One of the world’s leading hacker professors warns of blockchain failure: we shouldn’t get too excited, the technology is still in its early days

Blockchain, for most people, may be a familiar and unfamiliar term. Familiar because it is closely associated with bitcoin; It’s strange because the concept has been talked about so much that not many people really understand how it works and what it means.

It ended a little while agoMIT Tech Review Blockchain SummitOn Tuesday, one of the industry’s biggest proponents of blockchain was less harmonious: Emin Gun Sirer, a professor of computer science at Cornell University.

The famous hacker, who found a way to hack the FBI’s website in 2004, tried to warn people more about the flaws of blockchain and the technical challenges it faces:The technology is still in its very early stages and should not be over-enthusiastic.

Photo │ Emin Gun Sirer, professor of computer science at Cornell University

The following is the transcript of Professor Emin Gun Sirer’s lecture, compiled by DT:

Too much has been said about the benefits of blockchain, and the changes it could bring to the world, and I won’t repeat them here. What I want to share with you is how people use blockchain and the technology behind it.

To grasp blockchain as a whole, one must first understand the way humans record wealth. When people see gold, they immediately think of wealth and value, but this belongs to the recognition of its value by human cultural tradition. Why gold? There are many stones that are more beautiful and resistant to corrosion than gold. Why don’t people choose these stones?

Of course, there are other types of objects that have been given value, like shells, which are beautiful and hard to counterfeit; And ancient Chinese dao coins, special coins made of copper and so on.

I’ve also seen an amazing currency. On an island in the South Pacific, locals use a giant stone disc as currency (pictured below). The reason for this “megalithic currency” is simple: rocks of this size are not found on the island. If you want to buy someone else’s land, just push the big stone coin to their door and put it there. The land is yours.

Picture │ boulder coins used as currency on the island

There was a British anthropologist who worked on this particular island around 1963, and stones of this size were rarely found on this island, so they had to be excavated and brought back from other islands. Occasionally, the stone coins would fall off the boat and fall into the sea, where they would be difficult to retrieve.

Which begs the question, who does the stone coin fall into the sea belong to? The original owner must have taken pains to dig and carry it. The island is a kind people who trust each other. So a deal would be made whereby the owner would be given ownership of all the coins on hand, plus the one lying on the seafloor.

In case it’s nonsense, there’s a picture of a stone coin sinking into the sea (laughter).

Photo │ Boulder coins sunk in the sea

Notice, everyone, that on the basis that everyone recognizes the value of these stone coins, they transferred the ownership of the invisible coin at the bottom of the sea. This is the key to getting the deal done. In fact, this is what blockchain technology is based on.

If I had to define blockchain technology, I think it would be something like this:

A blockchain is an additionable ledger that encodes valid transactions within a system and meets the following conditions:

• Each transaction must be valid;

• The system must agree on the ownership of digital assets;

• History cannot be tampered with, which is the source of blockchain value;

However, this is where the problem often comes in. The above three points have all failed in previous practice. In order to illustrate the major hidden dangers of blockchain, I will focus on these three points one and one.

1. Each transaction must be valid;

Under this condition, all transactions must comply with agreed rules. What are those rules? In computer science, rule descriptions can be defined by external technical documentation. But for blockchain and its applications, this definition simply doesn’t apply.

You’ve probably heard of the term “Code is Law,” though Lawrence Lessig coined it in an entirely different context. But the phrase explains some of the applications of blockchain: once code is written and executed, for example, it can never be taken back.

But today I want to say that code is not rules, rules are rules, and code is full of bugs!

By today’s industry standards, one bug is allowed for every 100 lines of code, and bitcoin clients have about 30,000 lines of code. Fortunately, we haven’t found any fatal bugs yet.

, however, the first generation of block chain technology developers is to avoid the technical specifications document, the reason, of course, there are many, such as code and specification inconsistencies can lead to problems, lack of effective method to mediate differences, as well as the most important point: open source technology developers think specification will kill their creativity.

In August 2010, a hacker took advantage of a loophole in integer overflow to create 184 billion bitcoins out of thin air, even though the system was originally designed with a quota of 21 million. Eventually, the bitcoin development community, with the help of the miners, rewrote the code to plug the bug.

