-Blockchain efficiency: For starters, the efficiency of blockchains themselves may become overloaded with complex consensus mechanisms and invalid data. Most popular consensus mechanism used in blockchain is Proof of Work, which the researchers call a "waste of computing resources. In addition, blockchains will produce a lot of data -- block information, transaction data, contract bytecode -- that may be outdated and useless. Thus, An efficient data cleanup and detection mechanism is desired to improve the execution efficiency of blockchain systems.
What they call a "waste of computing resources" is what makes blockchains secure in the first place. You want the data to be hard to compute, otherwise it would be easy to manipulate.
You see something similar when hashing user passwords for your database -- using "wasteful", ie. slow hashing algorithms is part of a proper security model, since you don't want an adversary to brute force through your user's passwords all that easily in case of a data breach.
-Private key security: The user's private key is regarded as the identity and security credential when using blockchain. Its generated and maintained by the user instead of third-party agencies. An attacker could "recover the user's private key because it does not generate enough randomness during the signature process. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user's private key is stolen, it is difficult to track the criminal's behaviors and recover the modified blockchain information.
This reads like they are trying to make a case for private key generation through third party agencies. While bad RNGs have proven problematic in the past, you have no guarantuee that a third party would fare any better.
If anything, leaving private key handling and signatures to "trusted institutions" has proven to be a systemic risk time and time again:
http://wiki.cacert.org/Risk/History- Frequent criminal activities with Bitcoin include ransomware, underground markets and money laundering. Through some third-party trading platforms that support Bitcoin, users can buy or sell any product.Since this process is anonymous, it is hard to track user behaviors, let alone subject to legal sanctions.
That one has nothing to do with blockchain security.
-Transaction privacy leakage: Unfortunately, the privacy protection measures in blockchain are not very robust. Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes (e.g.,murder, arson, terrorism, etc.)
Both the privacy aspect and the security of smart contracts is cryptocurrency dependent and can't be generalized.
And which criminal smart contracts are facilitating murder, arson and terrorism? Has the IS been running an ICO that I missed?
This point also seems weirdly at odds with the prior statement. Either "it is hard to track user behaviours" or "the privacy protection measures [...] are not very robust". It can't be both.
Got a link to the paper? I assume there is more depth to their line of argument. Right now it seems rather shallow.