回目录 《区块链:深度解析》

1. 区块链深度基础

1.1 Mining AND Consensus Algorithm 挖矿与共识

详解在另一篇 《区块链基础:解密挖矿与共识的误解》

Consensus is a form of automated governance that populates and publishes ledger entries every x period. The “blockchain” is proof that this automated governance structure actually works as designed, providing near ABSOLUTE assurance over the integrity of the ledger data.

POW POS DAG are not consensus protocol, they are “mining mechanism” or “sybil control mechanisms” specifically https://twitter.com/el33th4xor/status/1006931658338177024 Consensus Protocol is the process of accepting transactions(validate transactions on receive) and blocks(validate pow/pos[block headers] and actual payloads[block transactions] on receive) PoW, PoS and DAGs are NOT consensus protocols https://medium.com/coinmonks/a-primer-on-blockchain-design-89605b287a5a

1.1.1 Mining mechanism

Proof of Work vs. Proof of Stake – What's the Difference, and Which is Better?
Understanding Blockchain Fundamentals, Part 2: Proof of Work & Proof of Stake
POW

Find nonce for block (block level) https://en.wikipedia.org/wiki/Proof-of-work_system POS

Find utxo for coinstake transaction (transaction level) Coinstake transactions Staking transactions

Eth casper

POS V1 Peercoin

The proof-of-stake in the new type of blocks is a special transaction called coinstake (named after Bitcoin's special transaction coinbase). In the coinstake transaction block owner pays himself thereby consuming his coin age, while gaining the privilege of generating a block for the network and minting for proof-of-stake. The first input of coinstake is called kernel and is required to meet certain hash target protocol, thus making the generation of proof-of-stake blocks a stochastic process similar to proof-ofwork blocks. However an important difference is that the hashing operation is done over a limited search space (more specifically one hash per unspent wallet-output per second) instead of an unlimited search space as in proof-of-work, thus no significant consumption of energy is involved.

POS V3
The missing explanation of Proof of Stake Version 3

Qtum

Stake(stay online, hold UTXOs of himself) => try every time interval, with 'next block timestamp', find "coinbase kernel"/"staking transaction"/coinstake transaction, that meets the target difficulty (calculated by utxo value)
// Hash256("Stake Modifier V2" + "UTXO Transaction Timestamp" + "UTXO Transaction Hash" + "UTXO Output Number" + "Coinstake Transaction Time") < Target * Weight

Proof-of-Stake (PoS) implementation


Stake(stay online, hold UTXOs of himself) => try every time interval, with ‘next block timestamp’, find “coinbase kernel”/”staking transaction”/coinstake transaction, that meets the target difficulty (calculated by utxo value) // Hash256(“Stake Modifier V2” + “UTXO Transaction Timestamp” + “UTXO Transaction Hash” + “UTXO Output Number” + “Coinstake Transaction Time”) < Target * Weight https://bitcoin.stackexchange.com/questions/52321/how-is-a-proof-of-stake-block-mined-at-the-block-level-and-how-does-it-accompli Proof-of-Stake (PoS) implementation https://academy.stratisplatform.com/FullNode/PoS/PoS-introduction.html

https://academy.stratisplatform.com/FullNode/ProvenHeaders/proven-headers-introduction.html DPOS

DPOS共识算法—缺失的白皮书 https://lilymoana.github.io/DPOS.html

缺失的白皮书:DPOS共识算法工作原理及鲁棒性根源分析 https://www.leiphone.com/news/201706/JfsBmaf6Y0ZtV11R.html

DPOS Consensus Algorithm - The Missing White Paper https://steemit.com/dpos/@dantheman/dpos-consensus-algorithm-this-missing-white-paper

1.1.2 共识算法 Consensus Protocol


Nakamoto consensus

Check pow (target difficulty)
Check timestamp(between last 11 median and future 2 hours)
Check transactions

Consensus Algorithms, Blockchain Technology and Bitcoin UCL - by Andreas M. Antonopoulos

https://www.youtube.com/watch?v=fw3WkySh_Ho Consensus Algorithms, Blockchain Technology and Bitcoin UCL - by Andreas M. Antonopoulos


PBFT PracticalByzantineFaultTolerance
区块链共识算法 PBFT(拜占庭容错)、PAXOS、RAFT简述
从Paxos到区块链
[区块链] 共识算法之争(PBFT,Raft,PoW,PoS,DPoS,Ripple)

DPOS+PBFT https://bbs.asch.io/topic/1883/阿希的dpos-pbft共识机制是如何运作的

1.2 Permission design

whether permission is needed to access the blockchain;

1.3 cryptocurrency & smart contract


1.4 安全问题-共识算法和智能合约

1.4.1 Consensus attack 共识漏洞

重放攻击 replay attack Dos denial-of-service Double spend Sybil attacks: Protected by mining mechanism (pow/pos)

opportunistic attacks Nothing-At-Stake problem https://www.youtube.com/watch?v=-XXV2q6206Q https://ethereum.stackexchange.com/questions/2402/what-exactly-is-the-nothing-at-stake-problem https://medium.com/coinmonks/understanding-proof-of-stake-the-nothing-at-stake-theory-1f0d71bc027 Long range attack https://www.youtube.com/watch?v=cct-YpOqOpA

Resource exhaustion attack(on pos) https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806 http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf https://github.com/initc3/i-cant-believe-its-not-stake

Time warp attack The Bitcoin Protocol (consensus rules) has two relevant rules for the timestamps in block headers: 1. A node will not accept a block whose timestamp is more than two hours in the future. 2. A node will not accept a block unless it has a timestamp greater than the median of the previous 11 blocks. In Bitcoin, we call this Median-Time-Past (MTP).

