Image source: Visual China
Almost all discussions about cryptocurrency and blockchain originate from Satoshi Nakamoto’s white paper: "Bitcoin: A Peer-to-Peer Electronic Cash System" (Satoshi Nakamoto).
On November 1, 2008, a cryptography email group received this white paper from the email address of [email protected]. On January 3, 2009, 50 Bitcoins were dug out of Satoshi Nakamoto’s personal computer and placed in A sentence left in the genesis block that can never be modified:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks (January 3, 2009, the Chancellor is in the process of implementing the second round of emergency bailout for banks) Edge). "
At that time, the British Chancellor of the Exchequer Darling was forced to consider a second step to rescue the banking crisis. This sentence was the headline of the Times's front page article that day. The blockchain's timestamp service and proof of existence allow the time when the first blockchain was created and the events that were happening at that time to be permanently preserved.
The earliest exchange rate appeared on October 5, 2009: 1 US dollar = 1309.03 Bitcoins. Ten years later, the price of Bitcoin has exceeded US$8,000. Based on the peak price of US$20,000 per coin in 2017, the market value of 21 million Bitcoins has reached US$420 billion. In addition to various altcoins and forked coins, the total cryptocurrency The scale has exceeded one trillion US dollars.
The biggest impact that Bitcoin has brought to us is that Hayek's idea is feasible, and technology can transcend the existing government framework to realize "non-national currency" and start circulation.
In the crazy era of soaring currency values, few people read Satoshi Nakamoto’s white paper anymore. The nine-page white paper is just a set of technical solutions. All the space is dedicated to discussing the implementation of a "coin". Beyond the software technology itself, let's take a closer look at a more essential issue: Is Bitcoin's "decentralization" thorough? Is it truly a decentralized and fully autonomous system? Are there any flaws in the white paper that are false premises that Satoshi Nakamoto ignored by default but that actually exist?
hash power monopoly ≠ 51% attack
The current belief in Bitcoin is based on the fact that 51% of the entire network’s hash power is unattainable. However, recently, more and more people have begun to worry that mining farms with large-scale ASIC mining machines have already monopolized 51%. % computing power.
The latest research released by "MIT Technology Review" on January 18, 2018 shows that both Bitcoin and Ethereum are open blockchain systems, that is, in principle, anyone can become a miner, but because of such architectural characteristics , naturally formed corresponding organizations to concentrate mining resources.
Based on weekly statistics, the top four Bitcoin mining activities account for 53% of the entire system’s mining activities; while the centralization of Ethereum mining activities is even more stable, with the top three mining machines accounting for 53% of the entire system’s mining activities every week Average mining activity is as high as 61%. Has the computing power monopoly shaken the "decentralized" nature of Bitcoin?
The answer is no. 51% attacks will not come from within the Bitcoin ecosystem.
This is because although the mining giants centrally control the computing power, they have paid a lot of hardware investment and electricity consumption in accordance with the rules of the game. If a 51% attack is launched, the value of the entire system will collapse, and the Bitcoins obtained by the attack will be meaningless.
51% of attacks must come from outside the system.
Decentralization = Justice for the Most People
[White Paper Abstract]:
This article proposes an electronic cash system completely implemented through peer-to-peer technology, which enables online payments to be initiated directly by one party and paid to another party, without the need for an intermediate any financial institution. Although digital signatures partially solve this problem, if third-party support is still required to prevent double-spending, then this system loses its value.
We here propose a solution that allows cash systems to operate in a peer-to-peer environment and prevent double-spending issues.The network timestamps all transactions through random hashing and merges them into an ever-expanding chain of proof-of-work based on random hashing as a transaction record, unless Complete the entire proof of work again, otherwise the transaction records that have been formed will not be changed. The longest chain of
will not only serve as proof of the observed sequence of events, but also be seen as the chain containing the largest computational workload of the CPU. As long as the vast majority of CPU computing power is not planning to cooperate to attack the entire network, then honest nodes will generate the longest chain that outpaces attackers. The system itself requires very little infrastructure.
information is spread throughout the network as much as possible. Nodes can leave and rejoin the network at any time, and use the longest proof-of-work chain as proof of transactions that occurred while the node was offline.
