Risks and Technical Debt

This is the Risks and Technical Debt page

  1. Risks and Technical Debt

  2. Known technical risks or technical debt. What potential problems exist within or around the system? What does the development team feel miserable about?

  3. Need for better SPV client support

    1. Flyclient

  4. Heavy concentration of microprocessor manufacturing leaves users few options in the event processor-level/firmware level vulnerabilities exist

  5. Hardware wallets are not safe

  6. Keychain does not use hardware HSM yet

  7. Elliptic curve parameters of NIST where chosen without public involvement

  8. Elliptic curves structure is complex and unknown to the common developer (including developers of Keychain)

  9. Mining concentration

  10. 51% attacks

  11. Blockchain forks

  12. Privacy

    1. Monitoring by ISPs to correlate which PKI transactions belong to a given participant

    2. Traceability of the blockchain

    3. UTXO management is not optimal

      1. Keychain does segmentation

      2. Causes some of the protocol tokens to be locked into a keychain

  13. Users may be compelled by corrupt governments to provide decryption access to data

  14. Malicious users may refuse to give decryption access during matters of public or national security

  15. Blind signatures not implemented yet (Chaum blind sigs)

  16. Double spend protection at DLT level requires tradeoff with privacy

  17. Device must have some level of physical security

  18. Encrypted messages are relatively large when the plaintext is small

  19. Gateway is yet several MBs, thus this functionality is available only on devices that support at least double digit MB of RAM