High hopes for ‘more secure’ forked version of Bitcoin

On 1 August 2017, the Bitcoin blockchain was officially hard-forked, creating a new version of the Bitcoin (BTC) currency, now called Bitcoin Cash (BCC, or BCH – there’s no consensus on that yet).

So what exactly has happened, and what are the security implications?

The split

BTC and BCC are now separate cryptocurrencies, and although they share a past they are not forwards-compatible, and are listed separately on exchanges.

The new forked BCC chain contains all the transaction history of Bitcoin, immutably encrypted, but as new transactions in BCC are added it will diverge from the original blockchain. However, because the blockchains before the hard fork are the same, all holders of BTC Bitcoin will now also hold the same value in Bitcoin Cash.

In a statement the BCC founders said:

All Bitcoin holders as of block 478558 are now owners of Bitcoin Cash. Bitcoin Cash brings sound money to the world. Merchants and users are empowered with low fees and reliable confirmations. The future shines brightly with unrestricted growth, global adoption, permissionless innovation, and decentralized development.

The reason behind the fork is a fundamental disagreement in the Bitcoin community about the solution to a major problem – a gradual slowing of Bitcoin’s transactional confirmation ability, due to network load under stress caused by its popularity.

This in turn has made transaction fees rocket, dissuading consumers.

After some years of debate in the Bitcoin developer community, recent agreement had been reached to implement Segwit2x, which would double the size of Bitcoin blocks from the current one megabyte to two megabytes.

However, at the “Future of Bitcoin”, developer Amaury Séchet revealed the “Bitcoin ABC” (Adjustable Blocksize Cap) project, under which blocks have a maximum capacity of eight megabytes, and announced the hard fork date, 1 August.

Bitcoin security

The first security threat to consumers comes from the technical part of the user-activated hard fork, or UAHF – all BTC holders who had control of their private keys at the time of the split gained an equal amount of BCC.

Many investors using third party exchanges or unsupported software wallets may not have had control of their private keys, so the third parties who did received the new currency.

Some plan to credit their clients, some won’t.

Many investors scrambled to transfer their holdings to supported wallets in the hours before the hard fork, and hardware wallet users will need to wait for their provider to announce support, or use their recovery seed in a software wallet that does support BCC in order to split out their coins.

The opportunities for error, phishing attacks or other malicious interventions here are numerous, especially given that the majority of successful malicious attacks on Bitcoin have focused on gaining control of private keys, or hacking exchanges, rather than attacking the currency directly.

BCC is technically very similar to BTC, with the addition of larger blocksizes and transaction replay protection, the latter in the shape of a new way of signing transactions.

Bitcoin Cash transactions use a new flag SIGHASH_FORKID, which is non standard to the BTC blockchain. This prevents Bitcoin Cash transactions from being replayed on the Bitcoin blockchain and vice versa – a crucial element of the ecosystem in the future.

The new sighash also brings additional benefits such as input value signing for improved hardware wallet security, and elimination of the quadratic hashing problem.

In short, it’s arguably more secure in theory than BTC, and it aims to be cheaper and faster in use to boot.

BCC does face one major threat however, the majority attack, where a single entity gains more than 51% of the network’s processing power. The issue has been a live one for the BTC network for years, but with comparative hashrates of BTC at around 6.3 ExoHash and BCC at 68 PetaHash, the BCC network represents an easier target.

One common enemy that both blockchains share are disruption attacks, where a majority attacker leverages network disruption to split the network, lowering the barriers to success.

Partitioning network and network delay attacks are both threats, and according to a recent research paper, easier than one might assume for a supposedly decentralised network – with 20% of the Bitcoin nodes being hosted in fewer than 100 IP prefixes.

Larger blocks may be easier to delay or throttle, although even the largest 8MB block is small potatoes in current internet traffic terms, where streaming gigabytes of Netflix video is second nature in millions of homes and businesses.

So will this smaller, less powerful network processing larger blocks of transactions prove to be more or less secure from attack than its older sibling? Only time will tell, in one of the largest and most visible cryptocurrency trials ever.

It is certain that the politics of Bitcoin will continue however, as demonstrated by George Kikvadze of BitFury Group’s tweet:

Early indications are that the technical element of the split has gone as planned, and BCC/BCH did well last week, hitting more than $767, though it’s since fallen back to $325. However, past history is no guarantee of future performance – or indeed of security.