In many economic sectors, great potential is ascribed to blockchain technology and distributed ledger technology (DLT). The cryptocurrency Bitcoin is the most prominent blockchain application, but possible applications of blockchain/DLT are very manifold and diverse. At the moment, blockchain receives strong attention by the media and is intensely discussed by government, business and society. It is still unclear, however, in which fields the blockchain technology and DLT, respectively, may actually be used in a sensible and profitable way and in which fields they will ultimately be used. It can be expected though that in the long term the concept of blockchain will establish itself at least in some applications.

The Federal Office for Information Security (BSI) analyses and assesses the technical and cryptographical underpinnings of blockchain technology in order to evaluate the security of concrete blockchain applications and to make recommendations for the secure use of blockchains.

In May 2019, the BSI published a comprehensive and in-depth analysis of blockchain technology. It focuses on IT security properties, but also considers further implications of the basic technical design, e.g. on efficiency or compliance with requirements from data protection, the potential to meet expectations with respect to security and the current legal framework. An English translation of the German original text was made available in December 2019.

Towards Secure Blockchains - Concepts, Requirements, Assessments

Recently, more and more large-scale projects have begun to take shape—ranging from cryptocurrencies designed by large private companies to plans for government-issued digital money. Although in many cases final decisions about the technical implementations have not been made, the use of blockchain/DLT is often discussed as an option. Since the topic of DLT-based cryptocurrencies is currently intensely discussed, the following guideline presents an explicit summary of those aspects that have been identified as most significant for their IT security.

Towards Secure Blockchains - A brief guideline on DLT-based cryptocurrencies

Another currently discussed field of application of blockchain/DLT is the implementation of self-sovereign identities (SSI) in the context of the digitisation of processes in administration, industry and economy. With SSI, identity data remain under the users' control, who can decide on a case-by-case basis which information they want to disclose and to whom. This contrasts with centralised login services that are used for authenticating to several applications and sometimes store extensive user profiles. SSI is said to have the potential to satisfy the wish of a maximum possible data sovereignty.

In the following guideline from 2021, the BSI presents a brief overview over the IT security requirements for SSI, in particular when using SSI together with blockchain/DLT. These requirements include the careful choice of the technology, general security considerations, the authentication of all participating parties on an appropriate level of assurance, and the secure implementation of the data registry and the wallet applications.

A brief guideline on self-sovereign identities

Older BSI publications:

• A list of key points published in February 2018 concisely presents the BSI’s position (written in German) Blockchain sicher gestalten – Eckpunkte des BSI
• <kes> 2018#3: "Sicherheit der Blockchain-Technologie" (written in German) BSI-Forum in der <kes> Ausgabe 3/2018
• BSI Magazine edition 2018/01: "Blockchains in use – Appropriate Application Models for Suitable Security Goals" Security in focus - BSI Magazine 2018/01
• BSI Magazine edition 2017/02: "Potentials and challenges of blockchain technology" Security in focus - BSI Magazine 2017/02

Opinions, comments and suggestions concerning the publications may be sent to the BSI via e-mail at blockchain@bsi.bund.de.