Security news that informs and inspires

The Blockchain Won’t Save You

Security fads come and go with alarming speed and frequency, but few have accumulated the hype and noise that blockchain technology has been able to gather. And to hear cryptography experts tell it, much of the attention is likely unwarranted.

Blockchain technology is most closely associated with cryptocurrencies, but it’s used in many other applications, as well. The core properties of decentralization and resistance to modification make blockchain attractive for some security technology, but some of those properties also make it unlikely to work well for other applications.

“Blockchains are interesting beasts. They’re distributed and public, but they fail miserably in many applications. They’re a very poor choice for voting, for example. You want to make sure that voters have the ability to ensure that their votes are recorded correctly,” Ron Rivest, a professor at MIT and co-creator of the RSA encryption algorithm, said during a panel discussion at the RSA Conference here Tuesday.

“It doesn’t matter if it’s immutable if it’s wrong. Blockchains have limited security properties that may or may not fit what you’re doing.”

The distributed nature of blockchains can make them somewhat more resistant to attacks, as there’s no single target to attack. But distributed systems don’t exactly have a spectacular track record, said Moxie Marlinspike, a cryptographer and co-creator of the Signal messaging system.

“The problem is there aren’t many instances where distributed is the primary value of the system and we know distributed systems don’t work very well and haven’t for a long time,” Marlinspike said.

“It reminds me of the P2P craze of the early 2000s.”

Blockchain technology is of particular interest to many in the cryptography community thanks to its reliance on encryption. And while there are bound to be many uses for the technology in the years to come, Rivest said it is not the universal answer to every security problem.

“Some people tend to think of blockchain as the security pixie dust you can just sprinkle on things. It’s not that,” Rovest said.