摘要
区块链是比特币底层的核心技术,展示了在自组织模式下实现大规模协作的巨大潜力,为解决分布式网络中的一致性问题提供了全新的方法.随着比特币的广泛流通和去中心化区块链平台的蓬勃发展,区块链应用也逐渐延伸至金融、物联网等领域,全球掀起了区块链的研究热潮.然而,区块链为无信任的网络环境提供安全保障的同时,也面临安全和隐私方面的严峻挑战.本文定义了区块链系统设计追求的安全目标,从机制漏洞、攻击手段和安全措施三方面对区块链各层级的安全问题进行全面分析,提出了区块链的平行安全概念框架,并总结未来区块链安全问题的研究重点.本文致力于为区块链研究提供有益的安全技术理论支撑与借鉴.
As the core underlying technology of Bitcoin, blockchain shows the potential of achieving large-scale selforganizing, and provides a new approach to solve the consistency problem in P2 P networks. With the widespread circulation of Bitcoin and the rapid development of decentralized blockchain platforms, blockchain has been gradually applied to many fields such as finance and Internet of Things, and related studies have been blooming across the world.Blockchain provides a security architecture in the trustless network environment, however, it also faces serious challenges in security and privacy. In this paper, we defined the security objectives and gave a comprehensive analysis of blockchain security from the aspects of the existing vulnerabilities, attacks and security measures. In addition, we proposed a conceptual framework of parallel security and summarized the key directions of future security research on blockchain.This paper is devoted to providing useful theoretical support and reference for future blockchain researches.
引文
1 Nakamoto S.Bitcoin:a peer-to-peer electronic cash system[Online],available:https://bitcoin.org/bitcoin.pdf,October5,2018
2 Dwork C,Naor M.Pricing via processing or combatting junk mail.In:Proceedings of the 12th Annual International Cryptology Conference.California,USA:CRYPTO,1992.139-147
3 Yuan Yong,Wang Fei-Yue.Blockchain:the state of the art and future trends.Acta Automatica Sinica,2016,42(4):481-494(袁勇,王飞跃.区块链技术发展现状与展望.自动化学报,2016,42(4):481-494)
4 Walport M.Distributed ledger technology:beyond blockchain[Online],available:https://www.gov.uk/government/news/distributed-ledger-technology-beyondblock-chain,October 5,2018
5 Ministry of Industry and Information Technology.Chinese blockchain technology and application development white paper2016[Online],available:http://www.fullrich.com/Uploads/article/file/2016/1020/580866e374069.pdf,October 5,2018
6 McWaters R,Bruno G,Galaski R,Chaterjee S.The future of financial infrastructure:an ambitious look at how blockchain can reshape financial services[Online],available:https://www.weforum.org/reports/thefuture-of-financial-infrastructure-an-ambitious-look-athow-blockchain-can-reshape-financial-services,October 5,2018
7 Takemoto Y,Knight S.Mt.Gox files for bankruptcy,hit with lawsuit[Online].available:http://www.reuters.com/article/us-bitcoin-mtgox-bankruptcy-idUSBREA1R0FX20140228,October 5,2018
8 Hon M T W K,Palfreyman J,Tegart M.Distributed ledger technology&Cybersecurity[Online].available:https://ec.europa.eu/futurium/en/content/distributedledger-technology-cybersecurity,October 5,2018
9 Yaga D,Mell P,Roby N,Scarfone K.Blockchain technology overview[Online].available:https://csrc.nist.gov/publications/detail/nistir/8202/draft,October 5,2018
10 De Prisco R,Lampson B,Lynch N.Revisiting the Paxos algorithm.In:Proceedings of the 11th International Workshop on Distributed Algorithms.Saarbr¨ucken,Germany:Springer 1997.111-125.
