BLOCKCHAIN SECURITY AND PRIVACY
GUEST EDITORS’ INTRODUCTION
Blockchain Security and Privacy
Ghassan Karame | NEC Laboratories Europe
Srdjan Capkun | ETH Zurich
T he blockchain emerged as a novel distributed consensus scheme that allows transactions,
and any other data, to be securely stored and verified without the need of any centralized
authority. For some time, the notion of blockchain was tightly coupled with a now well-known
proof-of-work hash-based mechanism of Bitcoin. Today, there are more than a hundred alternate
blockchains: some are simple variants of Bitcoin, whereas others significantly differ in their design
as well as provide different functional and security guarantees. This shows that the research com-
munity is in search of a simple, scalable, and deployable blockchain technology. Various reports
further point to an increased interest in the use of blockchains across many applications and to
a significant investment in the development of blockchains by different industries. It is expected
that the blockchain will induce considerable change to a large number of systems and businesses.
Distributed trust and therefore security and privacy are at the core of the blockchain tech-
nologies, and have the potential to either make them a success or cause them to fail.
This special issue aims at collecting the most relevant ongoing research efforts in blockchain
security and privacy. We are very grateful to this community, especially for its vivacity and vast
participation.
The issue starts with an introductory article written by Sarah Meiklejohn, “Top Ten Obstacles
along Distributed Ledgers’ Path to Adoption,” which presents hindrances preventing the wide-
spread adoption of the blockchain technology by the community and outlines potential avenues
of research.
In their article, “A First Look at Identity Management Schemes on the Blockchain,” Paul
Dunphy and Fabien A.P. Petitcolas discuss a number of identity management schemes based
on the blockchain and evaluate three schemes—uPort, ShoCard, and Sovrin—using a novel
framework.
In “Tyranny of the Majority: On the (Im)possibility of Correctness of Smart Contracts,”
Lin Chen and colleagues tackle the correctness of smart contracts in the blockchain. More
1540-7993/18/$33.00 © 2018 IEEE Copublished by the IEEE Computer and Reliability Societies July/August 2018� 11
�BLOCKCHAIN SECURITY AND PRIVACY
specifically, they analyze consensus of smart contract Ghassan Karame received his MS in information net-
results in decentralized systems and show that the cor- working from Carnegie Mellon University (CMU)
rect execution results of smart contracts are not always in December 2006 and his PhD in computer science
accepted as consensus. from ETH Zurich, Switzerland, in 2011. Between
In “Blockchain Access Privacy: Challenges and 2011 and 2012, he worked as a postdoctoral researcher
Directions,” Ryan Henry and colleagues discuss another at the Institute of Information Security of ETH
important problem in the blockchain: privacy. They Zurich. Since 2012, Karame joined NEC Laboratories
show that Tor offers limited privacy and illustrate the Europe where he is currently the manager and chief
need for research “beyond Tor” to tackle important researcher of the Security group. Karame is interested
access privacy issues in contemporary blockchains. in all aspects of security and privacy with a focus on
“When the ‘Crypto’ in Cryptocurrencies Breaks: cloud security, SDN/network security, and Bitcoin/
Bitcoin Security under Broken Primitives,” by Ilias blockchain security. He is a member of IEEE and
Giechaskiel and colleagues, presents an analysis of the ACM and is the author of several papers and patent
effect of broken primitives on Bitcoin. This analysis applications. More information can be found at
leads to several suggestions for the Bitcoin migration http://ghassankarame.com. Contact him at ghassan
plans and insights for other cryptocurrencies in case of @karame.org.
weakened cryptographic primitives.
Finally, Rachid El Bansarkhani and colleagues extend Srdjan Capkun is a full professor in the Department
this analysis in their article “PQChain: Strategic Design of Computer Science, ETH Zurich, and director of
Decisions for Distributed Ledger Technologies against the Zurich Information Security and Privacy Center
Future Threats,” suggesting paths for a secure instantia- (ZISC). He was born in Split, Croatia. He received his
tion of the blockchain protocol, taking into account the Dipl.Ing. degree in electrical engineering/computer
presence of large-scale quantum computers and poten- science from the University of Split in 1998 and his
tial future attacks against the underlying hash functions. PhD in communication systems from EPFL in 2004.
Prior to joining ETH Zurich in 2006, he was a post-
doctoral researcher in the Networked & Embedded
W e hope you enjoy this special issue! Systems Laboratory (NESL), University of California,
Los Angeles, and an assistant professor in the Infor-
matics and Mathematical Modelling Department,
Technical University of Denmark (DTU). His
research interests are in system and network security.
One of his main focus areas is wireless security. He
is a co-founder of 3db Access, a spin-off focusing on
secure proximity-based access control. Contact him at
[email protected].
From the analytical engine to the
supercomputer, from Pascal to von
Neumann, IEEE Annals of the History of
Computing covers the breadth of computer
history. The quarterly publication is
an active center for the collection and
dissemination of information on historical
projects and organizations, oral history
activities, and international conferences.
www.computer.org/annals Read your subscriptions through
the myCS publications portal at
http://mycs.computer.org
12 IEEE Security & Privacy� July/August 2018
