Blockchain: Hype oder Innovation?

1. 00:00We stick to our strengths and challenges the blockchain technology and focus on security.
2. 00:06Blockchain technology offers a high level of security. In the time of Bitcoin's development, for example very strong or best cryptographic algorithms,
3. 00:21and since the Bitcoin system or blockchain technology was originally intended to be Open Source, so the source code is public,
4. 00:31several participants, interested parties, Developers working on the technology and keep improving it.
5. 00:38Of course, the bigger the system, like Bitcoin or Ethereum, the community of developers is of course also larger.
6. 00:46Of course, if you develop the technology further, or modified, certain errors will occur. or mistakes may occur.
7. 00:57A bug in the software is always such a problem.
8. 01:00They then offer attackers a possibility under certain circumstances, to attack the system at any level.
9. 01:06So in this respect this is Open Source principle, that a lot of people look at it and see, Man, there's a mistake,
10. 01:12and if such an error is discovered, to repair it quickly,
11. 01:14is therefore a very important plus in addition to the high grade of cryptographic methods used here, which we've all discussed.
12. 01:24But of course, when we talk about security, there are also attacks.
13. 01:27It's just a few of the attacks we've listed here, the most common attacks, such as the Denial of service attack.
14. 01:37A large number of transactions are created in the process from the attacker and sent to the network.
15. 01:44And the attacker has the target, of course, to send as much spam transactions as possible,
16. 01:51so that the nodes, the users, are only busy to process these transactions, this information and do nothing else, verify no other transactions.
17. 02:02But Bitcoin has a solution for this problem.
18. 02:07Certain rules have been established, that attackers are not allowed to send transactions without charges.
19. 02:19So you're only allowed a certain number Create and send transactions with low fees.
20. 02:25It regulates the fact that this attack doesn't hurt the system.
21. 02:33Flood attack or spam transactions is another possible attack.
22. 02:38The attackers create multiple transactions, addressed to itself, and the goal is, that the blocks are only filled with their transactions.
23. 02:50And in this sense, the other transactions can then can't find its way into the block,
24. 02:55the participants have to wait, it can't be traced what's being transported.
25. 02:59So these transactions to themselves, so making pointless transactions is an attack. on the mechanism of the blockchain and the Bitcoinsystems.
26. 03:11So flood attack, so flooded. the whole network with its own transactions.
27. 03:16Sybil attack, the name comes from a book,
28. 03:22Roman, isn't it?
29. 03:22Exactly, from a novel, and there it was about a woman with a personality disorder.
30. 03:29And in technology, in this attack, it's about the attacker creating multiple identities, send the wrong information,
31. 03:41or the information the attacker wants.
32. 03:43That is, the other knots that are associated with these to communicate false identities, get false information
33. 03:52and can thus be encapsulated from the entire system.
34. 03:55If we keep looking, there are a number of other attacks,
35. 03:59for example, the tracking of transactions.
36. 04:03We have seen that every transaction has its own address, and that's not the user's IP address now,
37. 04:10because you don't want to make a connection right away, of course. between a person and their Bitcoin transaction.
38. 04:19A target, an attack on security is, to get that pseudonym out, and actually try,
39. 04:27to reconnect a transaction to an IP address, with an identity of the participants in this network.
40. 04:35Ideas to counter this attack is, to use such anonymizers as the Tor network.
41. 04:43If we ever get the idea again, which has then actually asserted itself in practice with the Lightweighted Nodes and the Full Nodes,
42. 04:53that's for the Lightweighted Nodes, who send their transactions there and since only the header information from the blocks has,
43. 05:01to determine their own activities there, the Tor network is good to use.
44. 05:07It's a little more complex for the Full Nodes, and there have actually been developed such Tor hidden services,
45. 05:15with which the attack, that you're trying to establish a connection between the pseudonym, between the transaction address and the and the associated entity.
46. 05:32Another idea, to make it difficult for the attackers, to establish the connection to the actual user,
47. 05:38are so-called mixing services, which offer the possibility, there are different ways to get such information,
48. 05:45send such transaction information to the network to further disguise their own origins.
49. 05:53But it should already be mentioned here that of course then a certain confidence must exist for this mixing service,
50. 05:59because they are the ones from whose sender address then the transactions are sent.
51. 06:09And of course this is not always legal, cause that looks like money laundering.
52. 06:14We send our transactions, our bitcoins. to this service, to the specific address they give us, and from other addresses the bitcoins are forwarded.
53. 06:27That means you can't understand it, so this looks like money laundering.
54. 06:30And of course this is also forbidden in some countries.