11 Lamport L.The part-time parliament.ACM Transactions on Computer Systems,1998,16(2):133-169
12 Castro M,Liskov B.Practical Byzantine fault tolerance.In:Proceedings of the 3rd Symposium on Operating Systems Design and Implementation.New Orleans,USA:OSDI,1999.173-86
13 Ongaro D,Ousterhout J K.In search of an understandable consensus algorithm.In:Proceedings of the USENIXAnnual Technical Conference.Philadelphia,PA,USA:USENIX ATC,2014.305-119
14 Oki B M,Liskov B H.Viewstamped replication:a new primary copy method to support highly-available distributed systems In:Proceedings of the 7th Annual ACM Symposium on Principles of Distributed Computing.Toronto,Ontario,Canada:ACM,1988.8-17
15 King S,Nadal S.Ppcoin:peer-to-peer crypto-currency with proof-of-stake[Online],available:https://bitcoin.org/bitcoin.pdf,October 5,2018
16 Buterin V.A next-generation smart contract and decentralized application platform[Online],available:https://github.com/ethereum/wiki/wiki/White-Paper,October 5,2018
17 Yuan Yong,Wang Fei-Yue.Blockchain and cryptocurrencies:model,techniques,and applications.IEEE Transactions on Systems,Man,and Cybernetics:Systems,2018,48(9):1421-1428
18 Peters G W,Panayi E.Understanding modern banking ledgers through blockchain technologies:future of transaction processing and smart contracts on the internet of money.Banking Beyond Banks and Money.Berilin:Springer,2016.239-278
19 Vukoli′cM.Rethinking permissioned blockchains.In:Proceedings of the ACM Workshop on Blockchain,Cryptocurrencies and Contracts.Abu Dhabi,United Arab Emirates:ACM,2017.3-7
20 Danezis G,Meiklejohn S.Centrally banked cryptocurrencies[Online].available:https://arxiv.org/abs/1505.06895,October 5,2018
21 Halpin H,Piekarska M.Introduction to security and privacy on the blockchain.In:Proceedings of the 2017 Security and Privacy Workshops(EuroS&PW).Paris,France:IEEE,2017.1-3
22 Heilman E,Kendler A,Zohar A,Goldberg S.Eclipse attacks on bitcoin s peer-to-peer network.In:Proceedings of24th USENIX Security Symposium.Washington,D.C,USA:USENIX,2015:129-144
23 Delmolino K,Arnett M,Kosba A,Miller A,Shi E.Step by step towards creating a safe smart contract:lessons and insights from a cryptocurrency lab.In:Proceedings of the International Conference on Financial Cryptography and Data Security.Christ Church,Barbados:Springer,2016.79-94
24 Bernstein D J.Introduction to Post-quantum Cryptography.Berlin:Springer-Verlag,2009.1-14
25 Qin Bo,Chen Li Chang-Hao,Wu Qian-Hong,Zhang YiFeng,Zhong Lin,Zheng Hai-Bin.Bitcoin and digital fiat currency.Journal of Cryptologic Research,2017,4(2):176-186(秦波,陈李昌豪,伍前红,张一锋,钟林,郑海彬.比特币与法定数字货币.密码学报,2017,4(2):176-186)
26 Garay J,Kiayias A,Leonardos N.The bitcoin backbone protocol:analysis and applications.In:Proceedings of the34th Annual International Conference on the Theory and Applications of Cryptographic Techniques.Sofia,Bulgaria:EUROCRYPT,2015.281-310
27 Chen L,Jordan S,Liu Y K,Moody D,Peralta R C,Perlner R A.Report on post-quantum cryptography[Online],available:https://www.nist.gov/publications/report-postquantum-cryptography,October 5,2018
28 Torres W A A,Steinfeld R,Sakzad A,Liu J K,Kuchta V,Bhattacharjee N,et al.Post-quantum one-time linkable ring signature and application to ring confidential transactions in blockchain(lattice ringCT v1.0).In:Proceedings of the 23rd Australasian Conference on Information Security and Privacy.Wollongong,NSW,Australia:ACISP,2018.558-576
29 Jarecki S,Kiayias A,Krawczyk H,Xu J.Highly-efficient and composable password-protected secret sharing(or:how to protect your bitcoin wallet online).In:Proceedings of2016 IEEE European Symposium on Security and Privacy(EuroS&P).Saarbrucken,Germany:IEEE,2016.276-291
30 Fleder M,Kester M S,Pillai S.Bitcoin transaction graph analysis[Online].available:https://arxiv.org/abs/1502.01657,October 5,2018
31 Saberhagen N.CryptoNote v 2.0[Online].available:https://static.coinpaprika.com/storage/cdn/whitepapers/1611.pdf,October 5,2018
32 Noether S.Ring signature confidential transactions for Monero[Online].available:https://eprint.iacr.org/2015/1098,October 5,2018
33 Miers I,Garman C,Green M,Rubin A D.Zerocoin:anonymous distributed e-cash from bitcoin.In:Proceedings of the2013 IEEE Symposium on Security and Privacy.Berkeley,CA,USA:IEEE,2013.397-411
