January 15, 2018 at 12:53What threatens blockchain networks: consider attacks and methods of protection
Any network can be attacked, and blockchain is no exception. However, threats to distributed registries differ from threats to conventional computer networks: in most cases, attackers try to manipulate the process of consensus building in order to change the information entered into the registry.
In this article, we will analyze the main threats to blockchains with a mechanism for achieving PoW consensus and how they are prevented. / image Peter Shanks CC To understand how attackers can influence systems with the principle of Proof-of-Work protection (for example, Bitcoin), we first need to see how the network provides data immutability. Although there are many participants in the blockchain (the number of nodes in bitcoin is
about 11 thousand), new blocks with transactions are added one at a time. To secure a block in a chain, miners solve a computationally complex problem. The one who finds the answer first gets the right to add information about user transactions to the blockchain. Miners act in their own interests, because for each decided block they receive a reward (today in Bitcoin it is 12.5 coins).
The computational task being solved is not just complex, its answer must satisfy certain conditions, for example, it is necessaryso that the generated hash is less than a specific target. Therefore, it is extremely unlikely that two miners will find a solution to the block at the same time. But such a situation is possible. In this case, both network participants send their blocks to the blockchain, and the chain bifurcates - a fork occurs.
Further, the community continues to mine and add new information to the blockchain. Each subsequent miner associates the block with the chain, which, in his opinion, will be considered the main one. Over time, it becomes clear which chain the community considered valid — it is chosen as a consensus.
Subsequently, small forks are forgotten and ignored, and any information added to them is subject to re-processing. Moreover, if a miner adds a new block to an inactive chain, he does not receive rewards for his decision. Therefore, most miners ignore forks in the registry and support the longest of the chains.
This leads us to a “ 51% attack ”. If one (or several) network participants receives the majority of the “votes”, they will be able to control consensus and include only their data in the blockchain. However, even with a gain of one percent over the other half of the community, it is very difficult to change already recorded information. An attacker can only finish building blocks to the branches he needs. Note that an attack can also be implemented at lower capacities (<50%), although the probability of success in this case is sharply reduced.
Such conditions allow an attacker toanother attack known as Double-spending: spend more money than he actually has. To do this, he creates several transactions using the same coins. In theory, the network will consider the extra transactions incorrect and reject them: miners simply will not include them in the block.
Nevertheless, if an attacker gets the opportunity to place a block, then he can include information with double-spending on his own. In this case, honest miners will branch out the blockchain and begin to build a parallel valid branch, ignoring the attacker's block. However, if the latter has 51% of the computing power at his disposal, he will be able to influence the consensus and build his own chain with “incorrect” transactions, which will be considered “true”.
History remembers several such cases. For example, blockchains based on Ethereum Krypton and Shift were the victims of 51% attacks in August 2016. Then the attackers managed to steal coins through double-spending. After that, project developers introduced additional security systems, for example, in Krypton, they increased the number of confirmations required to approve a transaction to one thousand.
A similar approach is used in the Bitcoin blockchain: a block is not considered valid until five or more blocks confirming recorded transactions are “hooked” on it.
Another example: the mining pool ghash.io in 2014 exceeded51% of the processing power of a bitcoin network is due to its popularity. But then the community and the management of the site decided to voluntarily reduce their share in the network and not exceed the threshold value of 39.99% in the future.
Without such resources, a double-spending attack is unlikely. It should be borne in mind that even if it is successfully completed, the benefit may be negligible. Most often, it is much more profitable to engage in honest mining: on a reward for solving a block and commissions, a network member can earn more.
Reward for mining is one of the constraining factors for attackers. In addition to it, fraud limits the orientation of miners to long-term benefits (to ruin the ecosystem for short-term profit, which would be difficult or impossible to cash out, is simply not profitable).
Back in 2015, we wrote that the commission on transactions will remain the main guarantor of ensuring the security of the Bitcoin blockchain. Today the situation remains the same - cryptoeconomics in permissionless blockchains continues to play a very important role. In bitcoin, since emissions are limited, increasing the total transaction fee seems to be the only possible way to maintain the motivation of miners (and at the same time the security of the system).
This growth can be achieved both by increasing the number of transactions, and by increasing the commission for a single transaction. It should be borne in mind that permissionless blockchain capacity bandwidth is limited enough to keep the blockchain network decentralized (the more nodes in the network, the lower its bandwidth, since each node must process all transactions). Therefore, if you increase the throughput to hundreds of transactions per second, then only nodes belonging to large companies will remain in the network.
