Risks and Technical Debt

On this page, you will learn about:

  1. Technical risks and known technical debt

Risks and Technical Debt

  1. Known technical risks or technical debt. What potential problems exist within or around the system? What does the development team feel miserable about?

  2. Need for better SPV client support

    1. Flyclient

  3. Heavy concentration of microprocessor manufacturing leaves users few options in the event processor-level/firmware level vulnerabilities exist

  4. Hardware wallets are not safe

  5. Keychain does not use hardware HSM yet

  6. Elliptic curve parameters of NIST where chosen without public involvement

  7. Elliptic curves structure is complex and unknown to the common developer (including developers of Keychain)

  8. Mining concentration

  9. 51% attacks

  10. Blockchain forks

  11. Privacy

    1. Monitoring by ISPs to correlate which PKI transactions belong to a given participant

    2. Traceability of the blockchain

    3. UTXO management is not optimal

      1. Keychain does segmentation

      2. Causes some of the protocol tokens to be locked into a keychain

  12. Users may be compelled by corrupt governments to provide decryption access to data

  13. Malicious users may refuse to give decryption access during matters of public or national security

  14. Blind signatures not implemented yet (Chaum blind sigs)

  15. Double spend protection at DLT level requires tradeoff with privacy

  16. Device must have some level of physical security

  17. Encrypted messages are relatively large when the plaintext is small

  18. Gateway is yet several MBs, thus this functionality is available only on devices that support at least double digit MB of RAM