34 Bitansky N,Chiesa A,Ishai Y,Paneth O,Ostrovsky R.Succinct non-interactive arguments via linear interactive proofs.In:Proceedings of the 2013 Theory of Cryptography.Tokyo,Japan:Springer,2013.315-333
35 Sasson E B,Chiesa A,Garman C,Green M,Miers I,Tromer E,et al.Zerocash:decentralized anonymous payments from bitcoin.In:Proceedings of the 2014 IEEE Symposium on Security and Privacy.CA,USA:IEEE,2014.459-474
36 Decker C,Wattenhofer R.Bitcoin transaction malleability and MtGox.In:Proceedings of the 2014 European Symposium on Research in Computer Security.Wroclaw,Poland:ESORICS,2014.313-326
37 Karame G O,Androulaki E,Roeschlin M,Gervais A,?Capkun S.Misbehavior in bitcoin:a study of doublespending and accountability.ACM Transactions on Information and System Security(TISSEC),2015,18(1):No.2
38 Rajput U,Abbas F,Heekuck O.A solution towards eliminating transaction malleability in bitcoin.Journal of Information Processing Systems,2018,14(4):837-850
39 Lewenberg Y,Bachrach Y,Sompolinsky Y,Zohar A,Rosenschein J S.Bitcoin mining pools:a cooperative game theoretic analysis.In:Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems.Istanbul,Turkey:AAMAS,2015.919-927
40 Nayak K,Kumar S,Miller A,Shi E.Stubborn mining:generalizing selfish mining and combining with an eclipse attack.In:Proceedings of the 2016 IEEE European Symposium on Security and Privacy(EuroS&P).Saarbrucken,Germany:IEEE,2016.305-320
41 Reed M G,Syverson P F,Goldschlag D M.Anonymous connections and onion routing.IEEE Journal on Selected areas in Communications,1998,16(4):482-494
42 Bonneau J,Narayanan A,Miller A,Clark J,Kroll J A,Felten E W.Mixcoin:anonymity for bitcoin with accountable mixes.In:Proceedings of the 2014 International Conference on Financial Cryptography and Data Security.Christ Church,Barbados:Springer,2014.486-504
43 Valenta L,Rowan B.Blindcoin:blinded,accountable mixes for bitcoin.In:Proceedings of the 2015 International Conference on Financial Cryptography and Data Security.San Juan,Puerto Rico:Springer,2015.112-126
44 Maxwell G.CoinJoin:bitcoin privacy for the real world[Online].available:https://bitcointalk.org/index.php,October 5,2018
45 Ruffing T,Moreno-Sanchez P,Kate A.CoinShuffle:practical decentralized coin mixing for bitcoin.In:Proceedings of the 2014 European Symposium on Research in Computer Security.Wroclaw,Poland:ESORICS,2014.345-364
46 Ziegeldorf J H,Grossmann F,Henze M,Inden N,Wehrle K.Coinparty:secure multi-party mixing of bitcoins.In:Proceedings of the 5th ACM Conference on Data and Application Security and Privacy.New York,USA:ACM,2015.75-86
47 Yuan Yong,Ni Xiao-Chun,Zeng Shuai,Wang Fei-Yue.Blockchain consensus algorithms:the state of the art and future trends.Acta Automatica Sinica,2018,44(11):2011-2022(袁勇,倪晓春,曾帅,王飞跃.区块链共识算法的发展现状与展望.自动化学报,2018,44(11):2011-2022)
48 Kiayias A,Panagiotakos G.Speed-security tradeoffs in blockchain protocols[Online].available:https://eprint.iacr.org/2015/1019.pdf,October 5,2018
49 Sompolinsky Y,Zohar A.Secure high-rate transaction processing in bitcoin.In:Proceedings of the 2015 International Conference on Financial Cryptography and Data Security.San Juan,Puerto Rico:Springer,2015.507-527
50 Pass R,Seeman L,Shelat A.Analysis of the blockchain protocol in asynchronous networks.In:Proceedings of the 2017Annual International Conference on the Theory and Applications of Cryptographic Techniques.Paris,France:EURO-CRYPT,2017.643-673
51 Kiayias A,Russell A,David B,Oliynykov R.Ouroboros:a provably secure proof-of-stake blockchain protocol.In:Proceedings of the 2017 Annual International Cryptology Conference.Santa Barbara,USA:CRYPTO,2017.357-388
52 Bentov I,Lee C,Mizrahi A,Rosenfeld M.Proof of activity:extending bitcoin s proof of work via proof of stake[extended abstract].ACM SIGMETRICS Performance Evaluation Review,2014,42(3):34-37
53 Duong T,Fan L,Zhou H S.2-hop blockchain:combining proof-of-work and proof-of-stake securely[Online].available:https://eprint.iacr.org/2016/716.pdf,October 5,2018
54 Gilad Y,Hemo R,Micali S,Vlachos G,Zeldovich N.Algorand:scaling byzantine agreements for cryptocurrencies.In:Proceedings of the 26th Symposium on Operating Systems Principles.Shanghai,China:ACM,2017.51-68