If you read the Bitcoin white paper carefully, you will find that the subtext behind Satoshi Nakamoto's "decentralization" is "justice for the majority", and the consensus mechanism is the core concept of Bitcoin.
replaces centralized authoritative credit with cryptographic principles and proof of work (Pow). When generating a new transaction record, there is always a sequence, even if it is a double spend, there is always a sequence. It is impossible for the same user to create two transactions at the same time. Bitcoin first introduced random hashing based on timestamps to form a coherent sequence. Bitcoin's transaction record is a chain of time series. That's why it's called blockchain.
To avoid double spending, we only need to prove that one of the chains is valid and record it on the transaction chain. The other transactions will be invalid. To prove that one of them is valid without allowing centralization to exist, there is only one way: to mobilize everyone to participate in this activity and carry out "justice for the majority." The
PoW consensus algorithm is designed to solve the problem of who is the majority. The decision of "majority" is expressed as the longest chain. The new block is broadcast by nodes. Once a node receives the broadcast of this block, it will follow the principle of "if and only if all transactions included in the block are valid and have not existed before, other nodes will agree with the block." Validity of Blocks" rules are verified. After the
verification is passed, this node will no longer accept the same block from other nodes. At the same time, this node will terminate its ongoing block calculation that contains the same transaction, which means that it will not perform useless work. The node will start a new transaction block calculation based on this block, and so on, forming a chain.
Due to network delay, if several nodes receive transaction blocks from each other at the same time and record the same chain (fork), the deadlock will not be broken until the next proof of work is discovered. After running for a period of time, there will always be a blockchain with the longest sequence, which will be the chain that is finally recognized. The Bitcoin blockchain is in the process of constantly forking, abandoning, forking, and merging. The
consensus mechanism replaces intermediary trust, so let’s discuss what problems may arise in extreme cases?
At 15:30 one day in 2018, China's submarine optical fiber suddenly failed and international exports were blocked. The entire Bitcoin network is still operating normally: domestic mining pools and mines are still mining coins; foreign mines and exchanges continue to mine and trade coins normally.
Unknowingly, the Chinese Bitcoin network and the international Bitcoin network were torn into two subnets. During the
failure, the computing power within China formed one chain, and the computing power outside China formed another chain. According to the consensus mechanism, it depends on which chain is longer, and the shorter chain will be eliminated. That is, all transactions generated on this eliminated branch chain need to be recalculated, and the accounting rewards will be invalidated. .
17:40, 2 hours after the fault, the fiber optic fault was eliminated and the international export was restored.
Since China’s domestic computing power accounts for as much as 70%, foreign chains will undoubtedly be eliminated. More than two hours after the failure occurred, the computing power results of overseas mines were destroyed, and all overseas Bitcoin transactions faced a new crisis. Accounting, and the entire commercial activities on Bitcoin were paralyzed.A large-scale communication interruption of
will tear the Bitcoin network into two branches with huge disparity in computing power. The optimal strategy is to shut down the entire Bitcoin network immediately from the moment the fault occurs until the fault is repaired. Otherwise, if the isolation state is maintained and the operation continues, more troublesome paralysis will occur during the reconnection and merger.
Bitcoin also has some defensive measures for this. In order to prevent losses caused by interference from branch chains, a Bitcoin transaction requires at least 6 blocks of confirmation. A block time is 10 minutes, and 6 blocks are one hour. If the network interruption caused by the fault exceeds one hour, it will have an impact on transactions. The longer the interruption time, the greater the impact.
People’s discussion of Bitcoin’s disaster recovery capability focuses more on distributed multi-node storage backup, ignoring the isolation and engulfment effects caused by the consensus mechanism itself.
Such an idea is not impossible. On March 30, 2018, the African country Mauritania suffered a complete nationwide network outage for 2 days due to the cutting of submarine cables. This incident also affected several surrounding areas at the same time. For the first time in the country, the nightmare of network outage has been staged in reality, which shows that the global network infrastructure is not as safe as people imagined.
In fact, more than 97% of the world's network data is transmitted through submarine cables, but there are not a few activities near submarine cables carried out by various countries for military purposes. In 2013, three divers were arrested in Egypt on suspicion of cutting undersea cables.
