The recent Pentagon study finds some troubling vulnerabilities in blockchain technology that cast doubt on its decentralized nature. The Pentagon’s study states that blockchain technology also has drawbacks, even with the increasing adoption of cryptocurrency.
The report titled “Are Blockchains Decentralized?” published June 21, states that “a certain cult of participants can gain excessive, centralized control over the entire system.”
The investigation was conducted by the security research firm Trail of Bits overseen by the Pentagon’s Defense Advanced Research Projects Agency (DARPA) and focuses on Bitcoin (BTC) and Ethereum (ETH).
“The number of entities sufficient to disrupt a blockchain is relatively low: four for Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.”
The report states:
Pentagon Report Questions the Decentralized Nature of Blockchain
The report highlights that of total bitcoin traffic, “60% of it goes through three ISPs.” In addition, the report mentioned that several Bitcoin nodes do not participate in mining. “These node operators are not explicitly penalized for dishonesty.”
The Pentagon also reported warnings of a Sybil attack that could disrupt the entire blockchain network. A Sybil attack occurs when an attacker inundates the blockchain network with malicious nodes controlled by a single entity or person. The report also states that the network could be exposed to attacks due to outdated and unencrypted protocols. According to Trail of Bits, Ethereum can be disrupted by only two entities, while Bitcoin can be disrupted by only four and most PoS networks by less than a dozen.
“The security of a blockchain depends on the security of the software and protocols of its off-chain governance or consensus mechanisms.”
The report goes into detail about each finding, stating that Stratum, the standard protocol for coordinating the blockchain mining pool, is unverified and unencrypted.
“In order to optimally distribute a blockchain, there must be so-called Sybil costs. There is currently no known way to implement Sybil fees in a permissionless blockchain like Bitcoin or Ethereum without using a central trusted third party (TTP).”
The report stated:
The report emphasizes that to achieve true decentralization, a system must be discovered to enforce Sybil charges without a trusted third party. According to the report, Tor is Bitcoin’s largest network provider, followed by a network provider called AS24940 from Germany. Notably, 21% of Bitcoin nodes are running an older version that turns out to be vulnerable by June 2021.