What threatens blockchain networks: we consider attacks and methods of protection
Any network can be attacked, and the blockchain is no exception. However, threats to distributed registries are different from threats to ordinary computer networks: in most cases, attackers try to manipulate the process of reaching consensus in order to change the information entered in the registry.
In this article, we will examine the main threats to blockchains with a mechanism for achieving consensus PoW and how they are prevented.
/ image by Peter Shanks CC
')
In order to understand how attackers can influence systems with the protection of Proof-of-Work (for example, Bitcoin), let's first see how the network ensures data immutability.
Although there are many participants in the blockchain (the number of nodes in Bitcoin is approximately 11 thousand), new blocks with transactions are added one by one. To fix the block in the chain, miners solve a computationally complex task. The one who finds the answer first gets the right to add information about user transactions in the blockchain. Miners act in their own interests, since they receive a reward for each block they solve (today it is 12.5 coins in Bitcoin).
The solvable computational problem is not just complicated, its answer must satisfy certain conditions, for example, it is necessary that the generated hash be less than a specific goal. Therefore, it is extremely unlikely that two miners will find a solution to the block at the same time. But such a situation is possible. In this case, both members of the network send their blocks to the blockchain, and the chain splits - a fork occurs.
Further, the community continues mining and adding new information to the blockchain. Each subsequent miner connects the block with the chain, which, in his opinion, will be considered the main one. Over time, it becomes clear which chain the community considered valid - it is selected as a consensus.
In the future, small forks are forgotten and ignored, and any information added to them is subject to repeated processing. However, if the miner adds a new block to the inactive chain, he does not receive rewards for his decision. Therefore, most miners ignore forks in the registry and support the longest of the chains.
This brings us to the â51% attack â. If one (or several) network participants receive most of the âvotesâ, they can control the consensus and include only their data in the blockchain. However, even with one percent advantage over the other half of the community, it is very difficult to change the information already recorded. An attacker can only finish building blocks to the branches he needs. Note that the attack can be realized at lower powers (<50%), although the probability of success in this case is sharply reduced.
Such conditions allow an attacker to conduct another attack, known as âDouble-spendingâ: spend more money than he actually has. To do this, he creates several transactions using the same coins. In theory, the network will consider unnecessary transactions incorrect and reject them: miners simply will not include them in the block.
However, if an attacker gains the ability to place a block, he can incorporate double-spending information into it himself. In this case, honest miners will fork the blockchain and start building a parallel valid branch, ignoring the attacker's block. However, if the latter has 51% of the computing power at his disposal, he will be able to influence the consensus and build his own chain with âincorrectâ transactions, which will be considered âtrueâ.
History remembers several similar cases. For example, the blockchains based on Ethereum Krypton and Shift fell victim to attacks of 51% in August 2016. Then the attackers managed to steal coins through double-spending. After that, project developers have implemented additional security systems, for example, in Krypton they increased the number of confirmations required to approve a transaction to one thousand.
In Bitcoin blockchain, a similar approach is used: a block is not considered valid until five or more blocks that confirm recorded transactions are âhookedâ to it.
Another example: the ghash.io mining pool in 2014 exceeded 51% of the bitcoin network's computational power due to its popularity. But then the community and the site management decided to voluntarily reduce their share in the network and not exceed the threshold value of 39.99% in the future.
Without such resources, a double-spending attack is unlikely. It should be borne in mind that even in case of successful implementation, the benefit may be insignificant. Most often, it is much more profitable to engage in honest mining: a network participant can earn more on rewards for solving a block and commissions.
A mining reward is one of the deterrents for intruders. In addition to it, fraud limits the miners' orientation to long-term profit (it is simply not profitable to ruin the ecosystem for short-term profit, which will be difficult or impossible to cash out at the same time).
Back in 2015, we wrote that the transaction commission will remain the main guarantor of security for Bitcoin blockchain. Today the situation remains the same - cryptoeconomics in permissionless blockchains continues to play a very important role. In bitcoin, since the emission is limited, the growth of the total commission for transactions is the only possible way to maintain the motivation of miners (and at the same time the security of the system).
This growth can be achieved both by increasing the number of transactions, and by increasing the commission for a single transaction. It should be borne in mind that the capacity of permissionless-blockchains for bandwidth is rather limited in order for the blockchain-network to remain decentralized (the more nodes in the network, the less its bandwidth, since each node must process all transactions). Therefore, if we increase bandwidth to hundreds of transactions per second, then only nodes belonging to large companies will remain in the network.
