Blockchain Security

Centralized Points of Failure

Centralized points of failure represent salacious opportunities for would-be adversaries to attack. Think about it this way: if you’re holed up in a tank and there is only a single way in and out of the tank, where does it make the most sense to attack? The single point, of course! In a similar way, when we rely on a single service to a point of reliance, we can say that it is a single point of failure since its loss would mean a major catastrophe for us.

Alternatives to centralization

Federation

Federated services allow multiple providers to offer an identical service under a single integration endpoint, but in many cases, these networks do not currently have enough separate providers to ensure stability. As a result, it is possible that a single service like this could be attacked and result in the compromise of the wider network. Sometimes these use bridges to make interacting with the federated servers easier, but the bridge can turn into a point of failure itself.

Peer-to-Peer

Another option is to leverage a full peer-to-peer environment. This reduces our reliance on bridges and helps alleviate some network constraints that centralized networks are prone to. Of course, this can be very difficult to achieve a substantial mass of interest. This leads to lopsided access for less popular content. For example, looking at the BitTorrent network, the newest content moves fastest, while old contents suffer from lack of nodes hosting the data. One solution to this is to offer economic incentives for users who help to support the diversity of the network. This is a critical area where cryptoeconomics may be a boon for future protocols.

Reducing Technical Risk

Most public blockchains strive for complete decentralization, however, it’s unclear if such a feat is achievable; or will we simply get closer to 100% but never there due to non-technical issues, but this sometimes includes the use of federated service servers. In the case of Ethereum, the Infura network provides API access to the blockchain for developers so that they do not need to have a copy of a full node in order to check blockchain data. These kinds of services provide vital tools for network growth but must be carefully managed to avoid potentially dangerous centralization.