albeit not casino-grade as the Glacier protocol suggests).
After you're reasonably secure locally, there comes another dimension of risk, that in the cryptocurrency system itself.
Many cryptocurrencies work via proof-of-work, which is a mechanism for offering an incentive for processing transactions, and for avoiding double-spending. I will present how to mitigate the double-spending risk step by step.
In order to have a "permanent" transaction, it has to be included in a block with enough "confirmations". The block with the most "work" proven behind it will be the one people and systems will trust.
"Work" means hashing - the amount of cryptographic puzzles of a specific difficulty you solve. "Power" means hashes per second - or speed of work. This analogous to the definition in Physics.
In order to perform a double-spend attack, you must:
- Start mining a hidden chain with majority hash power (at least 51% of your and the public chain's combined powers).
- In your hidden chain, move some money to another address of your own.
- In public, send money to your victim, and wait for the victim to accept the validated transaction and send you whatever you are buying.
- After receiving the bought product, publish your hidden chain.
Your chain should be longer than the old public one, since you had 51% of power, which is more than the rest of the network. This means the transaction to your victim is now part of a chain containing less work, and it will be abandoned. Your transaction in the freshly-published chain sending money to yourself will be accepted instead.
Why don't people do this all the time? Find out next.
How to quantify this security?
The cost of overpowering the entire network is easily calculable, for example:
- based on hash rate, power usage, and electricity price
- based on the cost of renting computing power for a 51% attack, which is what Crypto51 does.
As you can see, an attacker would only find it profitable to perform such an attack when they could gain more than the cost of the attack.
If you wait more than an hour after receiving $432000 in Bitcoin in order to accept that payment, and there is no blockchain reorganization, you should be safe to give the buyer their product - if the attacker only targeted one person.
It would still be profitable for a centralized attacker to target multiple people at the same time. So, if an attacker could simultaneously double-spend on 1000 users, they would only need to make $432 from each user.
But such coordination could only be pulled off by big actors, and it might be against their interests, since such an attack would surely make the news and the big actor might be legally punished.
One mitigation is to divide the rate by a security margin, say 10. This would imply that the doublespender buying from you is also attacking 9 other people. That way, to judge how fast you can receive funds, divide the Crypto51 rate by 10. That way, there is an organizational estimate of security, instead of just the proof-of-work cost.
Bitcoin's $432000/hr attack protection would become $43200/hr for being safely confirmed by a recipient.
This means a block every 10 minutes would cost $43200 / 6 = $7200. If you receive less than $7200, one blockchain confirmation should suffice in order to accept the payment.
In any case, you should wait for at least one blockchain confirmation if you do not trust the sender, and care about losing the money.
Another mitigation is to deal with people you trust, and who do not seem as part of an organization that could pull off such an attack. But who do you trust when dealing with such large amounts?
Is it worth paying the transaction fees to get the security?
Bitcoin may be quite secure in this respect, but it also has quite the transaction fees (roughly $0.63 at time of writing). This might make it impractical for microtransaction applications; but there is hope with the Lightning Network (a whole other article).
Let's look at Bitcoin, and its less-popular, but more-spacious cousin, Bitcoin Cash (ABC). I choose these two because they use the same hash algorithm, and the "difficulty" on the chart is proportional to the attack cost.
We compare how much difficulty backs the network vs. how much fees are paid to the miners.
- $458027 in fees per day
- 15784G difficulty units
- $97 in fees per day
- 389G difficulty units
A difficulty unit is equivalent to "around 7 Mhashes per second."
So, Bitcoin's security costs $458027 / 15784 = ~$29.02 per Gdiff. unit, while Bitcoin Cash's costs $97 / 389 = ~$0.25.
This means Bitcoin Cash offers more "bang-for-your-buck"; but it does not have a security as strict as Bitcoin's.
As you can see, when not many transactions are competing for Bitcoin Cash's more spacious blocks, the cost of operating the network is much smaller, and fewer miners will secure the network.
If you can live with the network requiring an attacker to make $9,839/hr from victims in order to keep staying profitable, then Bitcoin Cash may be for you. There has probably been a double-spend attack on Bitcoin Cash in May 2019..
If you require more security than $983/hour (at the moment of writing, considering the 10-victim coefficient), then you might want to use Bitcoin or Ethereum.
Beware of much-lower-hash-rate coins. For example, a double-spend on Bitcoin Gold only costs $305, in spite of it having a market cap of $156 million. Dividing by our coefficient again, this means a safe rate to receive would be around $30/hr.
Non proof-of-work currencies
My analysis of systemic security only applies to coins using Proof of Work.
I am not knowledgeable enough to evaluate the security of Proof-of-Stake currencies in any way. Also, I do not trust what I don't understand. If you find any article explaining proof-of-stake to the same level of clarity, please share it.
I hope you now have a clearer picture of cryptocurrencies and the risks of using them. You might still find their benefits worth it, as I do.
Remember: not your keys, not your coins.
Have fun and enjoy responsibly!