Blockchain/ Distributed Ledger

Expand all | Collapse all

STICKY: Getting involved in the DLT Security Framework

  • 1.  STICKY: Getting involved in the DLT Security Framework

    Posted Jul 02, 2020 09:12:00 PM
    Edited by Kurt Seifried Feb 11, 2021 09:38:55 AM
    For high level discussion of the DLT Security Framework:
    please use Circle ( and go to the Blockchain group (you'll need to be logged in) at Blockchain/ Distributed Ledger Discussion.

    What subgroups are available?
    For a current list of groups please see the "Listing of DLT-Security-Framework sub groups and tags" posting.

    To signup for a specific subgroup(s):
    Please use the google form at Blockchain / Distributed Ledger Technologies Working Group Sign up form and we'll get you added to the mailing list for the subgroup(s) you are interested in. 

    If you don't see a subgroup that you are interested in:
    Suggestions for new working groups and discussion of existing working groups:
    Please log into Circle ( and go to the Blockchain group:
    See if anyone has started a discussion proposing a sub working group, if not please start a discussion about it, and use the tag "DLTSF-SUBGROUP" (for a full list of tags we're using please see the "Listing of DLT-Security-Framework sub groups and tags" posting). 

    Work currently in progress:
    We have a number of projects in progress, see below:

    The initial security checklist:
    Please feel free to add items, we will be tidying it up and merging/splitting/updating items as needed but we definitely want to capture all facets of DLT and Blockchain security checklists.
    The provisional Table of Contents:
    The provisional Table of Contents and major areas of interest is available at:
    Again please feel free to suggest new areas/update existing ones, we definitely want to capture all facets of DLT and Blockchain security and get a solid map of the environment.

    Getting started on GitHub:
    To get started on GitHub please email Kurt Seifried ( your GitHub nickname. 

    Resources in GitHub:
    The git repository for documentation is available at:
    Please note we will be setting up additional repositories for code and software as they are needed. Currently there are three files of special interest:
    • DLT-Attacks-and-Weaknesses-Enumeration.csv
      • This is a list of 180+ attacks, it needs a lot of work (additional details, splitting and merging of various attacks, etc.). 
    • DLT-Security-Incidents.csv
      • This is a list of various DLT security incidents, attacks, vulnerabilities, news items, CVEs, etc. Please feel free to suggest additional items as you run across them.
    • DLT-Security-Resources.csv
      • This is a list of the good papers/sites/questions/etc related to DLT and blockchain, please feel free to add item.
    If you have any questions please feel free to ask on Circle or reach out to me via email.

    Kurt Seifried
    Chief Blockchain Officer and Director of Special Projects
    Cloud Security Alliance
    [email protected]

  • 2.  RE: STICKY: Getting involved in the DLT Security Framework

    Posted Jul 15, 2020 03:43:00 PM
    Hi, Kurt and Hillary:
    I would like to help to lead or co-leader the following groups if needed.
    1: Exchange: 
    We can initially focus on the following areas
    1): Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions, etc)
    2): Best Practices and security procedures for exchanges. 
    3): Testing and security checklist for implementing and operating exchanges. 
    4): The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well-known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty but will gain the momentum on both usage and security incidents). 
    2: Cryptography: 
    we can influentially focus on various aspects of zero knowledge such as ZK-Snark, ZK-Stark,Halo, etc.
    We can also look into Homomorphic encryption and secure multiple part computation.
    3: Consensus: 
    We can exam various consensus algorithms and their liveliness and security properties.
    Let me know if you have any questions.
    Here is my short bio:
    Chief Author of the book entitled <<Blockchain Security Technical Controls>> in Chinese, published 2018 by a Chinese prestigious scientific book publisher <<Machinery Industry Press>>. Book is available at Amazon:
    Chair, Blockchain Security Working Group at CSA GCR Chapter
    Strong Experience in various security aspects of Blockchain Security
    Previously ApplicationSecurity Practise Leader at CGI Federal
    Experience in meeting compliance requirements with security standards such as FIPS 199, NIST 800-37 (Risk Management Framework) , NIST 800-53/53A (Security Controls for Federal IS), NIST 800-60, (Guide for Mapping Information Systems to Security Categories), Health Insurance Portability and Accountability Act (HIPAA)

    Ken Huang , Chair, Blockchain Security Working Group, CSA GC

  • 3.  RE: STICKY: Getting involved in the DLT Security Framework

    This message was posted by a user wishing to remain anonymous
    Posted Jul 16, 2020 10:27:00 AM
    This post was removed