Adam Cecchetti, CEO of Deja vu Security, discusses building security into blockchain technologies. Early ledger technologies from 5000 years ago provide context for modern blockchains. Blockchains face challenges with privacy, forging records, and scalability similar to early computers. Enterprise blockchains like Quorum and Hyperledger aim to solve these issues by making transactions private and permissioned through consensus algorithms instead of mining. Building security into decentralized applications and smart contracts is important as blockchains are still new computing platforms facing classic security problems.

1. BLOCKCHAIN, SMART CONTRACTS, AND ICOS:
BUILDING SECURITY INTO THE DECENTRALIZED DIGITAL ECONOMY
Adam Cecchetti
CEO, Deja vu Security
The Realities of Enterprise Blockchain
dejavusecurity.com

2. THE REALITIES TEMPORALITY
OF ENTERPRISE
BLOCKCHAIN
Adam Cecchetti
Deja vu Security

3. Greetings!
 Adam Cecchetti
 Founder / CEO Deja vu Security

4. Early Ledger Technology
 Estimated to be ~5,000+ years old
 Based on Clay Technology
 A fork of the dirt project
 Record transactions using Stick and Cuneiform
 Bake at 500-600 C to mint a tablet
 Add an entry into the codex then stack to chain
records
 Downsides
 Shatter to erase record
 Very low transaction throughput and high latency
 Difficult but not impossible to forge
 Just need to be literate ~4000 years ago

5. Early Ledger Tech : Not Privacy
Preserving!
“A stockpile of 12,000 trade accounts left by Assyrian
merchants in the 19th century BCE has been used to find
half a dozen locations. The researchers used
mathematical models based on the prices of goods and
the frequency of trips between trade hubs to pinpoint
where the cities once stood.”[0]

6. Blockchain
 Transactional ledger of time and events
 Global stack of ordered clay tablets
 Thee that holds this token pay two lambskins of wine to
 One sheep and a bolt of textile for thy that can sign this stone
 Everyone gets a copy of every tablet every time a new
tablet is baked and agreed upon as the latest snapshot of
reality
 In reality : usually flat file Database that is represented
as a graph of transactions or program state
 Databases representing this state have gotten fairly large
 Every node has to verify every transaction or run every
program to validate each of the blocks
 BTC : 155 GB Ethereum : 263 GB Dash : 4.6 GB

7. Blockchain
 Verified by
 Proof of Work : Cryptographic Hashing
 Proof of Stake : Lock coins in special voting wallet
 Voting : Membership, vote, centralized ordering
 Stores properties for ordered transactions
 Not private nor privacy enforcing
 Difficult but not impossible to forge a block
 Just need more
 Petahash power to perform a 51% attack
 Tokens that you can stake any transaction you want
 Members to perform a cabal, sunset, or collusion attack
 Access to the various Private Keys
 About as trivial as being literate 4000 years ago

8. Something old Something
new…
 Ethereum Blockchain Block #4678523
 In Sumerian Tablet Using Late Cuneiform

9. Better AlphabetBetter Alphabet

10. Later Cuneiform

11. Early Computing : Mainframe
 Turing complete multi-user
computer
 Flat memory address space
 Compute and storage
expensive
 Little data or code protection
 Large focus on data throughput
 Accessible to anyone with a
direct terminal, X.25
connection, or this ARPANET
thing.

12. Ethereum : a “new” computer
 Turing complete computer with a virtual machine
(EVM)
 Flat memory address space
 Distributed system accessible via the P2P network
 Tracks program and data state on the blockchain
 Storage and compute currently expensive
 Smart Contract are programs that gate changes to
the Blockchain via the EVM
 By default users can see all data and call contract
functions
 Byzantium changes beginning to address data privacy
challenges (Elliptic curve add/mul zkSNARKS, big int
mod)

13. Early Program Storage Tech:
ROM
 Collection of data or code
 Diode Matrix or later EEPROM
 Store data or code
 Diode Matrix “Immutable”
 Blow diodes to write a program or
bits
 Write once read multiple (WORM)
 Data or code readable by anyone
that knows where the chip is or
what bus it is on
 Destroy by blanking with
Commands, UV, or physically
destroying the chip

14. Smart Contracts
 Collection of various data and code
 Functions to perform logic, read, writes stored
on block chain
 Immutable code written to Ethereum contract
account address
 Compiled EVM bytes
 Cannot be updated or patched
 Destroy by calling special code Suicide

