What misconceptions do people have about the security of Bitcoin?

Source | Medium

Translation | First.VIP

 

This article takes merchants unwilling to accept Bitcoin as an entry point, and outlines the security of Bitcoin from a singular perspective.

Although I have been in contact with Bitcoin for several years, and have publicly expressed my support for the concept and potential of Bitcoin, in fact, Bitcoin has security issues like any other financial system.

Many people may not think about the security of Bitcoin, or the security problem of Bitcoin does not exist in Bitcoin itself.

Security of the Bitcoin network

Recently, I bought a mobile phone case for about 10 pounds in a store. The credit card machine could not be used during payment. I had no choice but to pay by cash. I asked the merchant if he accepts Bitcoin, and the owner's response surprised me.

Although I often ask this question, no merchant has expressed willingness to accept Bitcoin payment. So I usually use a Visa card when buying goods or services. Today, due to the failure of the credit card machine, Visa cannot be used for payment.

Of course, the answer I usually get is "What is Bitcoin?" "This also shows that there is still a long way to go before Bitcoin's global popularity and large-scale adoption, but the reason why today's stores do not support Bitcoin payment It turned out to be because he "does not trust Bitcoin".

Interestingly, I think he may know bitcoin very well, and he knows something unknown, otherwise why doesn't he accept bitcoin payment?

Later, I learned that the owner ’s "distrust" originated from mainstream media reports, and he believed that Bitcoin would be "stolen by hackers", so he did not accept "easy-to-stolen Bitcoin" as a payment method.

However, in fact, Bitcoin itself has never been hacked, and it has never happened in its 11-year history. Without a doubt, this is one of the most secure networks ever designed by humans. Because Bitcoin operates without any human intervention, people cannot trust financial transactions to any degree. The large fines that banks have been forced to pay over the years are the best proof.

That is to say, in theory, there is a possibility that the Bitcoin network can be hacked, but the probability is very small, and it is difficult to do. Even the probability of your lottery ticket every week is greater than the probability of the Bitcoin network being attacked.

 

The theoretical premise of Bitcoin network attack is:

If a group of miners collectively own more than 51% of the hash power, they can jointly destroy the blockchain and perform a hard fork. Other miners in the entire network will accept the fork, which is the so-called "51% hash power attack." .

This approach works because other "honest" minority miners automatically accept this new block created as the running main chain.

However, this attack will not affect the security of the private key and the signature algorithm, nor will the token be stolen, double spent, or rolled back, nor will it alter past transactions or ownership records in any way. It can only affect a few new blocks or change the direction of new blocks at most. This is the uniqueness of the network that cannot be tampered with.

This will only affect the attacker's own transactions, as they still need to use the private key to spend them. For example, an attacker uses Bitcoin to purchase an expensive product, then immediately launches an attack and cancels the transaction, thereby obtaining the product and the equivalent amount of Bitcoin (ie, a double-spend attack). But it must be completed within the confirmation time of 6 blocks, otherwise it will be almost irreversible even with all the existing computing power.

In fact, with the increase of computing power, it is difficult for even large mining pools to launch 51% computing power attacks. The only possibility is through a well-funded and fully synchronized covert attack (this may be a national power). However, if motivated by economic benefits, it would be much easier to break into existing banking systems.

In addition, according to historical average data, the computing power to support the Bitcoin network is increasing, which means that the threshold for successful 51% attacks is also increasing. This also requires these miners to take action against their own interests, because any block reward will not be recognized by the "correct" blockchain.

This design model is perfect, I don't have to worry about a £ 10 mobile phone case transaction being attacked, and other people on the network don't need to worry about their transaction being attacked.

 

Unreliability of transactions

What about the "bitcoin theft" we often see in the news?

This is an example of how authors often use the wrong words in the press. Similarly, there are no "computer errors" and no "bitcoin hacks", so the situation described above is unlikely to occur.

The problem is actually that closed, reliable ecosystems are intertwined with human open, unreliable worlds. As you can see, we may lose or steal cash due to improper storage.