According to a joint studySwiss Higher Technical School of Zurich and NEC Laboratories, the upper limit is several tens of transactions per second. In addition, in Bitcoin, the issue of increasing the potential throughput (by increasing the maximum block size) is highly politicized.
All this, again, brings us back to the importance of transaction fees. There are suggestions that in the future, the bitcoin blockchain will begin to be used as an arbitrage tool for exclusive blockchains and sidechains and will form the base layer for the next generation financial system. In this case, the transaction fee can be further increased due to the growing interest in the blockchain ecosystem in order to keep the reliability level high.
The attack got its name from a clinical case describing a woman with dissociative personality disorder. By analogy with this case, the attack of Sibylla implies a situation where one node in the network acquires several entities.
The attack of Sibylla was first described by Microsoft researcher John Douceur. It is based on the fact that the network cannot reliably distinguish between physical machines. Taken efforts to develop mechanisms for establishing the identity of computers: by means of the certification software, IP-addresses, usernames and passwords, but they have not given effect. Friends can transfer account information to each other, and some services provide one IP address for all their users.
The harm from Sybil's attack manifests itself in different ways. For example, it falsifies online polls or spins Google Page Rank.
In the case of blockchain solutions, an attacker may try to fill the network with clients controlled by him. This allows you to "crank" the following schemes:
In centralized solutions, Sybil attacks are usually eliminated using a set of heuristic rules. For example, a system may require that only a limited number of accounts be created from a single IP address in the allotted time period.
Another option is to contact a trusted certification center that will verify network users. However, this approach does not give 100% of the result and requires a large amount of network resources. Another option is resource assessment. In this case, the system evaluates the storage size, network bandwidth, and other parameters of the host and determines whether the collected data belongs to individual computers or to one attacking computer with many "personalities".
In the Bitcoin blockchain, Sybil attacks are eliminated by presenting requirements for block generation. The consensus of Nakamoto is that the ability to generate blocks should be proportional to the computing power of the PoW mechanism. This provides reliable cryptographic protection against Sybil attacks, because an attacker can only create a limited number of blocks. It turns out that the fraudster needs to have real computing power that cannot be faked, which makes such an attack unprofitable.
/ image Anders Lindman PD
DDoS is another type of hacker attack whose idea is to forward a large number of similar requests. Bitcoin has built-in protection against denial of service attacks. For example, the block size is limited to 1 MB in order to complicate the clogging of memory pools of full nodes, and the size of each script does not exceed 10 thousand bytes. Also limited is the number of signature checks that a block can request (20 thousand), and the number of multi-signatures (maximum 20 keys).
At the same time, Bitcoin clients block all suspicious nodes and transactions. For example, in the latest version of the Bitcoin client Satoshi added a function for registering non-standard transactions (more than 100 kilobytes). Also, when processing transactions, the client checksthat all exits are "not spent".
It is believed that quantum computers in the future will surpass classical systems in power. But, as says an expert on quantum computing from Google, John Martinis (John Martinis), humanity will take another ten years to create such a computer. However, this fact still causes concern in the crypto community.
The performance of quantum systems in a certain range of tasks is higher than that of classical computers. For example, a D-Wave system using quantum annealing is 100 million times faster than conventional computers.
One of the tasks that must be taken into account in this regard is the problem of factorization. Quantum algorithms , such as the Shore algorithm, in theory, they can break RSA encryption and, as a result, digital signatures used in bitcoin networks.
Therefore, solutions are already being developed today, the purpose of which is to help crypto projects withstand the onslaught of quantum machines.
For example, the US National Security Agency in 2015 announced the development of quantum-proof cryptographic systems. Cryptographers from other offices also work in this direction, for example, the Quantum Resistant Ledger team creates a blockchain system that is resistant to "quantum attacks."
Team worksover cryptographic algorithms based on hash functions. In this case, private keys are generated on the basis of public keys using complex cryptographic structures based on hash functions. Specialists seek to move away from the use of factorization of primes for this task. Thus, a more complex and stable connection appears between the keys , which is less vulnerable to the Shore algorithm.
We have yet to see how successful these initiatives will be in the future. But potentially the transition to such solutions will eliminate the problem of the "quantum" threat and strengthen the entire digital ecosystem as a whole.