According to a joint study by the Swiss Higher Technical School of Zurich and NEC Laboratories, the upper limit is a few dozen transactions per second. In addition, in Bitcoin, the issue of increasing potential bandwidth (by increasing the maximum block size) is highly politicized.
All this, again, brings us back to the importance of transaction fees. There are suggestions that in the future Bitcoin blockchain will be used as a means of arbitration for exclusive blockchains and sidechains and will form the base layer for the next generation financial system. In this case, transaction fees can be further increased due to the growing interest in the blockchain-ecosystem in order to keep the level of reliability high.
The attack got its name in honor of a clinical case describing a woman with dissociative personality disorder. By analogy with this case, the attack of Sibylla implies a situation where one node in the network acquires several entities.
Sibylla's attack was first described by Microsoft researcher John Douceur. It is based on the fact that the network cannot reliably distinguish physical machines. Attempts were made to develop mechanisms for establishing the identity of computers: with the help of certification software, IP addresses, logins and passwords, but they had no effect. Friends can transfer account data to each other, and some services provide one IP address for all their users.
The damage from the attack Sibylla manifests itself in different ways. For example, with its help fake internet voting or wind rating on Google Page Rank.
In the case of blockchain solutions, an attacker may try to fill the network with clients under his control. This allows you to "turn" the following schemes:
In centralized solutions, Sybil attacks are usually eliminated using a set of heuristic rules. For example, the system may require that only a limited number of accounts be created from a single IP address in a given period of time.
Another option is to contact a trusted certification center that will verify network users. However, this approach does not give 100% of the result and requires a large number of network resources. Another option is resource assessment. In this case, the system estimates the size of the storage, network bandwidth and other parameters of the host and determines whether the collected data belongs to individual computers or one attacking computer with multiple âpersonalitiesâ.
In the bitcoin blockchain, Sybil's attacks are eliminated by making demands for block generation. Nakamoto consensus states that the ability to generate blocks should be proportional to the processing power of the PoW mechanism. This provides strong cryptographic protection against Sibylla attacks, because an attacker can create only a limited number of blocks. It turns out that the scammer needs to have real computing power that cannot be faked, which makes such an attack unprofitable.
/ image of Anders Lindman PD
DDoS is another type of hacker attack, the idea of ââwhich is to send a large number of similar requests. Bitcoin has built-in protection against denial of service attacks. For example, the block size is limited to 1 MB to complicate clogging of memory pools of full nodes, and the size of each script does not exceed 10 thousand bytes. The number of signature checks that a block can request (20,000) and the number of multi-signatures (maximum 20 keys) are also limited.
At the same time, Bitcoin clients block all suspicious nodes and transactions. For example, in the latest version of the Bitcoin client, Satoshi added a function to register non-standard transactions (more than 100 kilobytes). When processing transactions, the client also checks that all exits are ânot spentâ.
It is believed that quantum computers in the future will exceed the power of classical systems. But, according to Google Martin, an expert on quantum computing from Google, humanity will need another ten years to create such a computer. However, this fact still causes concern to the crypto community.
The performance of quantum systems in a certain range of tasks is higher than that of classic computers. For example, the D-Wave system, which uses the quantum annealing method, is 100 million times faster than ordinary computers.
One of the tasks that must be considered in this respect is the problem of factorization. Quantum algorithms , for example, Shor's algorithm , in theory, will be able to break RSA encryption and, as a result, digital signatures used in Bitcoin networks.
Therefore, today solutions are being developed, the purpose of which is to help crypto projects to resist the onslaught of quantum machines.
For example, the US National Security Agency in 2015 announced the development of quantum-resistant cryptographic systems. Cryptographers from other offices are also working in this direction, for example, the Quantum Resistant Ledger team creates a blockchain-based system that is resistant to "quantum attacks".
The team is working on cryptographic algorithms based on hash functions. In this case, private keys are generated on the basis of open using complex cryptographic structures based on hash functions. Experts tend to move away from the use of factorization of primes for this task. Thus, a more complex and stable connection appears between the keys, less vulnerable to Shor's algorithm.
We have yet to see how successful these initiatives will be in the future. But potentially switching to such solutions will eliminate the problem of a âquantumâ threat and strengthen the entire digital ecosystem as a whole.
On the other side of the question - from which cyber threats protect the blockchain - we wrote in one of our past materials:
PS We also prepared digests on blockchain technologies that you will find on our Facebook page:
In this article, we will examine the main threats to blockchains with a mechanism for achieving consensus PoW and how they are prevented.