In the theory of military strategists, it is also an important alternative means of attack to completely cut off submarine cables, affect the country's military communication capabilities, and cause economic losses and paralyzing disasters to the enemy.
Moreover, unplugging the network cable may not be the only thing that can paralyze Bitcoin.
Let’s discuss some possibilities that can affect the Bitcoin network:
1, large-scale hacker attacks, controlling the routing strategy of backbone network equipment, and launching BGP attacks.
2, backdoor permissions of network equipment vendors. During the propagation process, the worm virus targeting the 0day vulnerability of core routers intentionally or unintentionally blocked international exports.
3, the telecommunications operator's international export communication failure.
4, national firewall restrictions and blocking. In
and above scenarios, the initiator can be a member outside the system, and does not require a large investment in hardware and power resources. It can be easily implemented by only controlling the network layer. This exposes the most fatal flaw of Bitcoin and all cryptocurrencies: the network layer is naturally highly centralized.
The ignored default premise: channel security
The bottom layer of the blockchain is P2P network communication technology. The blockchain is essentially a value transmission protocol based on P2P.
Bitcoin adopts the P2P (peer-to-peer) network architecture based on the Internet. P2P means that every computer in the same network is equal to each other, and each node jointly provides network services. There are no "special" nodes. Each network node is connected to each other in a "flat" topology. There are no servers, centralized services, or hierarchical structures in the P2P network. The nodes of the
P2P network interact and process collaboratively: each node not only provides services to the outside world, but also uses the services provided by other nodes in the network.
The early international Internet was a typical use case of P2P network architecture: all nodes in the IP network were completely equal. Today's Internet architecture has a layered architecture, but the IP protocol still retains a flat topology structure. Outside of Bitcoin, the largest and most successful application of P2P technology is in the field of file sharing: Napster is a pioneer in this field, and BitTorrent is the latest evolution of its architecture.
"Bitcoin Network" is a collection of nodes operating under the Bitcoin P2P protocol. In addition to the Bitcoin P2P protocol, there are other protocols included in the Bitcoin network. For example, the Stratum protocol is used in mining and lightweight or mobile Bitcoin wallets. The gateway routing server provides these protocols, uses the Bitcoin P2P protocol to access the Bitcoin network, and extends the network to nodes running other protocols.
For example, the Stratum server connects all Stratum mining nodes to the Bitcoin main network through the Stratum protocol and bridges the Stratum protocol to the Bitcoin P2P protocol. We use "extended bitcoin network" to refer to the overall network structure that includes the Bitcoin P2P protocol, the mining pool mining protocol, the Stratum protocol, and other related protocols that connect the components of the Bitcoin system.
The Bitcoin main network running the Bitcoin P2P protocol consists of approximately 7,000-10,000 listening nodes running different versions of the Bitcoin Core client (Bitcoin Core), and hundreds of applications running various Bitcoin P2P protocols (such as Node composition of BitcoinJ, Libbitcoin, btcd, etc.). A small number of nodes in the Bitcoin P2P network are also mining nodes, which compete to mine, verify transactions, and create new blocks. The
bit node usually uses the TCP protocol and uses the 8333 port (this port number is usually used by Bitcoin. In addition to the 8333 port, other ports can also be specified) to establish connections with known peer nodes. The
P2P network only provides a way for all nodes to exchange information. What works are consensus algorithms and encryption algorithms. But the recipient must trust that the data block has not been changed or destroyed by any intermediate party during the transmission process. This actually requires a prerequisite guarantee of "channel security" (this is a condition that Satoshi Nakamoto did not explicitly propose, but which is necessary by default):
·We trust the blockchain software and believe that it will not be damaged during operation, and the transmitted is non-forged data.
·We trust the operating system that runs the blockchain software. It is not damaged during operation and transmits non-forged data;
·We trust the central processing unit that provides the network for the system. We believe that it is not damaged and transmits non-forged data. is non-forged data.
This kind of trust is based on "net neutrality". However, the construction of Internet transmission and bearer networks is a highly capital-intensive investment. Therefore, all Internet infrastructure comes from high investments from communications companies, and Internet services are provided by major ISPs and their distributors.
This has brought about a relatively contradictory problem: the "decentralized" distributed system of is carried on centralized Internet services, but it has not been widely realized. This naturally highly centralized system The underlying transmission network has the ability to easily attack and control "decentralized" Internet products.
It can be seen from the protocol details of Bitcoin that it does not fully prevent attacks on the transport layer. Bitcoin's transmission protocol headers are all clear text, and the rules are constant. The first 4 bytes of the message are 0xF9BEB4D9. It is believed that Satoshi Nakamoto focused most of his energy on the cryptographic design of the transaction process when designing the protocol. Because for the blockchain, whether the transmitted data is encrypted does not affect the validity of the transaction itself: even if the middleman steals the message, it cannot allow the tampered transaction data to be accepted by other nodes.
However, this protocol, which is highly confident and relies too much on channel security, is particularly vulnerable to attacks launched at the bottom of the network. The healing attack is an attack method that can destroy faith in Bitcoin.
healing attack Merge attack
healing attack, in short, is to first isolate the blockchain network into two independent chains that can exceed the "consensus threshold" (such as 51% of POW) through "tearing", and then separate them After a certain period of time (exceeding the transaction confirmation time), let the two chains "heal" and use merger hedging to forcefully abandon one of the chains that has a large number of transactions. The
healing attack is actually a continuous combination of partition attack + delay attack. Its destructive power far exceeds DDos attacks and IP blocking.
targets nodes, miners' DDos, blocking IP addresses and other attack methods, and its influence is short-lived.
Regardless of launching a DDos attack on any IP address, the attacker will be aware, because nodes and miners will immediately realize that they cannot communicate with anyone. The attacker can quickly respond by switching IP addresses.The damage caused by the attack to the entire blockchain network is not obvious, because nodes can still communicate with other nodes after switching IPs, ensuring transaction confirmation and not causing devastating effects on the blockchain network. The
healing attack directly tears the network apart, forming two large LANs. The nodes in the two networks of
can communicate with each other, and there is no sense of network disconnection, so there is no way to take preventive measures. It uses the network layer to collapse the "consensus mechanism" at the moment of healing: if all nodes comply with "Code is Law", the chain will inevitably be engulfed; if the code agreement is not followed, artificial forks will be required, thus subverting beliefs. What’s even more fatal is that healing attacks can be carried out repeatedly with high efficiency. If divided and conquered, the Bitcoin network will be paralyzed. The
healing attack is not only effective against the Bitcoin network, but also poses a threat to encrypted digital currencies such as Ethereum. Although Ethereum has a certain degree of encryption on the communication protocol, this is only to protect the security of smart contracts, not Encryption with the goal of eliminating identifying characteristics of communication protocols.
As long as relies on its data and behavioral characteristics such as long links and redundant heartbeat mechanisms in network communication, attackers can still strike with precision and launch healing attacks by isolating the network.
Therefore, no matter what kind of digital currency it is, as long as the characteristics of the data and behaviors at the bottom of the communication are not erased, the crackdown will still be effective. Altcoins that have been widely speculated in recent years, including Litecoin, Monero, Bitcoin Cash, Quantum Chain, etc., are not immune.
Looking further, all consensus algorithms, including PoW, PoS, and DPoS, need to ensure interference-free transmission. Because the consensus algorithm of distributed systems essentially solves the issues of consistency and correctness on the premise of channel security. Once the network channel security premise is not established, the "consistency" and "correctness" guaranteed by the consensus algorithm will collapse.
BGP hijacking
healing attack is a technical means to disrupt the blockchain and implement healing attacks. The most commonly used one is BGP hijacking.
What is BGP hijacking?
Normal communication between the mining machine and the mining pool should include the following steps:
mining machine - network operator A - network operator B - network operator... - mining pool
Due to the cross-regional nature of the Bitcoin mining pool, in There may be several network operators (ISPs) between miners and mining pools as jumps. This is extremely unsafe. Any aspect of may be hijacked by hackers through the Border Gateway Protocol (BGP).
Border Gateway Protocol (BGP) is a key component of the Internet and is used to determine routing paths. BGP hijacking is the use of BGP to manipulate Internet routing paths. Both cybercriminals and national firewalls can use this technology to achieve their own goals, such as misleading and intercepting traffic.
BGP is a network protocol used to exchange routing information between networks on the Internet. Typically, it is used to determine the best path for routing data between independently operated networks or autonomous systems. Therefore, it is also often used to find the path for routing data from ISP to ISP. It should be noted that BGP is not used to transmit data, but to determine the most efficient routing path. The actual transmission work is completed by other protocols, such as the TCP/IP protocol stack.
Now, let's say I need to send data to the other side of the world. Eventually, this data will definitely leave the network controlled by my ISP, so BGP will inevitably be used. Of course, the routing path cannot be determined by a single autonomous system. This requires the participation of other BGP peers or neighbors. These peers are autonomous systems that have been manually configured to share routing information.
When the autonomous system learns new routes, this information is further propagated to other peers. By combing through the routing information collected from BGP peers, routers processing this data can find the best path. These optimal paths are based on a combination of factors, including distance and configuration settings implemented by the router administrator.
Because the peers that propagate routes are manually configured, it is necessary to compromise a border router to broadcast external BGP advertisements, thereby achieving Internet-level BGP hijacking.Although this is very difficult to do, BGP hijacking attacks have indeed appeared in the real world.
Because BGP determines the transmission method of data from the source to the destination, it is necessary to pay attention to the security of this protocol. By manipulating BGP, attackers can modify the data transmission route according to their own wishes, thereby intercepting or modifying data. In order to hijack Internet-level BGP, a border router needs to be configured to send advertisements containing prefixes that are not assigned to it.
If the malicious notification is more specific than the legitimate notification, or claims to provide a shorter path, then the traffic may be directed to the attacker. Attackers often exploit deprecated prefixes to avoid attracting the attention of legitimate owners. By broadcasting advertisements containing false prefixes, a compromised router may pollute the routing information base of other routers. After contaminating other routers, malicious routing information may be further spread to other routers, autonomous systems, or even the backbone Internet.
In recent years, many BGP hijacking attacks have been recorded.
is more famous for the incident in 2013 when Pakistan blocked Youtube. Because the Pakistani telecommunications department mistakenly added blocking YouTube to BGP, all ASs on this protocol were blocked. In other words, people from all other countries in the world cannot access Youtube because the data packets are flowing to Pakistan, and Pakistan blocks Youtube.
In the case documented by Renesys in 2013, BGP hijacking techniques were used to reroute data through an arbitrary country before reaching its destination. Among them, the data traffic in one attack case actually detoured through Mexico to the United States and then to Belarus before reaching its origin. By spreading false BGP broadcasts, Belarusian ISPs successfully spread illegal routes to the Internet.
In this case, it is likely an act of corporate or national espionage. However, there are signs that even non-state-level adversaries can still launch BGP hijacking attacks.
In a case analyzed by Dell SecureWorks in 2014, BGP hijacking was used to intercept the link from a Bitcoin miner to a mining pool server. By rerouting traffic to a mining pool controlled by the attacker, the attacker is able to steal the victim's Bitcoins. The attack collected $83,000 worth of Bitcoin in two months.
In July 2015, surveillance software provider Hacking Team was hacked. Leaked internal emails showed that in 2013, the Italian government had cooperated with Hacking Team. At the same time, an Italian ISP also purchased the company's BGP hijacking service. . Since the IP hosting the Hacking Team command and control server was blocked and the server was offline, the malware's connection to the command and control server remained unreachable. By publishing the fake IP prefix hosting the command-and-control server, Hacking Team was able to regain access to the victim's machine.
This is the first documented case of BGP hijacking used by a Western government.
"Byzantine Generals Problem" and "Two Armies Problem"
Bitcoin is an unprecedented social experiment in distributed systems, and is also known as a successful example of solving the "Byzantine Generals" problem. I strongly recommend that you search the prototypes of the two theories "Byzantine Generals" and "Two Armies Problem" on Baidu or Wiki.
The Byzantine Generals Problem is a fault-tolerance problem in the distributed field proposed by 2013 Turing Award winner Leslie Lamport in his 1980 paper The Byzantine Generals Problem. This is the most complex and strict fault-tolerant model in the distributed field. Lamport is the grandmaster of distributed systems, and this story is also widely circulated:
Byzantium is located in Istanbul, Turkey today, and is the capital of the Eastern Roman Empire. Due to the vast territory of the Byzantine Roman Empire at that time, each army was separated far apart for defense purposes, and generals could only rely on messengers to pass news between generals. During a war, all generals and adjutants in the Byzantine army must reach a consensus and decide whether there is a chance of winning before attacking the enemy's camp.
However, there may be traitors and enemy spies in the army, which may influence the generals' decisions and disrupt the order of the entire army.When conducting consensus, the results do not represent the majority opinion.
At this time, when it is known that some members are rebelling, how can the remaining loyal generals reach a consensus without being affected by the traitors? The Byzantine problem is formed.
The Byzantine Generals Problem does not consider whether the messenger will be intercepted or unable to deliver the message. Lamport has demonstrated that trying to achieve consistency through message passing over unreliable channels where messages are lost is impossible.
Another one that is more basic than the Byzantine Generals Problem and better known as the Two Generals’ Problem:
Two armies, each led by two generals, are preparing to attack a fortified city. Both armies were stationed in two different valleys next to the city. There is a third valley between the two armies, and the only way for the two generals to communicate is to send letters across the third valley.
The problem is that the third valley is occupied by the enemy defenders of the city, and letters sent through this valley may be intercepted by the enemy defenders. Although the two generals agreed to attack the city simultaneously, they did not agree on a specific time for the attack. To ensure victory, they must attack simultaneously, otherwise any army attacking alone may be wiped out. They must communicate with each other to decide on a simultaneous attack time and agree to launch the attack at that time. The two generals need to know that the other general knows that he has agreed to the battle plan.
The two armies problem is an explanation of the flaws and difficulties in trying to reach agreement through communication on an unreliable communication link. This problem often appears in introductory computer network courses to explain that the TCP protocol cannot guarantee communication at both ends. State consistency. However, the two-military problem also applies to two-point communications in any situation where communication failure is possible.
Comparing the two stories, we will find that the two armies problem has certain similarities with the Byzantine generals problem, but it must be noted that the messenger has to pass through the enemy's valley, and he may be arrested in the process. In other words, the two armies problem The channel in the problem is unreliable, and there is no theory of traitor. This is the fundamental difference between the problem of two armies and the problem of Byzantine generals.
The two-army problem is the first problem in the field of computer communications that has been proven to have no solution. It can also be inferred that the "Byzantine Generals Problem" under the condition of unreliable channels is also unsolvable.
This means that the information we transmit can still be lost, intercepted or tampered with. may only solve the problem of encrypted communication in future "quantum communication".
Putting aside the debate on the pros and cons of various cryptocurrency consensus algorithms, we must see the essential problem. is a consensus algorithm that cannot be separated from the premise of channel security.
The theoretical flaw of Bitcoin lies in the security of the network communication layer. People are too obsessed with the contribution of blockchain technology to cryptography such as timestamp signatures and hash chains, while ignoring the network layer security of distributed systems. In fact, this technology is still in its early stages. Although Bitcoin has been predicted to die hundreds of times in the past ten years, it is still alive and well. As the ontology of science and technology, it should not be blindly superstitious.
If you think of the world as a layer of protocols, the lower layer of protocols will control and affect the upper layer. As an application layer, Bitcoin must be controlled by the next network layer. The
network layer represents the operators that provide network services. Going deeper, it is an entire social structure, which is directly affected by the financial and legal effects of the real world. The final agreement in this world, that is, the ultimate controller, is actually the political layer.
is a non-national cryptocurrency, and the bottom layer is still controlled by the country’s network facilities.
This fact seems a bit pessimistic, but from another dimension, blockchain also requires operation and maintenance.
Although this view seems a bit incompatible with the pursuit of the concept of "maintaining openness, permissionless and distributed". But when tens of billions of capital pour into those cryptocurrencies, professional attackers will also focus on this "unclaimed land."If the industry wants to develop and be protected, it should call on and promote government departments to issue relevant laws, regulations and regulatory policies as soon as possible to standardize, protect and restrain a good ecological environment.
(Editor: IoT Vision Source: Titanium Media)
