Let's Stop Pretending a Blockchain Can Be 'Private'
By Lior Lamesh, CEO and Co-Founder of GK8
All animals are equal, but some are more equal than others, pigs famously asserted in George Orwell’s Animal Farm. Had they been into blockchain design by some chance, they would probably have swapped “animals” for “nodes” in that, and there we go, the whitepaper is done. Conceptually, this would not have been too far from the core premise behind the so-called private blockchains, and I am sure the end result would have been as secure and stable as the animal-run farm.
Private blockchains, also known as permissioned chains, share most of the core design tenets with their public counterparts. They also store data across multiple nodes in blocks linked through hashes, relying on a given consensus mechanism to make sure the nodes can update their local data in sync. The main difference is in who decides who can plug and play.
With a public chain, anybody is welcome to set up a node and, if they choose so, take part in the mining process, whether it’s PoW or PoS. No matter how big your stake is or how much power your farm can dish out, nobody can take away your fundamental right to join the fray and compete for mining rewards. By the same account, anybody can access and review the entire database at any given time, at will.
With private chains, the rules are different—an entity (a centralized one, usually) decides who gets to set up nodes, who can add new blocks to the chain, and who can access the on-chain data. And even though most of the pieces in the puzzle are more or less the same, this small change has far-reaching consequences, most of which make the end result fundamentally vulnerable.
Most importantly, the presence of a controller deciding who can plug and play and “unplug” select users at will effectively creates a centralized bottleneck for the network’s entire consensus mechanism. And when one party holds so much sway over the state of the network, any decentralization walks out of the window—by design.
Blockchain’s got its own Achilles heel
One of the most key security principles, and not just in cybersecurity per se, is that a central point of failure is never good. With a public blockchain, the main central point of failure is the private key. Heard of all the crypto rendered unrecoverable due to a lost private key? How about all the cases of project developers running off with the money? Both are a testament to how much power the private key holds, whether in terms of signing transactions or even controlling supposedly decentralized DeFi protocols (and minting/burning of a CBDC or the crypto projects, or in Staking).
While blockchain in itself is secure, the institutional users holding private keys to billions-worth wallets involuntarily make up its Achilles heel. Their communications with the network, while legitimate in themselves, are a single point of failure which enables hackers to intercept their keys and withdraw the funds in their control with no way to reverse that. At a scale large enough, such breaches can bring down entire digital economies.
With blockchain-based apps, the frontend sometimes works as another centralized bottleneck, as it’s delivered to the user from a regular server. As an example, BadgerDAO recently lost millions in an attack that went after its frontend side. Other than these flaws, though, a public blockchain is indeed quite decentralized and resilient.
A private blockchain begs to differ as it adds another colossal central point of failure—its own controlling entity. In terms of data storage, blockchain’s main distinction is a lack of a central repository for a hacker to attack: Data is stored across thousands of nodes, and meddling with one of them changes nothing. When the chain is permissioned, though, you don’t need to go after nodes, as you can instead meddle with the authority that signs off the addition of new nodes and revokes the active ones. Sure, the authority, such as a national bank, will invest in defense, but at the end of the day, where there’s a will, there’s a way. National banks get hacked too.
Dangers of centralization
To a hacker with enough resources and determination, a central point of failure of this scale opens a whole new world of possibilities. After compromising the central authority, the attacker can quickly authorize an array of malicious nodes to mount what is known as a 51-percent attack on the network. From there, they can grant themselves tokens out of thin air, double-spend them, attack another blockchain through a bridge, or do something equally obnoxious.
Granted, Ethereum Classic, which is a public chain, not a private one, has been through multiple 51-percent attacks and is still alive, but that’s only because this many people spare it a thought in the first place. A better example is Axie Infinity’s Ronin chain, a quasi-private Ethereum sidechain, which was hit by a 51-percent attack with a price tag of some $600 million.
Ronin is actually a good example of the core issue with private chains. It relies on a Proof-of-Authority consensus mechanism, which is by design quite centralized and restrictive. As a result, at the moment of the hack, the network only had nine validator nodes, meaning the hackers had to compromise five targets to hit the jackpot. And they did, which took the company about a week to notice. For comparison, Ethereum’s Beacon chain already has more than 300,000 validators, and we’re not even past the Merge. Next to that, even Ripple, with its 150+ validators, may very well not be decentralized enough as well.
A private blockchain is similarly restricted by design. The openness of a public blockchain naturally incentivizes more validators or miners to join the fray, driving up the overall size of the network, and with that, its security too. The number of nodes in a private blockchain is inherently limited, as its participants depend on the sign-off of its controlling authority and usually receive no miner rewards.
There is one more caveat—a private blockchain may very well be reversible, meaning the nodes can roll the network back to a previous state to correct an erroneous transaction. Sure, a few nodes may protest, but it’s likely that they will either end up on a fork ignored by everyone else, or the central controller will revoke their authorization, excluding them from the consensus mechanism. So if a private blockchain is neither decentralized nor immutable, how is it a blockchain in the first place?
More than tokens to lose
Granted, hackers steal billions’ worth of crypto every year anyways. It may be tempting to write off the dangers of centralized private blockchains as just another quirk that would throw an extra few billions on top of that, and nothing more. But the danger lurks in the use cases.
As an example, many of the national banks experimenting with blockchain-based central bank digital currencies (CBDCs) opt for private chains as giving them more control over the network. Given the security flaws inherent to permissioned networks, such designs could set the stage for a catastrophic breach wiping out an entire nation-state economy. It’s true that an attack like that is way beyond the scope of what your run-of-the-mill hackers can do, but a sophisticated adversary backed by a rival government may be able to pull this off. The only advantage that a private blockchain brings to the table is a relative degree of privacy limiting the central bank’s data-collection capabilities. Other than that, a regular centralized ledger will fare better.
A similar argument goes for any other blockchain use case, from trading tokenized commodities to facilitating cross-bank payment. True, a private network will keep everyday speculators out, but private users don’t have enough capital to dismantle the market anyway. By the same account, a private network can be safer KYC- and AML-wise, but as the blockchain world matures, these features will be increasingly present on public chains too.
A permissioned blockchain is a fundamentally flawed concept no matter what entity holds the authority, a centralized body or a consortium. Its restrictive design makes for an inherent vulnerability that will never allow it to operate at the same level of security as a public chain. So for industries looking to embrace blockchain, whatever purpose they may have in mind, the public chain is the best solution.
About the Author:
Lior Lamesh is the Co-Founder and CEO of GK8, a blockchain cybersecurity company that offers a custodial solution for financial institutions. Having honed his cyber skills in Israel’s elite cyber team reporting directly to the Prime Minister's Office, Lior led the company from its inception to a successful acquisition for $115M in November 2021. In 2022, Forbes put Lior and his business partner Shahar Shamai on its 30 Under 30 list.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.