/ image by Peter Shanks CC
')
In order to understand how attackers can influence systems with the protection of Proof-of-Work (for example, Bitcoin), let's first see how the network ensures data immutability.
Although there are many participants in the blockchain (the number of nodes in Bitcoin is approximately 11 thousand), new blocks with transactions are added one by one. To fix the block in the chain, miners solve a computationally complex task. The one who finds the answer first gets the right to add information about user transactions in the blockchain. Miners act in their own interests, since they receive a reward for each block they solve (today it is 12.5 coins in Bitcoin).
The solvable computational problem is not just complicated, its answer must satisfy certain conditions, for example, it is necessary that the generated hash be less than a specific goal. Therefore, it is extremely unlikely that two miners will find a solution to the block at the same time. But such a situation is possible. In this case, both members of the network send their blocks to the blockchain, and the chain splits - a fork occurs.
Further, the community continues mining and adding new information to the blockchain. Each subsequent miner connects the block with the chain, which, in his opinion, will be considered the main one. Over time, it becomes clear which chain the community considered valid - it is selected as a consensus.
In the future, small forks are forgotten and ignored, and any information added to them is subject to repeated processing. However, if the miner adds a new block to the inactive chain, he does not receive rewards for his decision. Therefore, most miners ignore forks in the registry and support the longest of the chains.
"Attack of 51%" and Double-spending
This brings us to the â51% attack â. If one (or several) network participants receive most of the âvotesâ, they can control the consensus and include only their data in the blockchain. However, even with one percent advantage over the other half of the community, it is very difficult to change the information already recorded. An attacker can only finish building blocks to the branches he needs. Note that the attack can be realized at lower powers (<50%), although the probability of success in this case is sharply reduced.
Such conditions allow an attacker to conduct another attack, known as âDouble-spendingâ: spend more money than he actually has. To do this, he creates several transactions using the same coins. In theory, the network will consider unnecessary transactions incorrect and reject them: miners simply will not include them in the block.
However, if an attacker gains the ability to place a block, he can incorporate double-spending information into it himself. In this case, honest miners will fork the blockchain and start building a parallel valid branch, ignoring the attacker's block. However, if the latter has 51% of the computing power at his disposal, he will be able to influence the consensus and build his own chain with âincorrectâ transactions, which will be considered âtrueâ.
History remembers several similar cases. For example, the blockchains based on Ethereum Krypton and Shift fell victim to attacks of 51% in August 2016. Then the attackers managed to steal coins through double-spending. After that, project developers have implemented additional security systems, for example, in Krypton they increased the number of confirmations required to approve a transaction to one thousand.
In Bitcoin blockchain, a similar approach is used: a block is not considered valid until five or more blocks that confirm recorded transactions are âhookedâ to it.
Another example: the ghash.io mining pool in 2014 exceeded 51% of the bitcoin network's computational power due to its popularity. But then the community and the site management decided to voluntarily reduce their share in the network and not exceed the threshold value of 39.99% in the future.
Without such resources, a double-spending attack is unlikely. It should be borne in mind that even in case of successful implementation, the benefit may be insignificant. Most often, it is much more profitable to engage in honest mining: a network participant can earn more on rewards for solving a block and commissions.
A mining reward is one of the deterrents for intruders. In addition to it, fraud limits the miners' orientation to long-term profit (it is simply not profitable to ruin the ecosystem for short-term profit, which will be difficult or impossible to cash out at the same time).
Back in 2015, we wrote that the transaction commission will remain the main guarantor of security for Bitcoin blockchain. Today the situation remains the same - cryptoeconomics in permissionless blockchains continues to play a very important role. In bitcoin, since the emission is limited, the growth of the total commission for transactions is the only possible way to maintain the motivation of miners (and at the same time the security of the system).
This growth can be achieved both by increasing the number of transactions, and by increasing the commission for a single transaction. It should be borne in mind that the capacity of permissionless-blockchains for bandwidth is rather limited in order for the blockchain-network to remain decentralized (the more nodes in the network, the less its bandwidth, since each node must process all transactions). Therefore, if we increase bandwidth to hundreds of transactions per second, then only nodes belonging to large companies will remain in the network.
According to a joint study by the Swiss Higher Technical School of Zurich and NEC Laboratories, the upper limit is a few dozen transactions per second. In addition, in Bitcoin, the issue of increasing potential bandwidth (by increasing the maximum block size) is highly politicized.
All this, again, brings us back to the importance of transaction fees. There are suggestions that in the future Bitcoin blockchain will be used as a means of arbitration for exclusive blockchains and sidechains and will form the base layer for the next generation financial system. In this case, transaction fees can be further increased due to the growing interest in the blockchain-ecosystem in order to keep the level of reliability high.
Attack of Sybil
The attack got its name in honor of a clinical case describing a woman with dissociative personality disorder. By analogy with this case, the attack of Sibylla implies a situation where one node in the network acquires several entities.
Sibylla's attack was first described by Microsoft researcher John Douceur. It is based on the fact that the network cannot reliably distinguish physical machines. Attempts were made to develop mechanisms for establishing the identity of computers: with the help of certification software, IP addresses, logins and passwords, but they had no effect. Friends can transfer account data to each other, and some services provide one IP address for all their users.
The damage from the attack Sibylla manifests itself in different ways. For example, with its help fake internet voting or wind rating on Google Page Rank.
In the case of blockchain solutions, an attacker may try to fill the network with clients under his control. This allows you to "turn" the following schemes:
- An attacker may refuse to send and receive blocks, "disconnecting" users from the network.
- There is a danger of "51% attack" and double-spending.
- It becomes possible to see all transactions using special programs.
In centralized solutions, Sybil attacks are usually eliminated using a set of heuristic rules. For example, the system may require that only a limited number of accounts be created from a single IP address in a given period of time.
Another option is to contact a trusted certification center that will verify network users. However, this approach does not give 100% of the result and requires a large number of network resources. Another option is resource assessment. In this case, the system estimates the size of the storage, network bandwidth and other parameters of the host and determines whether the collected data belongs to individual computers or one attacking computer with multiple âpersonalitiesâ.
In the bitcoin blockchain, Sybil's attacks are eliminated by making demands for block generation. Nakamoto consensus states that the ability to generate blocks should be proportional to the processing power of the PoW mechanism. This provides strong cryptographic protection against Sibylla attacks, because an attacker can create only a limited number of blocks. It turns out that the scammer needs to have real computing power that cannot be faked, which makes such an attack unprofitable.
/ image of Anders Lindman PD
DDoS
DDoS is another type of hacker attack, the idea of ââwhich is to send a large number of similar requests. Bitcoin has built-in protection against denial of service attacks. For example, the block size is limited to 1 MB to complicate clogging of memory pools of full nodes, and the size of each script does not exceed 10 thousand bytes. The number of signature checks that a block can request (20,000) and the number of multi-signatures (maximum 20 keys) are also limited.
At the same time, Bitcoin clients block all suspicious nodes and transactions. For example, in the latest version of the Bitcoin client, Satoshi added a function to register non-standard transactions (more than 100 kilobytes). When processing transactions, the client also checks that all exits are ânot spentâ.
Hacking cryptography
It is believed that quantum computers in the future will exceed the power of classical systems. But, according to Google Martin, an expert on quantum computing from Google, humanity will need another ten years to create such a computer. However, this fact still causes concern to the crypto community.
The performance of quantum systems in a certain range of tasks is higher than that of classic computers. For example, the D-Wave system, which uses the quantum annealing method, is 100 million times faster than ordinary computers.
One of the tasks that must be considered in this respect is the problem of factorization. Quantum algorithms , for example, Shor's algorithm , in theory, will be able to break RSA encryption and, as a result, digital signatures used in Bitcoin networks.
Therefore, today solutions are being developed, the purpose of which is to help crypto projects to resist the onslaught of quantum machines.
For example, the US National Security Agency in 2015 announced the development of quantum-resistant cryptographic systems. Cryptographers from other offices are also working in this direction, for example, the Quantum Resistant Ledger team creates a blockchain-based system that is resistant to "quantum attacks".
The team is working on cryptographic algorithms based on hash functions. In this case, private keys are generated on the basis of open using complex cryptographic structures based on hash functions. Experts tend to move away from the use of factorization of primes for this task. Thus, a more complex and stable connection appears between the keys, less vulnerable to Shor's algorithm.
We have yet to see how successful these initiatives will be in the future. But potentially switching to such solutions will eliminate the problem of a âquantumâ threat and strengthen the entire digital ecosystem as a whole.
On the other side of the question - from which cyber threats protect the blockchain - we wrote in one of our past materials:
PS We also prepared digests on blockchain technologies that you will find on our Facebook page:
Source: https://habr.com/ru/post/346656/
All Articles