Figure 2-184 billion bitcoins appear out of thin air

2. The system must reach a consensus on the ownership of digital assets;

A consensus mechanism is a convention that all nodes agree to when a transaction occurs. The consensus mechanism is also prone to failure, as many transactions can take place at the same time, so Bitcoin is currently facing the problem of increasing the number of transactions. There are also misleading elements of the transaction process, such as the “Byzantine general problem”, which can be understood simply as a relationship of mutual distrust between competing interests.

After all, bitcoin can be seen as a way to find a common solution to the complex algorithmic problems of distributed systems that have always been inherent in consensus. The general logic is that all transactions must be done on the basis of what the current world allows. Earlier blockchains followed the principle that once a decision was made, it could not be withdrawn. What satoshi nakamoto and his bitcoin have done is to allow decisions to be modified at a possible cost.

The failure of the consensus mechanism has also happened in bitcoin. In 2013, the Bitcoin client was upgraded to v0.8, allowing more transaction frequencies to be held in a single block. Before long, there were so many transactions in one block that it split in two. The developer community can only downgrade the software and cancel transactions for a few hours.

Third, the past history cannot be tampered with, which is also the source of the value of blockchain.

Imtamability is the most important attribute of blockchain technology and a core principle of cryptocurrencies and their application scenarios. No one wants to have to deal with the hassle of getting a refund after a digital currency transaction over the Internet, or have their digital assets wiped out because some regulatory agency has intervened.

The most exciting application of this feature came in May 2016, when the DAO (Digital Autonomous Organization) was officially launched. DAO is a very successful practical case in the field of blockchain. The project aims to create a decentralized distributed fund for investment in various blockchain projects through the cooperation of venture capital funds, blockchain entrepreneurs and technology development communities.

Figure │ blockchain project DAO

The project builds a “Ethereum” on top of a “Smart Contract,” which contains code and programs that interact with other contracts, make decisions, store data and transfer “Ether” to others.

Simply put, it’s a fund without any central structure, where everyone can invest their ether holdings in projects you trust, and invest in projects based on majority rule.

Three weeks into the project, more than $100 million had been raised, which intrigued me and my colleagues because we never thought a project like this could raise so much money. So we started looking at the code very carefully, and it turned out to be so full of bugs that literally anyone who drove a truck in there could come out with a truck full of Ethereum…

Then, in a bystander’s mind, we published an article on Google Docs that pointed out nine major bugs in the DAO Smart contract and warned people not to put too much money into it. But people don’t seem to agree. In the end, enthusiasts contributed $220 million to the blockchain investment fund.

But on the very first day of the DAO’s official operation, a hacker managed to steal $52 million from the fund’s Ethereum account using one of the vulnerabilities we published and another he discovered himself.

Of course, the hacker never cashed in the ether. When the FBI and the jury came to me for technical advice on how to get a conviction in a case like this. “This could be the first case against a robot,” I said, only half joking. Because the DAO’s decisions are executed by pre-written code without any human intervention, there is no illegal behavior.

As an academic researcher, I hope to give you a warning from a technical point of view, because blockchain is too hot right now, which may lead to some problems:

• Our computers, mobile phones and other computing devices are vulnerable when used to handle large digital assets;

• All private blockchains are based on the “Byzantine general problem”, which is completely wrong and will face the possibility of independent failure. If further such a protocol which may fail at any time is deployed on every node, the consequences will be unimaginable.

• Smart contracts are developed by javascript-like tools that lack technical specifications and reliability.

• Failure protection and stop loss are not clear.

Photo │Emin Gun Sirer speaking at the summit

In conclusion, I would like to say that blockchain, like other cutting-edge technologies such as space and genetics, is very exciting and its huge potential to change the world can be expected. Of course, there will be many failures in the process of technological exploration, and I believe that if we want to reduce failures, we should apply the most reliable scientific methods.

Reasonable design of architecture, protocols, application scenarios, security systems, technical development specifications, etc., are all urgent issues to be solved in the current blockchain.