Even though the Bitcoin network itself is sufficiently secure, many exchange hacking incidents have occurred, such as the theft of major customer accounts on the Bitcoin exchange. Some of them caused the exchange to fail to repay its customers' debt and went bankrupt. However, it seems that adequate security measures can avoid hacking.

Of course, banks have spent centuries improving their security, and they need a certain level of security to maintain our trust and continue to use it. Even so, they are not immune to hacking and deception. Since Bitcoin is still young, everyone including the exchange is still learning. That's why so many Bitcoin users always say, "Putting coins on an exchange is not your private key, it's about equal to or not your bitcoin."

In other words, if you accidentally keep your private key, hackers will be happy to help you keep it. Once stolen, you can only watch your Bitcoin move from one wallet to another on the blockchain. You can't get it back.

Nowadays, many exchanges provide compensation funds, and companies such as Bakkt have also launched new, ultra-secure storage services to dispel the doubts of institutional investors.

Is this enough?

 

Human Factors

Just as we humans still lose cash even after centuries of habit, we will lose Bitcoin.

I'm not talking about millions of bitcoins lost forever due to carelessness (although this is a factor), I'm talking about theft.

There are two parts here, which I call "voluntary" and "involuntary" mistakes.

A "voluntary" security breach is when people insist on giving their private key to a suspicious company on the Internet in exchange for a promise that is too good to be fulfilled. The crypto world is still a world similar to the Wild West, where scammers, scams and scams take advantage of the relative anonymity of the Internet and operate outside the scope of the law.

Over time, this will become a small problem, but now it can be easily avoided with a simple reminder: Never give your private key to anyone. It's like giving your debit card and password to a completely stranger. Rarely can there be good results.

As long as there are bad people in the world, this kind of security vulnerability problem will never disappear.

 

Think of it this way:

In the past, stealing a car was easy. You can break into the door and just drive the engine and you can drive away. Over time, alert systems have made it harder for the best thieves, but not impossible. Later, when new technology was introduced to remotely unlock using unpredictable code, it was impossible for almost everyone except the smartest thief to steal a car.

Does this mean that the problem is solved forever? of course not. It just moved the problem elsewhere.

What would you do if you wanted to steal a car and it was difficult to fool the security system? The easiest solution is to steal the keys. As a result, the thieves turned into the door or ransomed the ransom to obtain the keys. This was something no one would do a decade or two ago.

The same goes for Bitcoin keys. Since they cannot be destroyed and the network cannot be (easily) manipulated, the only answer to a thief who has not managed to trick the Bitcoin owner's private key through "voluntary" means is to have no choice but to be forced under the threat of torture or severe violence Take out the key.

This has happened, and some people have even been killed for the Bitcoin key. Of course, this situation has always happened in one form or another. How many times have we heard disgusting news reports that someone was tied or threatened for a secure password? It's no different.

 

Where will Bitcoin go from here?

In terms of network security, we can almost completely worry about consensus attacks, at least for the foreseeable future. From this perspective, our phone case dealers should not trust it.

However, as far as I know, when dealing with bad guys, we haven't solved any of the problems in terms of security. You can only surrender your Bitcoin key when threatened by violence, just like you surrender a secure password. To make matters worse, there is no real way to bypass it now or in the future.

But does that mean we don't use cash to keep ourselves from being targeted? On this basis, since Bitcoin is a liquid currency, should we also extend it to Bitcoin? Of course not. In fact, the breakthrough of hardware wallet solutions means that in this case, you can better store your Bitcoins.

So, the next time you face a "trust" objection from non-Bitcoin users, remind them that the Bitcoin network is much safer than anything the banking system currently offers.

On the other hand, they themselves may be the weakest link in the entire chain.

original:

https://medium.com/original-crypto-guy/does-bitcoin-solve-all-our-security-concerns-780ef0e26dc5 Draft source (translation): https://first.vip/shareNews?id=2641&uid=1