Blocks are considered valid if their time is greater than the median of the last 11 blocks and less than currentTime + 2 hours, so it’s legal for an attacker to create a new version of an old block with a time far in the future. If this is the first block in a retarget period, then the difficulty will quadruple after that period. If it’s the last block, then the difficulty will be divided by four. (Difficulty adjustments are limited to *4 or /4.) https://bitcoin.stackexchange.com/questions/75831/what-is-time-warp-attack-and-how-does-it-work-in-general https://blog.theabacus.io/the-verge-hack-explained-7942f63a3017 https://bitcoin.stackexchange.com/questions/1511/gaming-the-off-by-one-bug-difficulty-re-target-based-on-2015-instead-of-2016 https://bitcoin.stackexchange.com/questions/20597/where-exactly-is-the-off-by-one-difficulty-bug https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772 https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772 https://bitcointalk.org/index.php?topic=3256693.0

What prevents similar time-warp attacks in Bitcoin as happened to Verge? https://bitcoin.stackexchange.com/questions/75438/what-prevents-similar-time-warp-attacks-in-bitcoin-as-happened-to-verge https://forum.zcashcommunity.com/t/how-does-someone-find-a-17-blocks-in-4-seconds-time-warp-attack/1583/17

1.4.2 Contract attack 合约漏洞

DAO攻击 SmartMesh Announcement on Ethereum Smart Contract Overflow Vulnerability https://medium.com/@smartmesh/smartmesh-announcement-on-ethereum-smart-contract-overflow-vulnerability-f1ded8777720

干货分享:Qtum量子链开发者公开经典PoS协议的一个DoS攻击向量 www.8btc.com/qtum-pos-dos

1.4.3 交易漏洞


1.4.3 案例分析 attack analysis

https://en.bitcoin.it/wiki/Weaknesses
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

** CVE-2018-17144: DOS & Double spend**

BitcoinCore CVE-2018-17144 漏洞研究与分析

Validation.cpp
UpdateCoins
CCoinsViewCache::SpendCoin()
CCoinsViewCache::FetchCoin()
CCoinsViewCache::AddCoin()

Coin Flag
0 from parent(前驱区块)
Dirty | FRESH (普通交易)

DIRTY	 1<<0 = 1 (普通交易)
FRESH 1<<1 = 2

header first - fill-disk attack

header first - fill-disk attack

checkpoints

Compact block

Compact block https://bitcoincore.org/en/2016/06/07/compact-blocks-faq/

**deep reorg - network disruption **

On the new deep reorg protection https://www.reddit.com/r/btc/comments/9z1gjo/on_the_new_deep_reorg_protection/



2. 張韡武学长讲座总结 Overview From zhang weiwu’s view

normal search - > binary search -> hastable -> collision (chain, prob)

Hash=>Digital Signature=>Blockchain

2.1 Hash

Non encrypted hasdh
Encrypted hash
	Hmac Length extension attack
Encrypted hash -- along with other information, such as the hashing algorithm
	Digital signature ### 2.2 Digital signature Integrity
Information not tampered Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature invalidates the signature Authenticity
Message is sent by the user Non-repudiation an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature

PKI based digital signature schema:

Dsa Rsa ecc

Blockchain based digital signature schema:

why? Example: I love you to someone face in face, that’s not unique, can be ‘double spend’ by saying I love you to someone else. I love you to someone broadcast to blockchain

Blockchain-Powered Digital Signatures
block chain, e-signature, and PKI/EIDAS
Blockchain and Digital Signatures
Digital signatures and the blockchain
Using blockchains as an alternative to PKIs for digital signatures

Transaction hash and Ecrecover
Blockchain Transaction Authentication and Security

Transaction hash and Ecrecover Blockchain Transaction Authentication and Security www.ascdi.com/blockchain-transaction-authentication-and-security/

2.3 Merkle

1.someone hold private key sign the merke tree, like traditional ca sign it, or the gov will sign it 2.no central authority sign it, but it will be ‘signed’ by POW, by adding a nonuce or anymore values, to create a new hash preceding with enough 0s

the block in blockchain explained (merkle trees)

ETH Patricia Tries:
Merkle Trees and Patricia Tries - Blockchain for Developers [Lab 7]

EOS Merkle tree - LCV:
通过EOS.IO的默克尔证明实现区块链间通信
> EOS 的 Block 上只存了 Merkle root,并没有存整个 tree。这个问题 Vitalik Buterin 和 Dan 辩论过一次,V 认为 EOS 这是投机取巧,Dan 认为 Merkle tree 的存在是为了校验状态(交易是否存在),而状态应该是区块链上的记录回放的结果,不应该属于共识的一部分,也不用记录在区块上,并且 EOS 也是支持利用 Merkle 做轻客户端证明的。但具体 EOS 怎么存这个,我自己还没看太明白。

Merkle in time

Bitmap , bloom filter

聊聊数字签名(Digital Signature)

