Bitcoin’s blockchain can be loaded with sensitive, unlawful or malicious data, raising potential legal problems in most of the world, according to boffins based in Germany.
In a paper [PDF] presented at the Financial Cryptography and Data Security conference on the Dutch Caribbean island of Curaçao – “A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin” – researchers from RWTH Aachen University and Goethe University identified 1,600 files added to the Bitcoin blockchain, 59 of which include links to unlawful images of child exploitation, politically sensitive content, or privacy violations.
The researchers suggest Bitcoin’s blockchain can also be loaded with malware, something Interpol warned about three years ago but has not yet been documented in the wild.
“Despite potential benefits of data in the blockchain, insertion of objectionable content can put all participants of the Bitcoin network at risk, as such unwanted content is unchangeable and locally replicated by each peer of the Bitcoin network as benign data,” researchers Roman Matzutt, Jens Hiller, Martin Henze, Jan Henrik Ziegeldorf, Dirk Müllmann, Oliver Hohlfeld, and Klaus Wehrle explain.
The Bitcoin blockchain is a distributed ledger or database that contains linked records of all Bitcoin transactions. These records or blocks hold batches of hashed transactions and are linked to preceding blocks by a cryptographic signature. The blocks also allow for additional data, and therein lies the issue.
In an email to The Register, Roman Matzutt, a researcher with RWTH Aachen University and one of the co-authors of the paper, said the problem exists with other blockchains that allow content to be inserted, such as Litecoin and Ethereum.
“We did not yet investigate more privacy-aware blockchain systems such as Monero or the upcoming Mimblewimble,” he said. “Such blockchains need further investigation with respect to how easily identifiers that appear on the blockchain can be manipulated.”
The paper identifies several mechanisms for adding arbitrary data to the Bitcoin blockchain. There’s CryptoGraffiti, a web-based service to read and write data to the blockchain, as well as Satoshi Uploader, P2SH Injectors, and Apertus.
Augmenting transactions in this way allows for additional arguably useful Bitcoin-related services, such as digital notarization and digital rights management. But it also adds the possibility of abuse.
Break the Bitcoin!
At present, few Bitcoin blockchain transactions contain extra data – only 1.4 per cent of the roughly 251 million transactions in Bitcoin’s blockchain, the researchers say – and only a small portion of that fraction are objectionable or illegal.
Nonetheless, the presence of even a small amount illegal or objectionable content could pose problems for participants.
“Since all blockchain data is downloaded and persistently stored by users, they are liable for any objectionable content added to the blockchain by others,” the paper says. “Consequently, it would be illegal to participate in a blockchain-based systems as soon as it contains illegal content.”
The researchers acknowledge that there haven’t yet been definitive court rulings on this specific issue but insist “However, considering legal texts we anticipate a high potential for illegal blockchain content to jeopardize blockchain-based system such as Bitcoin in the future,” they state.
Crypto Graphiti anticipates the risk posed by objectionable content in policy statement for those who attempting to post data to the Bitcoin blockchain: “By using this service you agree not to save anything illegal on the blockchain. In case of abuse we may report your IP address to the police.”
That’s not necessarily much of a deterrent. While adding something like “Remember Tiananmen Square” or a picture of the Dalai Lama to the blockchain wouldn’t be an issue in the US, it could cause Chinese authorities to take steps to prevent that content from being redistributed through Bitcoin nodes in China.
Adrian Colyer, a partner with VC firm Accel in London who wrote a blog post about the paper, suggests the ability to add arbitrary data to Bitcoin’s blockchain could be used as a pretense for governments to harass political foes operating Bitcoin nodes.
“If a government wanted to clamp down on a given blockchain, all it has to do is anonymously post a transaction containing illegal or objectionable data, wait for it to propagate to all the miners in the country, and then go after them for possession,” he mused.
Matzutt confirmed that an individual could “poison” the blockchain by inserting a politically contentious image….