15. Smart Contract Bug Classes
 Newness of the EVM computer
 Lack of clean well coded audited examples
 Solidity code very difficult to get right
 Difficulty in understanding side-effects in the programming environment
 Contract data or code public readable/callable/alterable
 Exceptions can take different logical flows depending on the version of Solidity
 Fallback function of the contract calling your contract can execute by default
depending on the state, function called, or out of gas
 Memory layout in the EVM can have side effects for mappings and other complex
structures
 Multi inheritance ordering
 Solidity compiler can optimize out conditionals
 Solidity compiler auto-gen functions
 Modifiers wrap entire functions changing expected behavior
 Classic security issues of int overflows, flow control, etc
 The list goes on and on and on…

16. Sharding The Ethereum
Network
 Sharding will split the network into multiple
parts requiring a hybrid Proof of Stake / Work
 Casper upgrades required for sharding
 Hybrid Proof of Work/Proof of Stake
 “Goal to have same transaction scale as VISA
network”
 Ethereum : ~7.5-20 TX/sec
 VISA : ~1667 TX/sec
 There’s some ground to go

17. Ethereum
 Globally accessible computer of carefully
managed applications stored in a ROM like
fashion
 These programs gate logical access to writing
changes to the blockchain that stores the
applications state and data
 State of data and code are put into blocks are
mined and put onto the blockchain by a Proof
of Work

18. Ethereum
 Significant effort currently focused on scale
and data throughput
 Just like early mainframe days
 TX throughput, Bus Latency, etc
 Just like early days of any new computers
seeing the same issues
 Patching, Data Privacy, User Privileges, Process
separation
 Code isolation, Latency, Throughput, Availability,
etc

19. This sounds familiar

20. Computers: Great At Looping
Humans
 Every time we build a new computer we build the same 10 problems
 Determinism, Reliable, Available, Communication, Security, Distributed, Fault
Tolerant, Scalable, Isolation, Identity
 New computer  new side effects  new security issues
Comp Dete
r
Relia
b
Avali Com Sec Dist FT Scal Isol ID
Main X X X X X
PC X X X
Web X X X X X X
Mobile X X X X X X X X
Cloud X * * X X * * X X
IoT X X X X
DAPP X X X X X X

21. How Cross Org Syncing Is Still
Done
 SFTP TX, Engineering, or Media Files
 BATCH HTTPS pushes which send flat files
 Shipping hard drives and tapes of records
 Manual conflict resolution is still common
 Call up the person and hand edit data merged
 Resolution can take weeks

22. Where can Enterprises use
Blockchain?
 Cross team or cross organization transactions,
auditing, and dispute resolution
 Auditable – Chain keeps audit record of data
and state
 Instant auditability if transactions are properly
synced
 Maintenance records, accounting, etc
 Permissioned – gated by member system
 Privacy – If properly utilized

23. Quorum
 Ethereum based
 Enterprise version of a distributed ledger system
 Sponsored by JPMC Led by Amber Baldet
 Built to provide permissioned system access and TX privacy
 Replaces Proof of Work with Raft nodes based consensus
system with a leader minting new blocks
 Instead of miners doing proof of work
 P2P Network permissioned nodes to participate
 Enables cross organizations
 To access a blockchain and run smart contracts in a
 Permissioned
 Private manner
 Minus all the mining work

24. Quorum
 Permissioned Network
 Whitelist of valid network nodes
 Private Transactions
 Transaction data is replaced with a hash of the
encrypted data
 Encrypted data is encrypted and decrypted via
key management system called Constellation

25. Hyper Ledger Fabric
 IBM Sponsored Project
 Functionally similar to Quorum
 Membership Service gates enrollment
 Ordinal Service organizes the blocks
 Uses voting with Node and Endorsing Peers
 Public and Private chains
 Smart Contracts are called Chain Code

26. Quorum and Hyperledger
 Focused on solving the scalability, privacy, and
isolation issues with current block chain
system
 New blocks ever 50 millisecond vs 7 second to
10 minutes
 Private transaction data
 Private blockchains

27. Where to from here?

28. BLOCKCHAIN, SMART CONTRACTS, AND ICOS:
BUILDING SECURITY INTO THE DECENTRALIZED DIGITAL ECONOMY
Adam Cecchetti
CEO, Deja vu Security
The Realities of Enterprise Blockchain
dejavusecurity.com

29. BLOCKCHAIN, SMART CONTRACTS, AND ICOS:
BUILDING SECURITY INTO THE DECENTRALIZED DIGITAL ECONOMY
dejavusecurity.com
IN PARTNERSHIP WITH: