區塊鏈安全問(wèn)題:研究現狀與展望
doi: 10.16383/j.aas.c180710
-
1.
中國科學(xué)院自動(dòng)化研究所復雜系統管理與控制國家重點(diǎn)實(shí)驗室 北京 100190
-
2.
青島智能產(chǎn)業(yè)技術(shù)研究院平行區塊鏈技術(shù)創(chuàng )新中心 青島 266109
-
3.
國防科學(xué)技術(shù)大學(xué)軍事計算實(shí)驗與平行系統技術(shù)中心 長(cháng)沙 410073
-
4.
中國科學(xué)院大學(xué)中國經(jīng)濟與社會(huì )安全研究中心 北京 101408
國家自然科學(xué)基金 71702182
國家自然科學(xué)基金 71472174
國家自然科學(xué)基金 61233001
國家自然科學(xué)基金 61533019
國家自然科學(xué)基金 71232006
Security Problems on Blockchain: The State of the Art and Future Trends
-
1.
The State Key Laboratory for Management and Control of Complex Systems, Institute of Automation, Chinese Academy of Sciences, Beijing 100190
-
2.
Innovation Center for Parallel Blockchain, Qingdao Academy of Intelligent Industries, Qingdao 266109
-
3.
Research Center of Military Computational Experiments and Parallel Systems, National University of Defense Technology, Changsha 410073
-
4.
Center of China Economic and Social Security, The University of Chinese Academy of Sciences, Beijing 101408
National Natural Science Foundation of China 71702182
National Natural Science Foundation of China 71472174
National Natural Science Foundation of China 61233001
National Natural Science Foundation of China 61533019
National Natural Science Foundation of China 71232006
-
摘要: 區塊鏈是比特幣底層的核心技術(shù),展示了在自組織模式下實(shí)現大規模協(xié)作的巨大潛力,為解決分布式網(wǎng)絡(luò )中的一致性問(wèn)題提供了全新的方法.隨著(zhù)比特幣的廣泛流通和去中心化區塊鏈平臺的蓬勃發(fā)展,區塊鏈應用也逐漸延伸至金融、物聯(lián)網(wǎng)等領(lǐng)域,全球掀起了區塊鏈的研究熱潮.然而,區塊鏈為無(wú)信任的網(wǎng)絡(luò )環(huán)境提供安全保障的同時(shí),也面臨安全和隱私方面的嚴峻挑戰.本文定義了區塊鏈系統設計追求的安全目標,從機制漏洞、攻擊手段和安全措施三方面對區塊鏈各層級的安全問(wèn)題進(jìn)行全面分析,提出了區塊鏈的平行安全概念框架,并總結未來(lái)區塊鏈安全問(wèn)題的研究重點(diǎn).本文致力于為區塊鏈研究提供有益的安全技術(shù)理論支撐與借鑒.Abstract: As the core underlying technology of Bitcoin, blockchain shows the potential of achieving large-scale self-organizing, and provides a new approach to solve the consistency problem in P2P networks. With the widespread circulation of Bitcoin and the rapid development of decentralized blockchain platforms, blockchain has been gradually applied to many fields such as finance and Internet of Things, and related studies have been blooming across the world. Blockchain provides a security architecture in the trustless network environment, however, it also faces serious challenges in security and privacy. In this paper, we defined the security objectives and gave a comprehensive analysis of blockchain security from the aspects of the existing vulnerabilities, attacks and security measures. In addition, we proposed a conceptual framework of parallel security and summarized the key directions of future security research on blockchain. This paper is devoted to providing useful theoretical support and reference for future blockchain researches.
-
Key words:
- Blockchain /
- provable security /
- privacy protection /
- security threat /
- supervision
1) 本文責任編委?魏慶來(lái) -
密碼算法 類(lèi)型 功能 安全性影響 AES 對稱(chēng)密碼 加密 攻擊難度減半 SHA-2, SHA-3 - 哈希函數 攻擊難度減半 RSA 公鑰密碼 加密 攻破 ECDSA, ECDH 公鑰密碼 簽名, 密鑰交換 攻破 DSA 公鑰密碼 簽名, 密鑰交換 攻破 下載: 導出CSV亚洲第一网址_国产国产人精品视频69_久久久久精品视频_国产精品第九页 -
[1] Nakamoto S. Bitcoin: a peer-to-peer electronic cash system[Online], available: https://bitcoin.org/bitcoin.pdf, October 5, 2018 [2] Dwork C, Naor M. Pricing via processing or combatting junk mail. In: Proceedings of the 12th Annual International Cryptology Conference. California, USA: CRYPTO, 1992. 139-147 [3] 袁勇, 王飛躍.區塊鏈技術(shù)發(fā)展現狀與展望.自動(dòng)化學(xué)報, 2016, 42(4):481-494 http://www.ynkaiyun.com/CN/abstract/abstract18837.shtmlYuan Yong, Wang Fei-Yue. Blockchain:the state of the art and future trends. Acta Automatica Sinica, 2016, 42(4):481-494 http://www.ynkaiyun.com/CN/abstract/abstract18837.shtml [4] Walport M. Distributed ledger technology: beyond blockchain[Online], available: https://www.gov.uk/government/news/distributed-ledger-technology-beyond-block-chain, October 5, 2018 [5] Ministry of Industry and Information Technology. Chinese blockchain technology and application development white paper2016[Online], available: http://www.fullrich.com/Uploads/article/file/2016/1020/580866e374069.pdf, October 5, 2018 [6] McWaters R, Bruno G, Galaski R, Chaterjee S. The future of financial infrastructure: an ambitious look at how blockchain can reshape financial services[Online], available: https://www.weforum.org/reports/the-futureof-financialinfrastructure-an-ambitious-look-at-how-blockchain-can-reshape-financial-services, October 5, 2018 [7] Takemoto Y, Knight S. Mt. Gox files for bankruptcy, hit with lawsuit[Online]. available: http://www.reuters.com/article/us-bitcoin-mtgox-bankruptcy-idUSBREA1R0FX20140228, October 5, 2018 [8] Hon M T W K, Palfreyman J, Tegart M. Distributed ledger technology & Cybersecurity[Online]. available: https://ec.europa.eu/futurium/en/content/distributed-ledger-technology-cybersecurity, October 5, 2018 [9] Yaga D, Mell P, Roby N, Scarfone K. Blockchain technology overview[Online]. available: https://csrc.nist.gov/publications/detail/nistir/8202/draft, October 5, 2018 [10] De Prisco R, Lampson B, Lynch N. Revisiting the Paxos algorithm. In: Proceedings of the 11th International Workshop on Distributed Algorithms. Saarbrücken, Germany: Springer 1997. 111-125. [11] Lamport L. The part-time parliament. ACM Transactions on Computer Systems, 1998, 16(2):133-169 doi: 10.1145/279227.279229 [12] Castro M, Liskov B. Practical Byzantine fault tolerance. In: Proceedings of the 3rd Symposium on Operating Systems Design and Implementation. New Orleans, USA: OSDI, 1999. 173-86 [13] Ongaro D, Ousterhout J K. In search of an understandable consensus algorithm. In: Proceedings of the USENIX Annual Technical Conference. Philadelphia, PA, USA: USENIX ATC, 2014. 305-119 [14] Oki B M, Liskov B H. Viewstamped replication: a new primary copy method to support highly-available distributed systems In: Proceedings of the 7th Annual ACM Symposium on Principles of Distributed Computing. Toronto, Ontario, Canada: ACM, 1988. 8-17 [15] King S, Nadal S. Ppcoin: peer-to-peer crypto-currency with proof-of-stake[Online], available: https://bitcoin.org/bitcoin.pdf, October 5, 2018 [16] Buterin V. A next-generation smart contract and decentralized application platform[Online], available: https://github.com/ethereum/wiki/wiki/White-Paper, October 5, 2018 [17] Yuan Yong, Wang Fei-Yue. Blockchain and cryptocurrencies:model, techniques, and applications. IEEE Transactions on Systems, Man, and Cybernetics:Systems, 2018, 48(9):1421-1428 doi: 10.1109/TSMC.2018.2854904 [18] Peters G W, Panayi E. Understanding modern banking ledgers through blockchain technologies: future of transaction processing and smart contracts on the internet of money. Banking Beyond Banks and Money. Berilin: Springer, 2016. 239-278 [19] Vukoli?M. Rethinking permissioned blockchains. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts. Abu Dhabi, United Arab Emirates: ACM, 2017. 3-7 [20] Danezis G, Meiklejohn S. Centrally banked cryptocurrencies[Online]. available: https://arxiv.org/abs/1505.06895, October 5, 2018 [21] Halpin H, Piekarska M. Introduction to security and privacy on the blockchain. In: Proceedings of the 2017 Security and Privacy Workshops (EuroS&PW). Paris, France: IEEE, 2017. 1-3 [22] Heilman E, Kendler A, Zohar A, Goldberg S. Eclipse attacks on bitcoin's peer-to-peer network. In: Proceedings of 24th USENIX Security Symposium. Washington, D.C, USA: USENIX, 2015: 129-144 [23] Delmolino K, Arnett M, Kosba A, Miller A, Shi E. Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Proceedings of the International Conference on Financial Cryptography and Data Security. Christ Church, Barbados: Springer, 2016. 79-94 [24] Bernstein D J. Introduction to Post-quantum Cryptography. Berlin:Springer-Verlag, 2009. 1-14 [25] 秦波, 陳李昌豪, 伍前紅, 張一鋒, 鐘林, 鄭海彬.比特幣與法定數字貨幣.密碼學(xué)報, 2017, 4(2):176-186 http://d.old.wanfangdata.com.cn/Periodical/mmxb201702008Qin Bo, Chen Li Chang-Hao, Wu Qian-Hong, Zhang Yi-Feng, Zhong Lin, Zheng Hai-Bin. Bitcoin and digital fiat currency. Journal of Cryptologic Research, 2017, 4(2):176-186 http://d.old.wanfangdata.com.cn/Periodical/mmxb201702008 [26] Garay J, Kiayias A, Leonardos N. The bitcoin backbone protocol: analysis and applications. In: Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Sofia, Bulgaria: EUROCRYPT, 2015. 281-310 [27] Chen L, Jordan S, Liu Y K, Moody D, Peralta R C, Perlner R A. Report on post-quantum cryptography[Online], available: https://www.nist.gov/publications/report-post-quantum-cryptography, October 5, 2018 [28] Torres W A A, Steinfeld R, Sakzad A, Liu J K, Kuchta V, Bhattacharjee N, et al. Post-quantum one-time linkable ring signature and application to ring confidential transactions in blockchain (lattice ringCT v1. 0). In: Proceedings of the 23rd Australasian Conference on Information Security and Privacy. Wollongong, NSW, Australia: ACISP, 2018. 558-576 [29] Jarecki S, Kiayias A, Krawczyk H, Xu J. Highly-efficient and composable password-protected secret sharing (or: how to protect your bitcoin wallet online). In: Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrucken, Germany: IEEE, 2016. 276-291 [30] Fleder M, Kester M S, Pillai S. Bitcoin transaction graph analysis[Online]. available: https://arxiv.org/abs/1502.01657, October 5, 2018 [31] Saberhagen N. CryptoNote v 2.0[Online]. available: https://static.coinpaprika.com/storage/cdn/whitepapers/1611.pdf, October 5, 2018 [32] Noether S. Ring signature confidential transactions for Monero[Online]. available: https://eprint.iacr.org/2015/1098, October 5, 2018 [33] Miers I, Garman C, Green M, Rubin A D. Zerocoin: anonymous distributed e-cash from bitcoin. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy. Berkeley, CA, USA: IEEE, 2013. 397-411 [34] Bitansky N, Chiesa A, Ishai Y, Paneth O, Ostrovsky R. Succinct non-interactive arguments via linear interactive proofs. In: Proceedings of the 2013 Theory of Cryptography. Tokyo, Japan: Springer, 2013. 315-333 [35] Sasson E B, Chiesa A, Garman C, Green M, Miers I, Tromer E, et al. Zerocash: decentralized anonymous payments from bitcoin. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy. CA, USA: IEEE, 2014. 459-474 [36] Decker C, Wattenhofer R. Bitcoin transaction malleability and MtGox. In: Proceedings of the 2014 European Symposium on Research in Computer Security. Wroclaw, Poland: ESORICS, 2014. 313-326 [37] Karame G O, Androulaki E, Roeschlin M, Gervais A, ?apkun S. Misbehavior in bitcoin: a study of double-spending and accountability. ACM Transactions on Information and System Security (TISSEC), 2015, 18(1): No.2 [38] Rajput U, Abbas F, Heekuck O. A solution towards eliminating transaction malleability in bitcoin. Journal of Information Processing Systems, 2018, 14(4):837-850 [39] Lewenberg Y, Bachrach Y, Sompolinsky Y, Zohar A, Rosenschein J S. Bitcoin mining pools: a cooperative game theoretic analysis. In: Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems. Istanbul, Turkey: AAMAS, 2015. 919-927 [40] Nayak K, Kumar S, Miller A, Shi E. Stubborn mining: generalizing selfish mining and combining with an eclipse attack. In: Proceedings of the 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrucken, Germany: IEEE, 2016. 305-320 [41] Reed M G, Syverson P F, Goldschlag D M. Anonymous connections and onion routing. IEEE Journal on Selected areas in Communications, 1998, 16(4):482-494 doi: 10.1109/49.668972 [42] Bonneau J, Narayanan A, Miller A, Clark J, Kroll J A, Felten E W. Mixcoin: anonymity for bitcoin with accountable mixes. In: Proceedings of the 2014 International Conference on Financial Cryptography and Data Security. Christ Church, Barbados: Springer, 2014. 486-504 [43] Valenta L, Rowan B. Blindcoin: blinded, accountable mixes for bitcoin. In: Proceedings of the 2015 International Conference on Financial Cryptography and Data Security. San Juan, Puerto Rico: Springer, 2015. 112-126 [44] Maxwell G. CoinJoin: bitcoin privacy for the real world[Online]. available: https://bitcointalk.org/index.php, October 5, 2018 [45] Ruffing T, Moreno-Sanchez P, Kate A. CoinShuffle: practical decentralized coin mixing for bitcoin. In: Proceedings of the 2014 European Symposium on Research in Computer Security. Wroclaw, Poland: ESORICS, 2014. 345-364 [46] Ziegeldorf J H, Grossmann F, Henze M, Inden N, Wehrle K. Coinparty: secure multi-party mixing of bitcoins. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. New York, USA: ACM, 2015. 75-86 [47] 袁勇, 倪曉春, 曾帥, 王飛躍.區塊鏈共識算法的發(fā)展現狀與展望.自動(dòng)化學(xué)報, 2018, 44(11):2011-2022 http://www.ynkaiyun.com/CN/abstract/abstract19383.shtmlYuan Yong, Ni Xiao-Chun, Zeng Shuai, Wang Fei-Yue. Blockchain consensus algorithms:the state of the art and future trends. Acta Automatica Sinica, 2018, 44(11):2011-2022 http://www.ynkaiyun.com/CN/abstract/abstract19383.shtml [48] Kiayias A, Panagiotakos G. Speed-security tradeoffs in blockchain protocols[Online]. available: https://eprint.iacr.org/2015/1019.pdf, October 5, 2018 [49] Sompolinsky Y, Zohar A. Secure high-rate transaction processing in bitcoin. In: Proceedings of the 2015 International Conference on Financial Cryptography and Data Security. San Juan, Puerto Rico: Springer, 2015. 507-527 [50] Pass R, Seeman L, Shelat A. Analysis of the blockchain protocol in asynchronous networks. In: Proceedings of the 2017 Annual International Conference on the Theory and Applications of Cryptographic Techniques. Paris, France: EUROCRYPT, 2017. 643-673 [51] Kiayias A, Russell A, David B, Oliynykov R. Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Proceedings of the 2017 Annual International Cryptology Conference. Santa Barbara, USA: CRYPTO, 2017. 357-388 [52] Bentov I, Lee C, Mizrahi A, Rosenfeld M. Proof of activity:extending bitcoin's proof of work via proof of stake[extended abstract]. ACM SIGMETRICS Performance Evaluation Review, 2014, 42(3):34-37 doi: 10.1145/2695533 [53] Duong T, Fan L, Zhou H S. 2-hop blockchain: combining proof-of-work and proof-of-stake securely[Online]. available: https://eprint.iacr.org/2016/716.pdf, October 5, 2018 [54] Gilad Y, Hemo R, Micali S, Vlachos G, Zeldovich N. Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles. Shanghai, China: ACM, 2017. 51-68 [55] Chen L, Xu L, Shah N, Gao Z, Lu Y, Shi W. On security analysis of proof-of-elapsed-time (poet). In: Proceedings of the 2017 International Symposium on Stabilization, Safety, and Security of Distributed Systems. MA, USA: Springer, Cham, 2017. 282-297 [56] Milutinovic M, He W, Wu H, Kanwal M. Proof of luck: an efficient blockchain consensus protocol[Online], available: https://eprint.iacr.org/2017/249.pdf, October 5, 2018 [57] 曾帥, 袁勇, 倪曉春, 王飛躍.面向比特幣的區塊鏈擴容:關(guān)鍵技術(shù), 制約因素與衍生問(wèn)題.自動(dòng)化學(xué)報, DOI: 10.16383/j.aas.c180100Zeng Shuai, Yuan Yong, Ni Xiao-Chun, Wang Fei-Yue. Scaling blockchain towards bitcoin:key technologies, constraints and related issues. Acta Automatica Sinica, DOI: 10.16383/j.aas.c180100 [58] Luu L, Narayanan V, Zheng C, Baweja K, Gilbert S, Saxena P. A secure sharding protocol for open blockchains. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM, 2016. 17-30 [59] Kokoris-Kogias E, Jovanovic P, Gasser L, Gailly N, Ford B. Omniledger: a secure, scale-out, decentralized ledger via sharding. In: Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP). CA, USA: IEEE, 2018. 583-598 [60] Eyal I, Sirer E G. Majority is not enough:Bitcoin mining is vulnerable. Communications of the ACM, 2018, 61(7):95-102 doi: 10.1145/3234519 [61] Bag S, Ruj S, Sakurai K. Bitcoin block withholding attack:analysis and mitigation. IEEE Transactions on Information Forensics and Security, 2017, 12(8):1967-1978 doi: 10.1109/TIFS.2016.2623588 [62] Kiayias A, Koutsoupias E, Kyropoulou M, Tselekounis Y. Blockchain mining games. In: Proceedings of the 2016 ACM Conference on Economics and Computation. Maastricht, The Netherlands: ACM, 2016. 365-382 [63] Carlsten M, Kalodner H, Weinberg S M, Narayanan A. On the instability of bitcoin without the block reward. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna, Austria: ACM, 2016. 154-167 [64] Luu L, Chu D H, Olickel H, Saxena P, Hobor A. Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna, Austria: ACM, 2016: 254-269 [65] Atzei N, Bartoletti M, Cimoli T. A survey of attacks on ethereum smart contracts (sok). In: Proceedings of the 2017 International Conference on Principles of Security and Trust. Uppsala, Sweden: Springer, 2017. 164-186 [66] Zhang F, Cecchetti E, Croman K, Juels A, Shi E. Town crier: an authenticated data feed for smart contracts. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. Vienna, Austria: ACM, 2016. 270-282 [67] Peterson J, Krug J, Zoltu M, Williams A K, Alexander S. Augur: a decentralized oracle and prediction market platform[Online]. available: http://media.abnnewswire.net/media/en/whitepaper/rpt/93144-Augur_Whitepaper.pdf, October 5, 2018 [68] Grishchenko I, Maffei M, Schneidewind C. A semantic framework for the security analysis of ethereum smart contracts. In: Proceedings of the 2018 International Conference on Principles of Security and Trust. Thessaloniki, Greece: Springer, 2018. 243-269 [69] Kosba A, Miller A, Shi E, Wen Z, Papamanthou C. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP). CA, USA: IEEE, 2016. 839-858 [70] 袁勇, 周濤, 周傲英, 段永朝, 王飛躍.區塊鏈技術(shù):從數據智能到知識自動(dòng)化.自動(dòng)化學(xué)報, 2017, 43(9):1485-1490 http://www.ynkaiyun.com/CN/abstract/abstract19125.shtmlYuan Yong, Zhou Tao, Zhou Ao-Ying, Duan Yong-Chao, Wang Fei-Yue. Blockchain technology:from data intelligence to knowledge automation. Acta Automatica Sinica, 2017, 43(9):1485-1490 http://www.ynkaiyun.com/CN/abstract/abstract19125.shtml [71] 袁勇, 王飛躍.平行區塊鏈:概念, 方法與內涵解析.自動(dòng)化學(xué)報, 2017, 43(10):1703-1712 http://d.old.wanfangdata.com.cn/Periodical/zdhxb201710003Yuan Yong, Wang Fei-Yue. Parallel blockchain:concept, methods and issues. Acta Automatica Sinica, 2017, 43(10):1703-1712 http://d.old.wanfangdata.com.cn/Periodical/zdhxb201710003 [72] Thomas S, Schwartz E. A protocol for interledger payments[Online]. available: https: //interledger.org/interledger. pdf, October 5, 2018 [73] Collberg C, Davidson J, Giacobazzi R, Gu Y X. Toward digital asset protection. IEEE Intelligent Systems, 2011, 26(6):8-13 doi: 10.1109/MIS.2011.106 [74] 王飛躍.計算實(shí)驗方法與復雜系統行為分析和決策評估.系統仿真學(xué)報, 2004, 16(5):893-897 doi: 10.3969/j.issn.1004-731X.2004.05.009Wang Fei-Yue. Computational experiments for behavior analysis and decision evaluation of complex systems. Journal of System Simulation, 2004, 16(5):893-897 doi: 10.3969/j.issn.1004-731X.2004.05.009 [75] 王飛躍.人工社會(huì )、計算實(shí)驗、平行系統:關(guān)于復雜社會(huì )經(jīng)濟系統計算研究的討論.復雜系統與復雜性科學(xué), 2004, 1(4):25-35 doi: 10.3969/j.issn.1672-3813.2004.04.002Wang Fei-Yue. Artificial societies, computational experiments, and parallel systems:a discussion on computational theory of complex social-economic systems. Complex Systems and Complexity Science, 2004, 1(4):25-35 doi: 10.3969/j.issn.1672-3813.2004.04.002