How consensus mechanism influence the transaction safety level?
共识机制如何影响交易安全水平?
Along with many industries are considering to accept cryptocurrency payment, especially on e-commerce business section. What should they must concern on choosing the crypto payment gateway? You may find this article is long and dull. But there are some important matters you should know about blockchain before selecting payment gateway.
随着许多行业正在考虑接受加密货币支付,特别是在电子商务业务部分。他们在选择加密支付网关时应该注意什么?您可能会发现这篇文章又长又乏味。但是在选择支付网关之前,您应该在区块链上了解一些重要的事情。
Double spending means the digital asset is able to be spent twice. Anyone who know the loophole on the consensus mechanism of the network and with certain computation power on it is allow to attack. In fiat currency world we do not hear any double spending case. But in blockchain network it is not rare to happen.
双花是指数字资产能够花费两次。任何知道网络共识机制漏洞并具有一定计算能力的人都可以发起攻击。在法定货币世界中,我们没有听说过任何双重支出的情况。但在区块链网络中,这种情况并不少见。
In 2013, a user double-spent $9800 worth of Bitcoin through the payment service provider called OKPAY.
2013 年,用户通过名为 OKPAY 的支付服务提供商,双花了价值 9800 美元的比特币。
In May 2018, an unknown party with access to substantial amounts of hashpower was able to 51% attack Bitcoin Gold in order to pull of successful double-spend attacks against exchanges, worth approximately $17.5 million in total.
2018 年 5 月,一个拥有大量算力的匿名方,对比特币黄金进行 51% 的攻击,从而成功地对所发起总价值约为 1750 万美元双花攻击。
In June 2018, ZenCash was the target of a successful 51% attack with multiple double-spend transactions.
2018 年 6 月,ZenCash 成为51% 攻击的目标并多次成功双花交易。
(source: https://golden.com/wiki/Double-spend_attack_(blockchain)
In mid of 2020, the attacker tried to double-spend 465,444 ethereum classic (ETC), worth approximately $3.3 million, but only successfully double-spent 238,306 ETC, worth $1.68 million, according to the report.
2020年中,攻击者试图双花价值约330 万美元 的ETC,价值约330万美元,但仅成功双花价值2168万美元的ETC。
How does double spending attack happen?
Double spending attack is mostly happened by exploiting the transaction verification mechanism. As we know all transactions on blockchain network are required validation by validators / nodes. most of the common attack is by using the time of validation ‘s loophole.
双花攻击是怎么发生的?
双花攻击主要是利用交易验证机制进行的。众所周知,区块链网络上的所有交易都需要验证者/节点的验证。大多数常见的攻击是利用验证时间的漏洞。
Below are the different forms of double spending attack examples.
以下是不同形式的双花攻击示例。
Race attack :
Attacker sends two transactions to the network at the same time, one transaction is sent to himself — Tx1, (in order to increase the success rate of the attack, he is gave higher network fee on the transaction), and one transaction is sent to the merchant Tx2. Since the transaction sent to himself is with a higher fee, the probability of being mined is relatively high. If the merchant lose the purchased product before the transaction confirmation. Due to Tx2 will be turned to be invalided after broadcast Tx1 block on the network. Which means the merchant can received any payment.
竞赛攻击
攻击者同时向网络发送两笔交易,一笔交易发送给自己-Tx1,(为了提高攻击的成功率,对交易给予较高的网络费用),并将一笔交易发送给商家 Tx2。由于交易发送给自己的费用较高,被挖矿的概率相对较高。如果商家在交易确认之前发送购买的产品将丢失。由于在网络上广播 Tx1 块后 Tx2 将变为无效。这意味着商家可以收到任何付款。
Alternative history attack
This attack has a chance to work even if the merchant waits for some confirmations, but requires relatively high hashrate and risk of significant expense in wasted electricity to the attacking miner.
另类历史攻击
即使商家等待(1/确认)交易,这种攻击也有机会成功,但需要相对较高的算力,并且存在向攻击矿工浪费大量电力的风险。
The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining an alternative blockchain fork in which a fraudulent double-spending transaction is not included instead. After waiting for n confirmations, the merchant sends the product. If the attacker happened to find more than n blocks at honest chain, he releases his fork chain and regains his coins by the longest chain rules ; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the honest one. If he never manages to do this then the attack fails, the attacker has wasted a significant amount of electricity and the payment to the merchant will not be reversed.
攻击者向商家 / 网络提交向商家付款的交易,同时私下挖掘替代的支链,其中不包含欺诈性双花交易。等待交易n次确认后,商家发送产品。与此同时,攻击者不断的挖矿,打包交易,出块。支链上的交易都是真实的交易,并没有问题,只是少了它花费的交易。当这个支链的长度长于主链时,攻击者广播该支链。网络中的其他矿工,收到了这条支链,且发现该链长度更长。根据 最长链共识,其余矿工将在长链上进行挖矿,一次双花攻击就此实现。
51% Attack
When attackers are able to get 51% of the hashing power or more, they will be in a position to drive the longest chain by persuading the network nodes to follow their chain. Which mean attackers able by using their private fork chain which not include their transaction block to replace the honest chain.
After the replacement, merchants will found the transaction between with attacker was disappear.
51% 攻击
当攻击者能够获得 51% 或更多的全网算力时,他们将能够通过说服网络节点跟随他们的链来驱动最长的链。这意味着攻击者可以更快的打包出块,最终允许创建一条更长的支链,从而利用 最长链共识,强行替换主链。更换后,商家会发现与攻击者之间的交易消失了。
Above attacks are mostly target on the PoW and PoS consensus mechanism, In fact, PoS is more secure than PoW against those attacks. However, for the relatively small computing power network, PoS as the consensus algorithm are also vulnerable to 51% attacks especially at the initial stage.
以上攻击主要针对 PoW 和 PoS 共识机制,实际上 PoS 比 PoW 更安全。但是,对于算力相对较小的网络,PoS作为共识算法也容易受到51%的攻击,尤其是在初始阶段。
But PoS also facing other potential double spending attack such like:
但是 PoS 还面临其他潜在的双花攻击,例如
Long range attack:
Attacker goes back to the genesis block and forks their private chain which similar with 51% attack to make change on the honest chain completely (or partially) on the network. Different with 51% attack they are not required the hashing power but by collecting or purchase a stake accounts that were valid at a certain point in time at the past, so as to initiate the fork from an earlier point in time.
There have three possible methods to implemented the long range attack.
远距离攻击:
攻击者回到创世块并分叉他们的支链,这与 51% 攻击相似,以完全(或部分)在网络上对主链进行更改。与 51% 攻击不同,它们不需要算力,而是通过收集或购买过去某个时间点有效的权益账户,以便从更早的时间点发起分叉。
有三种可能的方法来实现远程攻击:
(source: https://eprint.iacr.org/2018/248.pdf)
Simple: Attacker back to the genesis block then produce blocks ahead of time at same rate and forge timestamps. When the nodes do not take into consideration timestamps, both honest and private chain are valid. And none of node will discover the potential double spending risk.
简单攻击:
攻击者回到创世块,然后以相同的速度提前生成块并伪造时间戳。当节点不考虑时间戳时,主链和支链都是有效的。并且没有一个节点会发现潜在的双花风险。
Posterior Corruption
When forging timestamps is no longer possible, Posterior Corruption” Is the other way to work on the double spending attack to PoS network is by using the retired validator account, Attacker will hack to get the private key of the retired validator or just simply operate with him to resign the block to the attacker ‘s fork chain to increase the chance won on the longest chain rules.
变节侵犯
当伪造时间戳不再可能时,对 PoS 网络进行双花攻击的另一种方法是变节侵犯, 通过使用旧的验证人私钥签署以前的旧区块,支链验证人通过购买,纳贿或许破解的方法获得旧验证人的私钥,或只需简单地与他一起操作,将区块交给攻击者的支链,以增加在最长链规则下成功的机会。
Eurus network are designed to solve align the tradition e-commence environment with blockchain, the most we are concern is how to prevent the cheat payment transaction. And it is the result why we applied PoA and IBFT 2.0. algorithm, which is an environment where all validators can be trusted, accountability for actions is present and a reliable transactions throughput can be achieved fulfilling business needs while tolerating byzantine faults and securing system operability enhance.
Eurus 网络旨在解决传统电子商务环境与区块链的对接,我们最关心的是如何防止欺诈支付交易。这就是我们应用 PoA 和 IBFT 2.0 算法。IBFT 2.0算法是一个可以信任所有验证器的环境,存在对操作的责任,并且可以实现可靠的交易吞吐量,满足业务需求,同时容忍拜占庭故障和保护系统可操作性增强。
(Source: Enhancing the performance of the blockchain consensus algorithm using multithreading technology; Hossam Samy , Ashraf Tammam , Ahmed Fahmy, Bahaa Hasan)
Stay ahead for our latest updates. Follow Eurus on:
继续关注我们的最新更新。
Official Website ; Twitter ; Reddit ; Telegram ; Linkedin
