Chapter 1 Introduction to Blockchain Security 1The Goals of Blockchain Technology 2Anonymity 2Decentralization 2Fault Tolerance 2Immutability 3Transparency 3Trustless 3Structure of the Blockchain 3The Blockchain Network 5The Blockchain Node 5A Blockchain Block 6A Blockchain Transaction 7Inside the Blockchain Ecosystem 8Fundamentals 8Primitives 9Data Structures 9Protocols 9Consensus 9Block Creation 10Infrastructure 10Nodes 10Network 11Advanced 11Smart Contracts 11Extensions 11Threat Modeling for the Blockchain 12Threat Modeling with STRIDE 12Spoofing 12Tampering 12Repudiation 13Information Disclosure 13Denial of Service 13Elevation of Privilege 13Applying STRIDE to Blockchain 14Conclusion 14Chapter 2 Fundamentals 15Cryptographic Primitives 15Public Key Cryptography 16Introducing "Hard" Mathematical Problems 16Building Cryptography with "Hard" Problems 18How the Blockchain Uses Public Key Cryptography 19Security Assumptions of Public Key Cryptography 20Attacking Public Key Cryptography 20Hash Functions 25Security Assumptions of Hash Functions 25Additional Security Requirements 27How the Blockchain Uses Hash Functions 28Attacking Hash Functions 31Threat Modeling for Cryptographic Algorithms 32Data Structures 33Transactions 33What's In a Transaction? 33Inside the Life Cycle of a Transaction 34Attacking Transactions 34Blocks 37Inside a Block 37Attacking Blockchain Blocks 38Threat Modeling for Data Structures 39Conclusion 39Chapter 3 Protocols 43Consensus 43Key Concepts in Blockchain Consensus 44Byzantine Generals Problem 44Security via Scarcity 45The Longest Chain Rule 46Proof of Work 46Introduction to Proof of Work 47Security of Proof of Work 48Proof of Stake 53Introduction to Proof of Stake 53Variants of Proof of Stake 54Security of Proof of Stake 54Threat Modeling for Consensus 59Block Creation 59Stages of Block Creation 60Transaction Transmission 60Block Creator Selection (Consensus) 60Block Building 61Block Transmission 61Block Validation 61Attacking Block Creation 62Denial of Service 62Frontrunning 63SPV Mining 65Threat Modeling for Block Creation 65Conclusion 65Chapter 4 Infrastructure 67Nodes 67Inside a Blockchain Node 68Attacking Blockchain Nodes 68Blockchain- Specific Malware 69Denial-of-Service Attacks 70Failure to Update 71Malicious Inputs 72Software Misconfigurations 73Threat Modeling for Blockchain Nodes 74Networks 74Attacking the Blockchain Network 75Denial-of-service Attacks 75Eclipse/Routing Attacks 76Sybil Attacks 78Threat Modeling for Blockchain Networks 80Conclusion 80Chapter 5 Advanced 83Smart Contracts 83Smart Contract Vulnerabilities 84General Programming Vulnerabilities 85Blockchain- Specific Vulnerabilities 94Platform-Specific Vulnerabilities 103Application- Specific Vulnerabilities 119Threat Modeling for Smart Contracts 128Blockchain Extensions 128State Channels 129State Channel Security Considerations 129Sidechains 130Sidechain Security Considerations 131Threat Modeling for Blockchain Extensions 132Conclusion 133Chapter 6 Considerations for Secure Blockchain Design 137Blockchain Type 137Public vs. Private 138Benefits of Public vs. Private Blockchains 138Open vs. Permissioned 139Benefits of Open vs. Permissioned Blockchains 139Choosing a Blockchain Architecture 140Privacy and Security Enhancements 140Zero-Knowledge Proofs 140Stealth Addresses 141Ring Signatures 141Legal and Regulatory Compliance 142Designing Secure Blockchains for the Future 143Index 145

HOWARD E. POSTON III is an independent blockchain consultant, educator, and content creator who has developed and taught over a dozen courses covering cybersecurity topics. He holds a master's degree in Cybersecurity from the Air Force Institute of Technology and is a Certified Ethical Hacker. He has developed and facilitated blockchain security courses for major companies.