Top

Published in:

2018 | OriginalPaper | Chapter

A Security Analysis of FirstCoin

Authors : Alexander Marsalek, Christian Kollmann, Thomas Zefferer

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Supported by the current hype on Bitcoin, the number of available cryptocurrencies has steadily increased over the past years. Currently, relevant portals list more than 1.500 cryptocurrencies. Many of them slightly deviate from approved and tested technical concepts and realize security-related functionality in different ways. While the security of major cryptocurrencies has already been studied in more detail, security properties of less popular cryptocurrencies that deviate from approved technical concepts often remain unclear. This is a problem, as users run the risk of losing invested money in case the respective cryptocurrency is unable to provide sufficient security. In this paper, we underpin this statement by means of a detailed analysis of the cryptocurrency FirstCoin. We identify and discuss vulnerabilities of FirstCoin, which lead to a low network hash rate and allow for 51% attacks. We propose a double-spending attack that exploits these vulnerabilities and demonstrate the proposed attack’s feasibility by running it in an isolated evaluation environment. This way, we show FirstCoin to be insecure and provide a real-world example that underpins the general problem of cryptocurrencies deviating from approved security concepts and relying on weak security designs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Attacking RO-PUFs with Enhanced Challenge-Response Pairs

next chapter PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces

Available at http://www.firstcoinproject.com/ and https://github.com/firstcoinofficial.

Litecoin also aims at a different block interval and limits the supply to 84 million coins amongst other differences.

FirstCoin’s blockchain starts from a different first block (called the genesis block) as Litecoin and is therefore completely disjunct.

One Satoshi is a one hundred millionth of a single FirstCoin (0.00000001 FRST), the smallest representable unit in FirstCoin.

The first block is called genesis block.

Instead of TX’ we could also give the proxy access to our wallet. This would allow the proxy to create TX’ on its own. However, for this to work we would have to verify if all necessary RPC calls are implemented and work correctly. Creating TX’ with a second wallet that is taken offline before creating TX appeared to be more elegant.

We did not manage to get a modern graphic card.

BitcoinExchangeGuide.com: 2017 – the year cryptocurrency became more than bitcoin, 23 December 2017. https://bitcoinexchangeguide.com/bitcoin-cryptocurrency-2017-review/. Accessed 23 Dec 2017

Damti, I.: 2017 will be remembered as the year of bitcoin, 25 October 2017. https://www.forbes.com/sites/outofasia/2017/10/25/bitcoins-ipo-moment-has-arrived/. Accessed 25 Oct 2017

Bonpay: Looking back: 2017 – the year of cryptocurrency, 29 December 2017. https://medium.com/@bonpay/looking-back-2017-the-year-of-cryptocurrency-e9aa00414a2f. Accessed 29 Dec 2017

Robertson, A.: 2017 is the year cryptocurrency joined the global financial system, 29 November 2017. https://www.theverge.com/2017/11/29/16711304/bitcoin-price-10000-cryptocurrency-regulation-finance. Accessed 29 Nov 2017

CoinMarketCap: Cryptocurrency market capitalizations, 15 March 2018. https://coinmarketcap.com/. Accessed 15 Mar 2018

Hern, A.: Bitcoin and cryptocurrencies - what digital money really means for our future, 29 January 2018. https://www.theguardian.com/technology/2018/jan/29/cryptocurrencies-bitcoin-blockchain-what-they-really-mean-for-our-future. Accessed 29 Jan 2018

Bitcoinwiki: Comparison of cryptocurrencies. https://en.bitcoin.it/wiki/Comparison_of_cryptocurrencies. Accessed 12 Jan 2018

Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 3–16 (2016). https://doi.org/10.1145/2976749.2978341, ISSN 15437221

Bartoletti, M., Pompianu, L.: An empirical analysis of smart contracts: platforms, applications, and design patterns. In: Brenner, M. (ed.) FC 2017. LNCS, vol. 10323, pp. 494–509. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_31. arXiv:1703.06322CrossRef

10.

Armknecht, F., Karame, G.O., Mandal, A., Youssef, F., Zenner, E.: Ripple: overview and outlook. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 163–180. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_10. arXiv:1506.07739v2CrossRef

11.

Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Research perspectives and challenges for bitcoin and cryptocurrencies. In: IEEE Symposium on Security and Privacy, pp. 104–121 (2015). https://doi.org/10.1109/SP.2015.14. ISSN 1081-6011

12.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, p. 9 (2008). https://doi.org/10.1007/s10838-008-9062-0. ISSN 09254560. arXiv:43543534534v343453. https://bitcoin.org/bitcoin.pdf

13.

Rosenfeld, M.: Analysis of hashrate-based double spending, pp. 1–13 (2014). arXiv:1402.2009

14.

Pinzón, C., Rocha, C.: Double-spend attack models with time advantage for bitcoin. Electron. Notes Theoret. Comput. Sci. 329, 79–103 (2016). https://doi.org/10.1016/j.entcs.2016.12.006. ISSN 15710661CrossRef

15.

Karame, G.O., Roeschlin, M., Gervais, A., Capkun, S., Androulaki, E., Capkun, S.: Misbehavior in bitcoin: a study of double-spending and accountability. ACM Trans. Inf. Syst. Secur. TISSEC 18(1), 2 (2015). https://doi.org/10.1145/2732196. ISSN 1094-9224CrossRef

16.

Carlsten, M., Kalodner, H., Weinberg, S.M., Narayanan, A.: On the instability of bitcoin without the block reward. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 154–167 (2016). https://doi.org/10.1145/2976749.2978408, ISSN 15437221

17.

Lee, C.: Litecoin (2011). https://litecoin.org/

18.

Bitcoinwiki: Block timestamp, 1 June 2016. https://en.bitcoin.it/wiki/Block_timestamp. Accessed 01 June 2016

19.

Bitcoinwiki: Protocol rules, 25 August 2017. https://en.bitcoin.it/wiki/Protocol_rules. Accessed 25 Aug 2017

Title: A Security Analysis of FirstCoin
Authors: Alexander Marsalek
Christian Kollmann
Thomas Zefferer
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-319-99827-5

Electronic ISBN: 978-3-319-99828-2

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-99828-2_10

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner