Skip to main content

Particl’s Security Prevents Meltdown / Spectre From Affecting Proof-of-Stake Blockchain


Earlier this year, nearly every device with an Intel CPU was affected by the Meltdown and Spectre vulnerabilities. The two vulnerabilities allowed hackers and malicious actors to steal passwords and sensitive information from devices, by accessing the memory and secrets of programs on the operating system of devices.

Meltdown, easier to exploit than Spectre, breaks the basic isolation between user applications and the operating system of devices, leaving memory and private data vulnerable to attacks. Spectre, more difficult to exploit but also harder to detect, allows malicious actors to trick error-free programs to leak secrets, leading sensitive data to be released.

In January, Oleg Andreev, the protocol architect at blockchain company Chain, stated that proof-of-stake (PoS) is an "incompetent" idea because when major vulnerabilities like Meltdown and Spectre are exploited, private keys stored locally in memory are retrievable. When private keys are lost, attackers can easily reallocate massive amounts of funds, getting ahold of the stake and obtaining the ability to attack the PoS blockchain.

"Meltdown/Spectre is why Proof-of-Stake is an incompetent idea: PoS authors ask for an unforgivable amount of money to sit in the online wallets that actively generate signatures," said Andreev.

Last month, almost immediately after Meltdown / Spectre were discovered and utilized to exploit devices, Particl introduced its Cold Staking safeguards, that prevent locally stored private keys of being vulnerable to attacks.

"Particl Cold Staking safeguards your wallet's private keys, and thus your PART, by using a script (contract) between an online staking node and an offline wallet. Both wallets have unique private keys, meaning that if/when the online staking node is exploited by Meltdown/Spectre with a memory leak only the private keys of the node are stolen. If setup properly, the staking node should have 0 PART — thereby eliminating the threat of theft and protecting the PART in your wallet kept offline and secure," explained the Particl development team.

If Particl Cold Staking safeguards are activated and integrated, even when Meltdown / Spectre exploits successfully leave the operating system of devices vulnerable to attacks and the private key from memory is obtained, attackers cannot steal or reallocate funds because staking nodes carry a 0 PART balance. Which means, even if hackers gain access to the locally stored private keys, funds cannot be stolen and remain safe.

"If the Meltdown/Spectre exploit is used on a machine running a Particl Staking Node an attacker could retrieve the private key from memory but it would be of no use since staking nodes typically carry a 0 PART balance," the Particl development team added.

The Particl Cold Staking also prevents quantum computer attacks, disallowing attackers with a quantum computer to obtain a private key from a public key, due to the integration of multiple quantum-resistant one-way hash functions.

Conclusively, the security in Particl prevent two major attacks in Meltdown / Spectre and quantum computer attacks from affecting a PoS blockchain.

Comments

Post a Comment

Popular posts from this blog

What is iDice?

iDice is a dice betting Dapp fueled by the use of the Ethereum organize. eg. iDice lets in players do several things and having such an innovative new token on the ETHEREUM Platform, we had to write an article about this new project. Guess on the space by the use of keeping up iDice tokens and best of all 100% of all benefit iDice acquires is dispersed among token holders, related to the amount of tokens they dangle. iDice amusement code is decentralized and changeless. Such gigantic building fees highlight a rising requirement for experienced, fair and cast Dapps. iDice iDice is an control which gives a provably affordable and simple, virtual Ethereum dice betting Dapp. The house edge will be set intensely and token holders have an atypical esteem that is dependably equiva- loaned to the house edge. iDice has a fully simple provide code accessible at etherscan.io. The payout of recreations is many times speedy. Provably Fair iDice uses open provide blockchain...
Post a Comment
Read more

DENT: THE World First Tokenizing Portable Information Trade

You may be confused on all the exciting Ethereum projects, but therefore i make sure to follow allof them and choose the best for you. If you want to read about a more interesting project, then DENT is the way to go. I will be able to advice on a few tokens that can be bought out there which clearly we likewise might occu : Estimated token incentive on ETH presented within the token deal: 152,000 ETH (Relying on sorts via crowdsale) 100 Billion (100,000,000,000) the amount of DENT Tokens made, of which 70% is bought on token deal, a minimum of 35% can be stored for customers with littler spending plans. For the ones of you who're eager about ico smartcontract prolong that we regularly listen in non-obligatory cryptographic cash or altcoin without a doubt no longer outdoor to the workings of undertakings like this. Evaluated swapping scale: 1 ETH = 400,000 DENT 30% will keep on DENT Wi-fi for DENT shopper motivating forces and compensations Bills may well be made via ETH...
Post a Comment
Read more

Fake Libra scams pose new challenge for Facebook

Almost a year after Facebook's Libra was first announced, the outlook for the stablecoin looks starkly different. Once hailed as a game-changer for digital currency, the project has been beset by delays and regulatory difficulties. Now, fake Libra scams are presenting an increasingly pressing new challenge for Libra and Facebook, with a proliferation of websites claiming to offer investment schemes denominated in fake Libra tokens. Dante Disparte, Deputy Chairman and Head of Policy and Communications for The Libra Association, said the organization was now constantly working to suppress fake Libra scams: "As we become aware of these sites, we work diligently to address them. We respond to inquiries concerning the validity of these pages, indicating that the only official website is Libra.org." "We are still in the early stages of this project and work to address issues like these as they arise," Disparte told Finance Magnates, urging people to report the scams. ...
Post a Comment
Read more