Friday, February 23, 2018

Particl’s Security Prevents Meltdown / Spectre From Affecting Proof-of-Stake Blockchain


Earlier this year, nearly every device with an Intel CPU was affected by the Meltdown and Spectre vulnerabilities. The two vulnerabilities allowed hackers and malicious actors to steal passwords and sensitive information from devices, by accessing the memory and secrets of programs on the operating system of devices.

Meltdown, easier to exploit than Spectre, breaks the basic isolation between user applications and the operating system of devices, leaving memory and private data vulnerable to attacks. Spectre, more difficult to exploit but also harder to detect, allows malicious actors to trick error-free programs to leak secrets, leading sensitive data to be released.

In January, Oleg Andreev, the protocol architect at blockchain company Chain, stated that proof-of-stake (PoS) is an "incompetent" idea because when major vulnerabilities like Meltdown and Spectre are exploited, private keys stored locally in memory are retrievable. When private keys are lost, attackers can easily reallocate massive amounts of funds, getting ahold of the stake and obtaining the ability to attack the PoS blockchain.

"Meltdown/Spectre is why Proof-of-Stake is an incompetent idea: PoS authors ask for an unforgivable amount of money to sit in the online wallets that actively generate signatures," said Andreev.

Last month, almost immediately after Meltdown / Spectre were discovered and utilized to exploit devices, Particl introduced its Cold Staking safeguards, that prevent locally stored private keys of being vulnerable to attacks.

"Particl Cold Staking safeguards your wallet's private keys, and thus your PART, by using a script (contract) between an online staking node and an offline wallet. Both wallets have unique private keys, meaning that if/when the online staking node is exploited by Meltdown/Spectre with a memory leak only the private keys of the node are stolen. If setup properly, the staking node should have 0 PART — thereby eliminating the threat of theft and protecting the PART in your wallet kept offline and secure," explained the Particl development team.

If Particl Cold Staking safeguards are activated and integrated, even when Meltdown / Spectre exploits successfully leave the operating system of devices vulnerable to attacks and the private key from memory is obtained, attackers cannot steal or reallocate funds because staking nodes carry a 0 PART balance. Which means, even if hackers gain access to the locally stored private keys, funds cannot be stolen and remain safe.

"If the Meltdown/Spectre exploit is used on a machine running a Particl Staking Node an attacker could retrieve the private key from memory but it would be of no use since staking nodes typically carry a 0 PART balance," the Particl development team added.

The Particl Cold Staking also prevents quantum computer attacks, disallowing attackers with a quantum computer to obtain a private key from a public key, due to the integration of multiple quantum-resistant one-way hash functions.

Conclusively, the security in Particl prevent two major attacks in Meltdown / Spectre and quantum computer attacks from affecting a PoS blockchain.