On the other side of the question - from which cyber threats the blockchain protects - we wrote in one of our past materials:
PS We also prepared digests on the topic of blockchain technologies, which you will find on our Facebook page:
In this article, we will analyze the main threats to blockchains with a mechanism for achieving PoW consensus and how they are prevented. / image Peter Shanks CC To understand how attackers can influence systems with the principle of Proof-of-Work protection (for example, Bitcoin), we first need to see how the network provides data immutability. Although there are many participants in the blockchain (the number of nodes in bitcoin is
about 11 thousand), new blocks with transactions are added one at a time. To secure a block in a chain, miners solve a computationally complex problem. The one who finds the answer first gets the right to add information about user transactions to the blockchain. Miners act in their own interests, because for each decided block they receive a reward (today in Bitcoin it is 12.5 coins).
The computational task being solved is not just complex, its answer must satisfy certain conditions, for example, it is necessaryso that the generated hash is less than a specific target. Therefore, it is extremely unlikely that two miners will find a solution to the block at the same time. But such a situation is possible. In this case, both network participants send their blocks to the blockchain, and the chain bifurcates - a fork occurs.
Further, the community continues to mine and add new information to the blockchain. Each subsequent miner associates the block with the chain, which, in his opinion, will be considered the main one. Over time, it becomes clear which chain the community considered valid — it is chosen as a consensus.
Subsequently, small forks are forgotten and ignored, and any information added to them is subject to re-processing. Moreover, if a miner adds a new block to an inactive chain, he does not receive rewards for his decision. Therefore, most miners ignore forks in the registry and support the longest of the chains.
51% Attack and Double-spending
This leads us to a “ 51% attack ”. If one (or several) network participants receives the majority of the “votes”, they will be able to control consensus and include only their data in the blockchain. However, even with a gain of one percent over the other half of the community, it is very difficult to change already recorded information. An attacker can only finish building blocks to the branches he needs. Note that an attack can also be implemented at lower capacities (<50%), although the probability of success in this case is sharply reduced.
Such conditions allow an attacker toanother attack known as Double-spending: spend more money than he actually has. To do this, he creates several transactions using the same coins. In theory, the network will consider the extra transactions incorrect and reject them: miners simply will not include them in the block.
Nevertheless, if an attacker gets the opportunity to place a block, then he can include information with double-spending on his own. In this case, honest miners will branch out the blockchain and begin to build a parallel valid branch, ignoring the attacker's block. However, if the latter has 51% of the computing power at his disposal, he will be able to influence the consensus and build his own chain with “incorrect” transactions, which will be considered “true”.
History remembers several such cases. For example, blockchains based on Ethereum Krypton and Shift were the victims of 51% attacks in August 2016. Then the attackers managed to steal coins through double-spending. After that, project developers introduced additional security systems, for example, in Krypton, they increased the number of confirmations required to approve a transaction to one thousand.
A similar approach is used in the Bitcoin blockchain: a block is not considered valid until five or more blocks confirming recorded transactions are “hooked” on it.
Another example: the mining pool ghash.io in 2014 exceeded51% of the processing power of a bitcoin network is due to its popularity. But then the community and the management of the site decided to voluntarily reduce their share in the network and not exceed the threshold value of 39.99% in the future.
Without such resources, a double-spending attack is unlikely. It should be borne in mind that even if it is successfully completed, the benefit may be negligible. Most often, it is much more profitable to engage in honest mining: on a reward for solving a block and commissions, a network member can earn more.
Reward for mining is one of the constraining factors for attackers. In addition to it, fraud limits the orientation of miners to long-term benefits (to ruin the ecosystem for short-term profit, which would be difficult or impossible to cash out, is simply not profitable).
Back in 2015, we wrote that the commission on transactions will remain the main guarantor of ensuring the security of the Bitcoin blockchain. Today the situation remains the same - cryptoeconomics in permissionless blockchains continues to play a very important role. In bitcoin, since emissions are limited, increasing the total transaction fee seems to be the only possible way to maintain the motivation of miners (and at the same time the security of the system).
This growth can be achieved both by increasing the number of transactions, and by increasing the commission for a single transaction. It should be borne in mind that permissionless blockchain capacity bandwidth is limited enough to keep the blockchain network decentralized (the more nodes in the network, the lower its bandwidth, since each node must process all transactions). Therefore, if you increase the throughput to hundreds of transactions per second, then only nodes belonging to large companies will remain in the network.
According to a joint studySwiss Higher Technical School of Zurich and NEC Laboratories, the upper limit is several tens of transactions per second. In addition, in Bitcoin, the issue of increasing the potential throughput (by increasing the maximum block size) is highly politicized.
