New Security Standard For Proof-of-Stake

Blockchain technology has reached a tipping point, evolving from an enterprise curiosity to a viable option for opening new revenue opportunities and novel ways to commercialize your data. While the benefits are clear, there are still important considerations to make when assessing how and when to begin your company’s blockchain initiative – starting with security. 

We have seen several high-profile blockchain breaches in the news recently, and if your organization is new to blockchain, it is understandable that these developments might make you think twice about adopting the technology. 

For enterprises considering blockchain, the technology’s superior security is a key selling point. Blockchain enthusiasts will quickly tell you it’s the decentralized nature of the technology that makes it a game changer, because it allows companies to collaborate and share sensitive data without the concern that it could be altered or corrupted.

Of course, the benefits of a decentralized model are only as good as the security protecting that blockchain. 

The good news: these recent hacks were not inevitable – at least, not with the appropriate security protocols and verification models. Enterprises can unlock the full benefits of blockchain, without losing sleep over security concerns, by asking the right questions of blockchain developers before they build. 

If your enterprise is considering a blockchain-enabled project, look for these “green flags” during the selection process:

• How are private keys managed? When it comes to using blockchain technology, your private key is your password. There are countless horror stories about users losing their private keys and thus access to any value locked on-chain. This single point of failure poses a significant risk – one that can be mitigated by a wallet that requires multiple signatures from different parties to validate a transaction. Put another way, two or more unique accounts would need to be compromised, making it exponentially more difficult for users to compromise a key. 
• Are the developers using statistically-sound verification measures? Proof-of-stake blockchain networks operate on a consensus protocol, requiring a certain number of validators with a stake in the chain to sign off before any new blocks are added. Some blockchains require as few as 20% of validators to vote to speed up the process; however, fewer validators means the chain is less secure. Highly secure chains require at least two-thirds of validators to vote, ensuring both that a transaction is propagating through the entire network, and that there’s a certain amount of participation present for the network to progress. Thanks to emerging standards, notably the Casper CBC model, this is increasingly becoming an industry best practice – though confirming the blockchain’s validation model should be one of the first questions asked when assessing new solutions. 
• Is security top-of-mind across the entire developer team? A blockchain is only as strong as its weakest link, so the developer needs to have protocols that follow an enterprise-first approach for issues such as security patches. One of the recent industry breaches was the result of a breakdown in that network’s security processes – a vulnerability in the network was exploited, because its team left the fix for the problem open in a public repository for weeks. And a bad actor found it. This is certainly NOT an industry best practice and one that security-conscious networks know how to avoid. If the blockchain that you’re building on doesn’t have a dedicated professional services and support organization, you’re building on the wrong chain. 

Additionally, look for a team that announces security fixes only after the issue has been fixed.

Blockchain is built on trust; you need to be sure that the team managing the chain has designed every aspect with security in mind. 

• How quickly can the developers adapt to evolving threats? Just like any other technology in an evolving security landscape, it’s possible new blockchain vulnerabilities will be found. Having a dedicated team in place to manage the fix is critical, but so is being able to upgrade the technology itself to address any bugs. For instance, instead of making smart contracts – automated programs that execute agreements across the blockchain – unchangeable, your blockchain should offer these components as upgradeable and flexible. In the event that there is a security vulnerability, the blockchain network can effectively and securely upgrade the contracts to mitigate any ongoing risk.

Your organization should not need to choose between enterprise grade security and the ability to customize builds to your specific needs. That’s why CasperLabs is continuously working to set the industry’s highest standards in network security.

If you’re interested in learning about the security protocols Casper offers, and how the CasperLabs team prioritizes the security of your network, please reach out to us at hello@casperlabs.io.

To learn more about the organizations building on Casper, have a look at our growing list of case studies.