decentralization
The world needs to look for a decentralized solution for safe data storage and management. Pixabay

The start of 2018 brought the news of two major computing vulnerabilities that affect the vast majority of devices on earth. These include smartphones, tablets, laptops, desktops, and most ominously, servers. These vulnerability nightmares also expose the truth that the world’s computing policy needs to be urgently and radically transformed. The world needs to look for a decentralized solution for safe data storage and management.

The weaknesses, respectively named “Meltdown” and “Spectre,” have existed for decades and stem from fundamental flaws in the standard design of central processing units (CPUs). These weaknesses, which had until this point escaped detection, now threaten the security and integrity of potentially almost all the data in the world.

Meltdown and Spectre exacerbate the existing weaknesses of centralized computing as a means of storing and managing data, whether on a single machine or in the cloud. Since both flaws exist in the hardware itself — in the physical devices people use to connect to the internet and share information — storing data offline or in secured folders no longer offers any protection. The root cause of the weaknesses is a concept called speculative execution, whereby the CPU preemptively executes instructions that it anticipates ahead of time. This maximizes performance and quickens processing times, but it can also inadvertently reveal sensitive information. Essentially, Meltdown and Spectre can allow a piece of software on the computer to read, steal and exploit information belonging to another piece of software on the same computer.

Obviously, this is a terrifying prospect. A malicious website exploiting these vulnerabilities can, for example, steal the private keys to a Bitcoin wallet stored offline on a desktop computer, which was previously considered impossible. C loud computing presents an even more alarming example. It is common for multiple websites to share a cluster of computers, known as servers, that stores their information in the cloud. As long as the various website entities were properly siloed from one another, one website was prevented from seeing private user data associated with another site running on the same server. Meltdown and Spectre have now made this possible, putting passwords, credit card details, Social Security numbers and other personal information worldwide at a huge risk.

What does this mean for the general public? It means that individual computers are now just as untrustworthy as the networks they run on. Now that Meltdown and Spectre are known to the world, there is a high risk that any data can be compromised, even that data protected by the most bulletproof cloud software. Because the flaws exist in the hardware itself, the only proper resolution would require a total replacement of all existing computing devices. This is plainly unfeasible. According to industry experts, it will take decades for CPUs to be properly redesigned to resolve these issues and replaced.

What should the world do to protect itself in the meantime? The answer is decentralization. This is a form of “trustless” computing that assumes from the start that no single machine can be relied upon, instead spreading information out across many different computers or “nodes.” In this framework, even though each individual entity has the potential to be compromised, the decentralized collective will always perform the work safely and correctly. Bitcoin, Ethereum, and blockchain technology in general offer notable examples of decentralized computing.

Decentralization achieves two goals. First, no single machine is making all the decisions, so no single machine can unilaterally make bad decisions that affect individual users. The many distributed nodes collectively make the decisions through consensus amongst themselves, and hacking all of these disparate computers at the same time is a practical impossibility. Second, data is chopped up and stored across many machines in a non-deterministic way that renders individual pieces of information meaningless. Even if a hacker compromises a particular computer or server, what does he get? Only a tiny fragment of the whole database, equivalent to a single jigsaw from a 500,000-piece puzzle. This information would be effectively useless.

Meltdown and Spectre have demonstrated that individual and cloud-based approaches to computing depend on machines that have now been proven untrustworthy. It is therefore vital that the world immediately look to decentralization as the only bullet-proof policy for secure computing and data management. Otherwise, we are all at grave risk.

Neeraj Murarka is the Chief Technical Officer of Bluzelle, which provides decentralized database services to industries and to blockchain technology companies.