All this, again, brings us back to the importance of transaction fees. There are suggestions that in the future, the bitcoin blockchain will begin to be used as an arbitrage tool for exclusive blockchains and sidechains and will form the base layer for the next generation financial system. In this case, the transaction fee can be further increased due to the growing interest in the blockchain ecosystem in order to keep the reliability level high.
Sybil attack
The attack got its name from a clinical case describing a woman with dissociative personality disorder. By analogy with this case, the attack of Sibylla implies a situation where one node in the network acquires several entities.
The attack of Sibylla was first described by Microsoft researcher John Douceur. It is based on the fact that the network cannot reliably distinguish between physical machines. Taken efforts to develop mechanisms for establishing the identity of computers: by means of the certification software, IP-addresses, usernames and passwords, but they have not given effect. Friends can transfer account information to each other, and some services provide one IP address for all their users.
The harm from Sybil's attack manifests itself in different ways. For example, it falsifies online polls or spins Google Page Rank.
In the case of blockchain solutions, an attacker may try to fill the network with clients controlled by him. This allows you to "crank" the following schemes:
- An attacker may refuse to transmit and receive blocks, “disconnecting” users from the network.
- There is a danger of “51% attack” and double-spending.
- There is an opportunity to see all transactions using special programs.
In centralized solutions, Sybil attacks are usually eliminated using a set of heuristic rules. For example, a system may require that only a limited number of accounts be created from a single IP address in the allotted time period.
Another option is to contact a trusted certification center that will verify network users. However, this approach does not give 100% of the result and requires a large amount of network resources. Another option is resource assessment. In this case, the system evaluates the storage size, network bandwidth, and other parameters of the host and determines whether the collected data belongs to individual computers or to one attacking computer with many "personalities".
In the Bitcoin blockchain, Sybil attacks are eliminated by presenting requirements for block generation. The consensus of Nakamoto is that the ability to generate blocks should be proportional to the computing power of the PoW mechanism. This provides reliable cryptographic protection against Sybil attacks, because an attacker can only create a limited number of blocks. It turns out that the fraudster needs to have real computing power that cannot be faked, which makes such an attack unprofitable.
/ image Anders Lindman PD
DDoS
DDoS is another type of hacker attack whose idea is to forward a large number of similar requests. Bitcoin has built-in protection against denial of service attacks. For example, the block size is limited to 1 MB in order to complicate the clogging of memory pools of full nodes, and the size of each script does not exceed 10 thousand bytes. Also limited is the number of signature checks that a block can request (20 thousand), and the number of multi-signatures (maximum 20 keys).
At the same time, Bitcoin clients block all suspicious nodes and transactions. For example, in the latest version of the Bitcoin client Satoshi added a function for registering non-standard transactions (more than 100 kilobytes). Also, when processing transactions, the client checksthat all exits are "not spent".
Hacking Cryptography
It is believed that quantum computers in the future will surpass classical systems in power. But, as says an expert on quantum computing from Google, John Martinis (John Martinis), humanity will take another ten years to create such a computer. However, this fact still causes concern in the crypto community.
The performance of quantum systems in a certain range of tasks is higher than that of classical computers. For example, a D-Wave system using quantum annealing is 100 million times faster than conventional computers.
One of the tasks that must be taken into account in this regard is the problem of factorization. Quantum algorithms , such as the Shore algorithm, in theory, they can break RSA encryption and, as a result, digital signatures used in bitcoin networks.
Therefore, solutions are already being developed today, the purpose of which is to help crypto projects withstand the onslaught of quantum machines.
For example, the US National Security Agency in 2015 announced the development of quantum-proof cryptographic systems. Cryptographers from other offices also work in this direction, for example, the Quantum Resistant Ledger team creates a blockchain system that is resistant to "quantum attacks."
Team worksover cryptographic algorithms based on hash functions. In this case, private keys are generated on the basis of public keys using complex cryptographic structures based on hash functions. Specialists seek to move away from the use of factorization of primes for this task. Thus, a more complex and stable connection appears between the keys , which is less vulnerable to the Shore algorithm.
We have yet to see how successful these initiatives will be in the future. But potentially the transition to such solutions will eliminate the problem of the "quantum" threat and strengthen the entire digital ecosystem as a whole.
On the other side of the question - from which cyber threats the blockchain protects - we wrote in one of our past materials:
PS We also prepared digests on the topic of blockchain technologies, which you will find on our Facebook page: