In-depth research of Bitcoin's security model

CYC Labs view 37 2021-9-18 13:47

People often argue when discussing the approval of different cryptocurrencies. This is usually due to the lack of understanding (definition) of the cryptocurrency security model used to protect the historical data on the list. Each model consensus is meant to withstand a wide range of objections, but it is important to understand the purpose of these models.

The security model can be divided into two parts: perception and recognition. If the assumptions used to manufacture the equipment are valid, then the responsibilities of the safety standards must be applied.

Let's take a closer look at the security model Bitcoin offers to all employees.

深入探索比特币的安全模型

seek the truth

"The drop in demand for consumer confidence is one of Bitcoin's strengths. Personally, I think it is Bitcoin's greatest strength." -Pierre Wuille

A split list is created to provide a record of the events. It is simply because the schedules are unreliable in the split system.

When a new user joins the blockchain network for the first time, they extract the entire blockchain, start with genetically hard-coded software, and then validate the entire blockchain.

One of the most important assumptions of the Bitcoin security model is that most miners are honest.—— They don't want to destroy the security of the blockchain, they want to protect it. In fact, if you look at the history of Bitcoin,Incentive mechanism for Siv tau miners, this idea has not been shattered, but some do not believe that it can last long.

Think about this idea,The whole operator node can be really from

No one other than miners can advertise more bitcoin, and the supply of bitcoin will strictly increase over time.

Without a private key, bitcoins cannot be used.

No one can use the same bitcoin anymore.

According to the strong guarantee of the Bitcoin blockchain,Full compute nodes can also be sure of two things:

All Bitcoin blocks are generated in around 2 hours.

What they sync is the "real" story of the blockchain.

throughawarenessUsually, Bitcoin blocks have to go through multiple checks.

All the blocks comply with the applicable rules.

Each block is connected to a parent block.

Each block achieves a difficult target cost and proof of adequate performance.

Block timestamps are in the time window between the last block.

Merkel Road matches the industries listed in the block.

The block size does not exceed the limit.

The first (and most important) market in each block is the Coinbase exchange.

Coinbase exit is not beyond giveaway blocking

The signature function is included in the block in the authorization field.

All changes are subject to the agreed terms.

The comments and the results were appropriate.

Commercial products only use non-consumable materials.

Any entry that needs to be taken has a valid signature.

Exiting the Coinbase exchange is not within 100 blocks of the Coinbase exchange being created.

If the switch is still in the block window, the output is not available.

The location is restricted and the remaining rules are not repeated.

thermodynamic climate

Once an exchange in the block is recognized, it cannot be reversed unless a lot of energy is used to complete the chain.

As long as the attacker does not have more than 50% of the total power consumption of the network, and the direct nodes can communicate quickly, the likelihood of going back decreases with the mathematics of commercial acceptance. Other types of attacks (like selfish mining) do not require significant effort, but are difficult to implement.

深入探索比特币的安全模型

-Source: Bitcoin Standard Security Review by Yonatan Sompolinsky1 and Aviv Zohar-

Judging by the large number of Bitcoin players currently active, the attacker must have almost 10 ^ 26 hash values to create a chain with multiple function certificates, starting with the genesis block. All nodes treat this string as a "legal" string.

深入探索比特币的安全模型

-Source : http://bitcoin.sipa.be-

Let's calculate the strike rate of 51%.

The power consumption of the ant miner S9 is 0.1 J / GH (10 ^ 9 hashes).

10 ^ 26 * 0.1 J / 10 ^ 9 hashes = 10 ^ 15 J

10 ^ 15 J = 2,777,777,778 kw / h * $ 0.10 kw / h = $ 277,777,778 (the cost of the electricity needed to fill the entire blockchain)

At the time of writing, the block is expected to reach a hard value of 253,618,246,641.:

253 618 246 641 * 2 ^ 48/65535 = 1.09 * 10 ^ 21 hash

1.09 * 10 ^ 21 * 0.1 J / 10 ^ 9 hash = 1.09 * 10 ^ 11 J

1.09 * 10 ^ 11 J = 30,278 kw / h * $ 0.10 kw / h = $ 3,028 (cost of electricity needed to build each block)

So we can say that Bitcoin has thermodynamic security.

You can tweak some of the changes in the calculations listed above to keep costs down, but you can be sure that upgrading the entire blockchain will cost millions of dollars. However, in the worst case scenario, a serious contender with such strength could reverse the transition to 2014. You will soon see why. .

In addition, the costs of purchasing and operating a mining machine are not included.

witch attack

Because Bitcoin processors believe that the chains with the most proven chains are legitimate (the longest chain is a bad idea), new friends join the network only to establish honest relationships with other friends. Find the right channel.

This is also called civil harassment, which means that the attacker cannot throw a lot of unfair things at friends to give false information to friends.

深入探索比特币的安全模型

The image above shows the worst. Although the node has been the subject of significant attacks, it is still connected with integrity and through it can be connected to the actual blockchain. As long as there are honest friends sending real blockchain data to the entire node, the node sees through and ignores attackers who are trying to seduce you.

Actual agreement

Once the nodes are synchronized with the top of the blockchain, you will see that the Bitcoin protocol manages the integrity of the entire network through other interesting objects.

The authors of “Research and Competition for Bitcoin and Other Cryptocurrencies” pointed out that the following characteristics are important for the security of cryptocurrencies:

incredible view.At all times, all nodes that comply with the rules must have the consent of the last final 'political' blockchain of the blockchain.

exponential convergence.The result of the fork at depth n is O (2 - n). This leads the user to believe that the change can be stable after "k sure".

Game.New blocks are developed regularly and can be used commercially to pay the necessary exchange rates packaged on the chain in a timely manner.

green.All systems contained in a block of the chain with proof of operation are generally valid.

Justice.A miner with X% of the total power grid can dig up to X% of the block.

The authors of the report suggest that Bitcoin appears to have the above characteristics, at least considering that most miners are honest. This is what the donation and proof-of-work blocking mechanisms attempt to accomplish.

There are many other algorithms that can be used to check the distribution agreement, such as:

Proof of Stake (PoS)

Proof of coin age

Proof of filing

evidence of burns

proof

proof of the passage of time

contracts

Byzantine fault tolerance Tswvyim

The above algorithms create different security models. ——The main difference from proof of function is that the process under this procedure uses internal capital (coin or reputation) rather than external capital (fire) to achieve consensus.These interfaces have differentiated support and reliability for network users, changing the security model.

Misconceptions about safety standards

A negative assumption is that Bitcoin has clear security standards.

In fact, past or presentThe Bitcoin system does not contain any specific safety instructions or standards.The best we can do is learn about the motivations and behaviors of the participants to better understand and explain the Bitcoin security model.

However, some people often do not understand some of the features of the Bitcoin protocol.

Some blockchains have dangerous latency., which means "the developer confirmed that block X is on the correct chain" because the developer added a signature on the software. This is a fundamental part of the problem.

It is worth mentioning.Bitcoin has 13 hard-coded checkpoints, but these checkpoints are arbitrarily defined checkpoints and do not change the security standard.The final test point was added to Bitcoin Core 0.9.3 and the block height was 295,000 (created April 9, 2014). The cost of this block is 6,119,726,089 and the required electricity bill is approximately:

6 119 726 089 * 2 ^ 48/65535 = 2.62 * 10 ^ 19 hashes

2.62 * 10 ^ 19 hashes * 0.1 J / 10 ^ 9 hashes = 2.62 * 10 ^ 9 J

2.62 * 10 ^ 9 J = 728kw / h * $ 0.10 kw / h = $ 73 (the amount of electricity needed to build the block)

Therefore, if the helper attacker is around a new node addition (which must be synchronized by the control), he can create a short blockchain at a lower block height with less or no cost, but not beyond the checkpoint.

If the sybil attacker detaches one of the networks whose synchronization exceeds the block altitude of 295,000, it can start working false blocks at a cost of at least $ 73 per block before a difficult change. However, the longer the blockchain is synchronized by the victim node, the higher the cost for the attacker to create the chain with more proof of work.

Greg Maxwell and Pieter Wuille have said they hope the checkpoints will one day be completely removed. Bitcoin Core Managing Director Wladimir van der Laan noted that test sites are often confusing for those trying to understand Bitcoin security models.

Arguably installing at an altitude of 295,000 means the entire "average" of what the Bitcoin Core developers claimed to be valid before April 9, 2014. However, all nodes also check the Merkel hash value of each block header.The validity of the company's history is also protected by proof of exploitation.. While the performance differences have become obscure with the introduction of libsecp256k1, these older labs may improve performance when older blockchains are first synced (by going through proof of signs).

The purpose of the checkpointThere are three main points.

Make sure the memory node is enabled but the running certificate is not written with the lower block.

Pass the signature on the previous block (improve performance).

Estimate the sync speed.

At the time of writing, Greg Maxwell advocated the use of proof of employment over censorship. If a full node synchronizes a chain with more than 5.4 * 10 ^ 24 hash arrays, a chain with low cumulative workload is ignored. This is the equivalent of the work of the 320,000 blocks created in September 2014, with a hard cost of around 27,000,000 per block.

深入探索比特币的安全模型

-Source: Blockchain.info-

With a hard value of 27,000,000, the mining should have approximately 27,000,000,000 * 2 ^ 48/65535 = 1.16 * 10 ^ 20 hash functions.

1.16 * 10 ^ 20 * 0.1 J / 10 ^ 9 hash = 1.16 * 10 ^ 10 J

1.16 * 10 ^ 10 J = 3222 kw / h * $ 0.10 kw / h = $ 322 (average value of the energy required to build each block)

So after the patch, if the daemon-attacker is all around the new thing that needs to be synchronized from scratch, it can send bad data to the node by a nearly white block. If the devil hits the whole environment of a node with more than 320,000 synchronized blocks, sending all the false ones while blocking 320,000 on that node comes to $ 322.

love love,If an organization has full control over a single connection on a network, the strike rate is relatively low regardless of the method used to identify the node for the first synchronization. If a node's network connection is not managed by an organization, you can easily bypass attacker block.

In addition,The genesis of the hard code of all blockchain systems gets stuck in a software node.. You can think of "data sharing" (for example, a list) as a relationship agreement. If a block contains enough data, all members of the network will come to an agreement that the block will not be restored. When a developer selects a checked out block start point and uses it to create checkpoints, this is more of a guarantee than a historical description of the target.

In addition to test installations, how the nodes use their own information can also be an issue. Now,A process of self-starting the Bitcoin node is to ensure that the node can locally store data previously learned by its peers.. Otherwise, the node asks the software for a hard-coded layer of "DNS seed". These genes are responsible for handling the names of well-connected Bitcoin nodes and returning those names to those nodes.

As the rules show, Bitcoin Core 0.13 currently uses DNS seeds managed by Pieter Wuille, Matt Corallo, Luke Dashjr, Christian Decker, Jeff Garzik, and Jonas Schnelli. Anyone can run DNS seeds using Pieter Wuille's Bitcoin Seed Generator software or Matt Corallo's software. However, they must persuade the developer of all node applications in addition to the DNS starting host for other software.

The boot process on the new node only relies on 6 DNS seeds, which seems to be the crux of the matter. But don't forget.The Bitcoin security model only needs to be linked to a friend of the just enough to prevent sybil attacks.

so,New nodes only need to be reached by DNS seeds that are not attacked, and those seeds will revert to the correct IP address.However, in order to prevent all DNS nodes from accessing for some reason,backup schedule—— The list of hard-coded IP addresses in the software is updated with each new version.

In the security model developed by these startups, not all users need to trust the X DNS seed or the Y Bitcoin Core software designed to provide real-time data, and 1 / X DNS nodes are not affected. You just have to believe he can't. t. , or 1 / Y Bitcoin Core software developers have honestly looked at the usability of hard-coded exchange competitors.

no security at all

By thinking deeply, you can have some confidence in the hardware and software that you are running when you are running all the nodes.

There are many ways to use van der Laan's to verify the authenticity of binary data files to make sure the software is reliable, but not many people are willing to do so. It is a difficult question on how to verify the reliability of your hardware. If you need a secure solution, the closest is ORWL. When a person tries to control ORWL, a "self-destruct" mechanism occurs.

深入探索比特币的安全模型

However, you cannot be 100% sure that it will not get damaged because critical equipment like CPU and RAM usually owns it.

Bitcoin checks and balances

If you start to learn about the relationships of the different participants in the Bitcoin system, you will find yourself in the air.

The purpose of running all nodes is to protect financial sovereignty.This means that when you install and run a version of the software, you accept the software and all other network participants. This not only complies with the rules of the software, but also with the other participants in the network. Rules must also be observed.

so,If people want to inconsistency with the software rules, they have to run new software to show their approval of those changes.on the other hand,If it is a reverse policy change, it can be used in the network without authorization.

Someone described Bitcoin's internal inspections and their equivalents as follows:

深入探索比特币的安全模型

Our Bitcoin management power department:

All nodes (minors and developers can be refused)

Minor (developer capable of vetoing)

Developers (can help others through vetoes)

What you need to know isAll node software has not been modified,It's by design. Automatic modification tips the balance of the manufacturer's powers, allowing the manufacturer to change the code without the permission of nodes and miners.

