Modern digital currency mostly seem to revolve around a construct called a blockchain, which – by design – is a (mostly!) append-only distributed database that is intended to keeps all the transactions for all time. Blockchains use strong cryptographic methods to ensure its integrity and fidelity, and is typically decentralized, meaning that the entire chain is distributed in close-to-real-time fashion over the Internet to all computers that are using or watching a given currency. I wanted to go over some simple attacks that seem troubling to me… and while this may well be old news to everybody, I didn’t see much on it, so….
I’m thinking data attacks, because you can insert arbitrary data into a blockchain. And while there are many different types of data attacks possible, the two I’ll discuss involve either injecting illegal data into the chain (this is explicitly called out, but dismissed in Bitcoin’s wiki), or inserting data that one or more parties do not want exposed.
Bitcoin, Ethereum, and others allow arbitrary data to be stored into their blockchains; most don’t see this as a threat. Bitcoin only allows 80 bytes per transaction of arbitrary data (longer data streams could be put into multiple transactions), but others like Ethereum have upped the ante and made it even easier to insert content into the blockchain (I’m not sure if there’s much of a real limit in Ethereum but certainly 10’s of K’s of data is simple to do; the Mist GUI even allows you to copy and paste data in when doing the transaction.)
This isn’t new – there was a terrific bit written about this stuff some time ago that talks of some of the content stored in Bitcoin’s blockchain at the time, and there is surely more. And indeed, storing data seems to be one of the big selling points of the new digital currencies, and folks have been abuzz about the possibilities about storing content, contracts, and the like.
So the basic attack looks like:
- Create one or more transactions that stuff data into the chain; unless you want others to immediately detect and possibly act upon the data it’s probably a good idea to encrypt it.
- Optional: wait a length of time to allow the data to become seriously embedded into the blockchain (and more difficult to remove.)
How could one profit here? Some scenarios.
Let’s say someone with Bad Intent might look at this situation and have a dark light bulb go off. They could store encrypted child pornography in the blockchain and share the keys with other bad folks, and that group of miscreants would have an eternal source of child pornography from any computer. It can be accessed from anywhere, and you don’t have to store anything on your local computer, heck, stream the pernicious data from the ‘chain. That doesn’t seem ideal.
While I don’t think the blockchain was designed for it, but it sure seems like it’s a haven for a near-immutable store of child porn; certainly allowing arbitrary content into a distributed and nearly immutable storage system can have some drawbacks (and really: this is only an observation, not a suggestion, as I personally find such content and the adults dealing with it beyond reprehensible.)
Or perhaps you associate or entwine some Kitteh Pr0wn content with a legitimate, substantial financial transaction (perhaps either embedded in a transaction itself or created in a same block in a chain), so that if the data is removed the transaction might also be invalidated.
After a few months, or a few years, it seems like that data is going to be really difficult to remove.
If the child pornography is ever discovered the blockchains that contain is will presumably have to be quickly and retroactively changed, either by the currency communities or a government or other powerful entity stomping on things. But the blockchain must be changed or people will get into serious trouble.
This is because Bitcoin et al have that interesting design feature – everyone has a full copy of the blockchain on their computer – so now by using Bitcoin, you’ve got a stash of child pornography on your computer. It’s not only illegal, it’s a very emotional topic, and currency isn’t valued on sane, rational analytics. If someone pins a negative association on something it is trouble.
And if you know about the content, it’s not clear to me that you could legally keep that blockchain on your computer in any country on the planet (law enforcement would presumably take an extremely dim look at you and your computer’s hard drive); but if not then how do you use Bitcoin?
Even if steps were taken the old data won’t magically disappear; those desiring the bad blockchain could continue to fork off their own copy of it. Indeed, one could run one’s own Kitteh Pr0wn currency that is very inexpensive to make transactions and store data with, as the technologies that implement digital currencies are largely open source and freely available.
Don’t think you have to be an expert to do any of this, by the way – the encryption, storage, decryption, and the like – are very, simple (well, they should be! To be fair I found the evolving standards, APIs, and documentation to not make things easy, but I think that relying on poorly understood systems to save us isn’t a good answer ;)); I’ve written simple proof-o-concept programs that encrypt arbitrary data and stuffs it into one or more transactions for Bitcoin and Ethereum (other Digital currencies left as an exercise for the reader.)
Another type of misuse is stuffing unwanted data in the blockchain. The so-called revenge porn phenomena is yet another way to use technology to abuse people. At times you can try to cease and desist or other methods to remove such content but good luck trying to nuke it from a blockchain.
Blackmail can also be achieved by putting unwanted information into a blockchain and sending your victim (or simply threatening, or…) the location and the decryption key needed to disclose. The victim has to pay or the key will be released… and it will always be over their head, a virtual sword of Damocles.
Presumably most wouldn’t want to be associated with posting Kitteh Pr0n, and while the current crop of blockchains don’t generally provide any sort of anonymity, but it’s often hard to figure out who made transactions, and one can go do a fairly reasonable job by exercising caution. There is definitely interest in providing anonymity; zcash and other currencies are designed to provide this. Obviously being able to store arbitrary content anonymously is an even bigger win for the enemy.
Cost could be an issue (Bitcoin transactions in particular is pricey at this time, and being only able to store 80 bytes per transaction…), but I think that there are a number of sick bleeps who could easily afford it – or the transaction they wish to poison is of sufficient cost. But many want to drive down costs of transactions because of the potential positive utility in storing data in the blockchain, so I don’t think this will ever be a show stopper.
And I hate to even think about this, but how big or detailed an image or media file have to be to be legally classified as child pornography? 5k? 10k? 100k? Would XKCD-styled stick figured images of kids and pornography be classified as porn?
But surely it’s not too pricey to poison a single transaction of very high value. It only takes a single image to make a data base stored in it to be a crime, but more than that it’s a highly emotionally charged topic.
Anyway, this is all something to be considered as we move forward with blockchains… there is always someone wanting to gum up the works and make magic into something tawdry and human.
The programs I wrote were technically very simple – I took a set of tiny kitten pictures and used a one-time pad to encrypt them in sequence (it’d be even easier to use some encryption algorithm like AES/DES/whatever, along with a key of sufficient size to safeguard your data; I was simply in the mood to write a one time pad algorithm.)
I then inserted this set of encrypted kitten images to the Bitcoin and Ethereum blockchains.
 Gideon Greenspan wrote that in some situations an agent with government-sized pocket books or resources could blow away data they didn’t want in a blockchain. This would presumably come at the cost of destabilizing trust in a currency, for not surprisingly people like money given to them for goods, favors, services, and the like to actually stay theirs, not be destroyed by a 3rd party.
 According to the wiki: “it is illegal in some countries to possess/distribute certain kinds of data. Since arbitrary data can be included in Bitcoin transactions, and full Bitcoin nodes must normally have a copy of all unspent transactions, this could cause legal problems. However, Local node policy generally doesn’t permit arbitrary data (transactions attempting to embed data re non-standard), but steganographic embedding can still be used though this generally limits storage to small amounts. Various ideas have been proposed to further limit datastorage in the UTXO set but are not currently being seriously considered for deployment.”
 I’m sure it’s out there (and don’t send me any), but I just thought… ASCII child pornography. I’ve certainly lost my appetite. Is there anything people won’t do?