Latest Blogs

Which do you trust – the bank or the blockchain?

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

 You read everywhere that the blockchain is the new secure way of doing almost anything including holding the accounts of your crypto currencies. This is quite misleading because your money is much safer in the bank than on the blockchain. Both the bank and blockchain are holding accounts where the difference is not so much about security but trust which puts the discussion into a business perspective. People new to the field of security often struggle to understand that it is the business that decides what level of risk they are prepared to accept.

It’s common practice to talk about security which the dictionary defines as the state of being free from danger or threat. In the case of a bank we haven’t got a clue because we are not privy to their security processes, however for the blockchain we know a lot more because in general the processes being applied are public knowledge and are well reviewed. Although I’m sure you would be quick to agree that this still doesn’t really tell us if we are free from danger or threat since invariably, we don’t know all the dangers and threats.

A much safer argument is to talk about trust which may be defined as the belief in the reliability, truth or ability of someone or something. I feel much more comfortable working along these lines because I don’t seek perfection but just some assessment in terms of low, medium and high and I can incorporate concepts such as how much would I trust you to sort out my problems because in practice there are always problems with any system. When you fly on a plane or travel in a lift are you thinking of trust or security? If you take the case of the recent Boeing Max 8 problems the company suffered a trust failure as did the FAA who are the US regulators.

I would argue that in general we do trust our banks to manage our accounts and do expect them to resolve problems when necessary. I would propose that probably most people would have a high trust in their bank.

So to the blockchain and let’s just take bitcoin as an example of a crypto currency, do we trust bitcoin? You might have noticed nobody ever says how much trust they have in bitcoin they tend to want to assure you that it is a very secure process, the word trust is rarely mentioned.

What or who do we need to trust? The drawing shows the core entities involved in bitcoin which would be similar for most crypto currencies.

The bitcoin user – that’s you and it’s up to you to protect your secret key necessary to sign new transactions. If you use an agent such as a coin exchange then they actually manage your account and have the secret key that allows transactions because they are effectively creating transactions on your behalf. All your money could be lost if they get hacked! Trusting an agent to manage your account is a big ask and there is no reason why you can’t do it yourself if you are happy to have a bitcoin client on your computer.

The Miners – those permissionless unknown people who validate the transactions and create the new block to be added to the chain. The miners are (solely) motivated to win the block work challenge and claim the bitcoin reward along with the transaction fees assigned by the users. Miners can work independently or may be part of a group that sets out to share the hash work function to win the block challenge, the rewards being shared accordingly. Can you trust the miners? They may use the Bitcoin core software or their own version/modifications as long as their version runs obeying the same rules as the core software. Their only motivation is really making this software run as fast as possible and in practice using hardware accelerators for the hash calculation.

So the question here really is all about the probability that the software misfires due to a bug or uncontrolled misuse. If the bank has a bug in its software it will recompense those affected because it is legally obliged to do so, it is a legal entity in charge of your money. Blockchains including bitcoin have also had problems including unintended hard forks (,     the Ethereum DAO coding loophole (,  the 51% CPU problem (  which is probably already controlled by China. The difference is that there is no legal entity obliged to rectify the incorrect state of the blockchain. In practice you have to trust the mining community because they are the effective operators of the blockchain. The bitcoin core software could be changed by the developers but that is no good if the miners collectively refuse to accept the changes.

The Blockchain – effectively a database (currently about 220 GB) that stores every transaction from the first. It is assumed to be unchangeable because of the protection of the hash functions built into the mining process. You can’t change a transaction without having to change an impractical number of hashes that would also have to be changed if you tried to modify a single transaction. The bitcoin blockchain is a database that is effectively synchronised about every 10 minutes when a new block is added to the chain. The transactions created in between are in an indeterminate state, they may or may not be added in the new block validated by the successful miner.

Assuming the successful miner has obeyed the rules in adding the transactions to the new block which is added to the chain then you have a correct database of transactions. They could take shortcuts and not check the previous transactions correctly but because the information is public they should be found out.

However this doesn’t protect you against mistakes, what happens if you make a payment for the wrong amount or perhaps add a ridiculous value for the transaction fee? There are plenty of examples on Bitcoin. Here the banks reign supreme, you would probably always have cover against such mistakes and the bank’s transaction fees might seem quite reasonable.

Once you look at bitcoin through a trust model it becomes less attractive, there is nobody to sue if it goes wrong and for the avoidance of doubt you are unlikely to get your money back. I haven’t even mentioned it so far but how about the volatile nature of the crypto currencies, in general they are not collateralised so the value is totally dependent on what somebody else will pay you at some point in time. Of course you don’t know and that accounts for the speculative nature of crypto currencies which play little part in day to day payment transactions in any legal environment. This is the bit that Satoshi Nakamoto the bitcoin inventor got wrong but it should take away from a very elegant way of devising an independent digital cash model.

Just put your money in the bank, well a regulated bank anyway.

Dr David Everett

Founded in 1983

Microexpert has been at the forefront of cryptographic design and development since 1983, having grown organically over the last 30+ years we have consistently supported the industry in delivering the highest quality, and through continuous training and development shaped our team to deliver the best service to our clients.

©2020 Microexpert. Registered number 01755695.