Sadly,The policy change can be attributed to the same level of expertise, but over the years it has been suggested that a good idea for the fork can apply changes that violate the rules of the previous model.For example, Vitalik Buterin once mentioned the idea of reducing the blocking time of Bitcoin from 10 minutes to 2 minutes per soft fork. This will inevitably increase the release of Bitcoin.

Encountered with soft forks that they don't like, all knots have a trump card. They use leather forks to combine with other juveniles that support the fork. This is difficult to implement (by design) and raises a lot of questions about how to measure visibility and find nodes with heavy budgets.

Speaking of which, this type of challenge can be changed by changing the mining algorithm from double SHA256 to a different one.hash functionto know. If completed, all SHA256 ASIC miners will not be able to use it for my Bitcoin. so,Node employees should be vigilant of changes in the Bitcoin ecosystem and warn minors that they can be traded if they violate their rights.

Many game theorists will discuss Bitcoin miner operations and security threats. In the previous article, we predicted how the mining ecosystem would change. Although the degree of centralization of Bitcoin mining is not satisfactory, it still performs well. This is because the Bitcoin miners invested a lot of money and refused to take big losses to harm the system everyone is watching.

SPV Security

Many Bitcoin users use heavy equipment instead of all the nodes accessing the network. Because the former needs less security, but still more stable.

User can use Certificate of Validation (SPV) to extract a full copy of the block header from each block in the entire chain. It means,Since the advent of Bitcoin, download and storage needs have grown linearly over time.For more information, see Chapter 8 of the free Bitcoin document.

深入探索比特币的安全模型

Satoshi Nakamoto said in a white paper that the SPV client "is not able to identify the transaction on their own, but when you are involved in the blockchain activity, you can see that the nodes in the network have received If you block it on the channel, that will also confirm that the network has accepted the change. "Accepting is very expensive.

SPV seems more secure compared to the whole node, howeveran introduction to deeper thinking: All operations included in a block can still be used as long as the block header and block proof operations are still valid. Since the SPV user has not verified all of the consensuses mentioned in section 1 of this article, it believes that the node responding to the exchange request has examined the terms of the consensus. .

Another small security difference is that partners can hide information.Running all nodes allows friends to hide unauthorized transactions and blocks. However, once a block is received by a competitor, no one can hide the change in that block. On the other hand, if you are running an SPV client, friends of that client can lead the block and then hide the exchange data in that block.

SPV users can check the relevant companies at a specific location.Competitors use bogus scams to lure SPV users into high prices (they have to dig blocks with enough PoW), but they can lie about the filters that SPV users use. Another thing to keep in mind is that Bloom Filter skepticism has made SPV a major privacy breach.

BitcoinJ did a good job explaining the SPV security model in their article. Regarding the unannounced change, they pointed out:

In SPV mode, only nodes connected to the transmitter can be converted to trust. If the attacker can identify that the node they are connected to is their own, they can send the wrong transaction (using nonexistent funds) and will know that the switch is valid.

vegetableusersthis,The security of the SPV was "quite high"nce. However, you can improve yourself by using proof of SPV scams. There are discussions about evidence of fraud, but ideas on how to integrate it into the Bitcoin protocol have yet to be implemented.

No 127.0.0.1 on the Bitcoin network.

If you don't run all the nodes (always use them to identify changes), you should minimize them.Trust the third, resulting in differences in safety standards. Not all users and businesses need to develop software directly from the Bitcoin Core RPC API.

Some renovations include, but are not limited to:

1)Use the Android version of your Bitcoin wallet, GreenAddress or your Stash mobile wallet to request only your entire wallet.

深入探索比特币的安全模型

2)Create apps from the SPV node library (such as BitcoinJ) and configure those apps to connect to your entire node.In BitcoinJ, you can accomplish this by setting up your own SeedPeer and going to PeerGroup at the start. libbitcoin allows you to use this example to define network connections for a particular purpose.

Three)Establish a server name compatible with the Bitcoin Core JSON-RPC API.This API not only calls the third-party service, but also calls all local nodes to get the data returned by the third-party service. One example is BitGo's BitGoD software. This hybrid model gets the best of both worlds. This means that you can take advantage of the advanced features provided by third parties while maintaining your personal financial sovereignty.

Total: For freedom

exactly,Tying full of knots is the best solution and requires the least thought.Setting up a computer that can operate reliably can cost several hundred dollars. You can also count that money and decide whether it is worth paying to protect your financial management.