55. 06:33Another point is, that now nothing at all directly with the security of the Bitcoin system that Blockchain is dealing with,
56. 06:43but with the safe environment, from which the user works.
57. 06:48The point is, such transactions have to be signed. Signing was: Encrypting with your own private key.
58. 06:56This private key, if the now is not stored securely in the user's environment,
59. 07:02if the attacker succeeds in gaining access in any way on this private key, on the possibility, for example, to get the user's computer,
60. 07:11then of course he can act on behalf of the user, Initiate transactions and the like.
61. 07:17So this is an attack that doesn't involve anything. has to do with the security of Blockchain's architecture, but he had something to do with it,
62. 07:24how safe the user's working environment is,
63. 07:27And that's an important point, because very often it is said in the media, Bitcoin's been cracked, Bitcoin's insecure.
64. 07:34But the bottom line is Private Keys stolen from an online service, online provider.
65. 07:41So that's one point when you offer online service, how can you keep the keys?
66. 07:47And of course there are different possibilities. You can keep them on your computer, in an application.
67. 07:52But you can also, there will be offers, Online services that then store this private key.
68. 08:01And a whole series of attacks have already become known, that in these online services attackers have succeeded, to gain access to the private key.
69. 08:13If you enter the private key now on your own computer, then this computer must be well protected.
70. 08:21Otherwise, if attackers gain access to your computer, for example by responding to a phishing mail or cross-side scripting or other attacks.
71. 08:30Well, that must be very carefully considered, and maybe a third way for storing these private keys
72. 08:39are special hardware devices, with the vaults, which are then also very protected, where an attacker can't gain access.
73. 08:51So there are different methods.
74. 08:53I don't want to put any of them in the front row right now, only we want to draw attention to the topic,
75. 08:59that all the security of the entire system depends on it, of course,
76. 09:04that the users handle their data in a very orderly manner and in particular the private key to generate the signature.
77. 09:16It's just like the cash.
78. 09:19If we lose our wallet with our cash, then someone can steal this.
79. 09:24The same applies to the Private Key, if someone has it, they can use our money.
80. 09:30Now we still have the 51 percent attack. I think we've mentioned it a number of times.
81. 09:35That's it. And now we'll just summarize the information again.
82. 09:39It's about when we have multiple miners in the system. and they join forces.
83. 09:46We also mentioned this in earlier videos, that so-called mining pools exist,
84. 09:51where several miners join together, to merge their computing capacity.
85. 09:57And of course, if you monopolize that. and has more than 50% of the total computing capacity of the entire system,
86. 10:08for example 51 %, then you can build your own blocks, then you can enforce your own truth.
87. 10:18You'll be faster than the others at building blocks, you can perform the cryptographic tasks that are required, to build a block, they can be solved faster.
88. 10:28And in so far as you know then, you can build the blocks yourself and define them in the network, then of course there is also the possibility of manipulation.
89. 10:37But of course not everything is possible with this attack.
90. 10:41What Mr Meinel already mentioned, building your own blocks, is possible, you can include your own transactions in the blocks,
91. 10:52double expenses are also possible, that you give the same value twice, because you determine the truth by building blocks.
92. 11:04And attackers can't change all past blocks. He'll have to recalculate them all, for that he must have so much capacity....
93. 11:15Well, he can do it. But if he wants to manipulate a block, it's not enough to manipulate this block,
94. 11:20but we have this link between the blocks, the welding there through that Merkle Tree mechanism,
95. 11:26then he has to delete all previous blocks and manipulate it.
96. 11:31Of course, he has to spend a lot of money for this, because it costs a lot, electricity costs a lot.
97. 11:38And if, of course, we have such concepts, Mining or Minting, Blockchain update concepts,
98. 11:47each concept has advantages and disadvantages versus a 51 percent attack,
99. 11:53but of course, proof of work cuts still better than proof-of-stake.
100. 11:59And proof of work and proof of stake, just a reminder, those were the consensus algorithms that were used, to make sure that it, you always call that the truth,
101. 12:09so this full history, the shrink-wrapped History of previous transactions.
102. 12:17If you want to drive a blockchain application like that, you have to make sure that actually creating these blocks,
103. 12:25so this holding and tight welding of all activities, that took place, that later make it impossible, to deny something or change something,
104. 12:39that must actually take place distributed in the network.
105. 12:43So with the secret key, that was a question, that had nothing to do with Blockchain alone, that was the question of how to use the users.
106. 12:51Here, of course, this is a very specific Attack on the block chain system,
107. 12:56so building a little blockchain like this with three people - not a good idea.

To enable the transcript, please select a language in the video player settings menu.