55 Chen L,Xu L,Shah N,Gao Z,Lu Y,Shi W.On security analysis of proof-of-elapsed-time(poet).In:Proceedings of the 2017 International Symposium on Stabilization,Safety,and Security of Distributed Systems.MA,USA:Springer,Cham,2017.282-297
56 Milutinovic M,He W,Wu H,Kanwal M.Proof of luck:an efficient blockchain consensus protocol[Online],available:https://eprint.iacr.org/2017/249.pdf,October 5,2018
57 Zeng Shuai,Yuan Yong,Ni Xiao-Chun,Wang Fei-Yue.Scaling blockchain towards bitcoin:key technologies,constraints and related issues.Acta Automatica Sinica,DOI:10.16383/j.aas.c180100(曾帅,袁勇,倪晓春,王飞跃.面向比特币的区块链扩容:关键技术,制约因素与衍生问题.自动化学报,DOI:10.16383/j.aas.c180100)
58 Luu L,Narayanan V,Zheng C,Baweja K,Gilbert S,Saxena P.A secure sharding protocol for open blockchains.In:Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM,2016.17-30
59 Kokoris-Kogias E,Jovanovic P,Gasser L,Gailly N,Ford B.Omniledger:a secure,scale-out,decentralized ledger via sharding.In:Proceedings of the 2018 IEEE Symposium on Security and Privacy(SP).CA,USA:IEEE,2018.583-598
60 Eyal I,Sirer E G.Majority is not enough:Bitcoin mining is vulnerable.Communications of the ACM,2018,61(7):95-102
61 Bag S,Ruj S,Sakurai K.Bitcoin block withholding attack:analysis and mitigation.IEEE Transactions on Information Forensics and Security,2017,12(8):1967-1978
62 Kiayias A,Koutsoupias E,Kyropoulou M,Tselekounis Y.Blockchain mining games.In:Proceedings of the 2016 ACMConference on Economics and Computation.Maastricht,The Netherlands:ACM,2016.365-382
63 Carlsten M,Kalodner H,Weinberg S M,Narayanan A.On the instability of bitcoin without the block reward.In:Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.Vienna,Austria:ACM,2016.154-167
64 Luu L,Chu D H,Olickel H,Saxena P,Hobor A.Making smart contracts smarter.In:Proceedings of the 2016 ACMSIGSAC Conference on Computer and Communications Security.Vienna,Austria:ACM,2016:254-269
65 Atzei N,Bartoletti M,Cimoli T.A survey of attacks on ethereum smart contracts(sok).In:Proceedings of the2017 International Conference on Principles of Security and Trust.Uppsala,Sweden:Springer,2017.164-186
66 Zhang F,Cecchetti E,Croman K,Juels A,Shi E.Town crier:an authenticated data feed for smart contracts.In:Proceedings of the 2016 ACM SIGSAC conference on computer and communications security.Vienna,Austria:ACM,2016.270-282
67 Peterson J,Krug J,Zoltu M,Williams A K,Alexander S.Augur:a decentralized oracle and prediction market platform[Online].available:http://media.abnnewswire.net/media/en/whitepaper/rpt/93144-Augur Whitepaper.pdf,October 5,2018
68 Grishchenko I,Maffei M,Schneidewind C.A semantic framework for the security analysis of ethereum smart contracts.In:Proceedings of the 2018 International Conference on Principles of Security and Trust.Thessaloniki,Greece:Springer,2018.243-269
69 Kosba A,Miller A,Shi E,Wen Z,Papamanthou C.Hawk:The blockchain model of cryptography and privacypreserving smart contracts.In:Proceedings of the 2016IEEE Symposium on Security and Privacy(SP).CA,USA:IEEE,2016.839-858
70 Yuan Yong,Zhou Tao,Zhou Ao-Ying,Duan Yong-Chao,Wang Fei-Yue.Blockchain technology:from data intelligence to knowledge automation.Acta Automatica Sinica,2017,43(9):1485-1490(袁勇,周涛,周傲英,段永朝,王飞跃.区块链技术:从数据智能到知识自动化.自动化学报,2017,43(9):1485-1490)
71 Yuan Yong,Wang Fei-Yue.Parallel blockchain:concept,methods and issues.Acta Automatica Sinica,2017,43(10):1703-1712(袁勇,王飞跃.平行区块链:概念,方法与内涵解析.自动化学报,2017,43(10):1703-1712)
72 Thomas S,Schwartz E.A protocol for interledger payments[Online].available:https://interledger.org/interledger.pdf,October 5,2018
73 Collberg C,Davidson J,Giacobazzi R,Gu Y X.Toward digital asset protection.IEEE Intelligent Systems,2011,26(6):8-13
74 Wang Fei-Yue.Computational experiments for behavior analysis and decision evaluation of complex systems.Journal of System Simulation,2004,16(5):893-897(王飞跃.计算实验方法与复杂系统行为分析和决策评估.系统仿真学报,2004,16(5):893-897)
75 Wang Fei-Yue.Artificial societies,computational experiments,and parallel systems:a discussion on computational theory of complex social-economic systems.Complex Systems and Complexity Science,2004,1(4):25-35(王飞跃.人工社会、计算实验、平行系统:关于复杂社会经济系统计算研究的讨论.复杂系统与复杂性科学,2004,1(4):25-35)