New attack mode BDOS is threatening Bitcoin security
New attack mode BDOS
Recently, the research institute IC3 (The initiative for cryptocurrencies and contracts) jointly established by Cornell University and Israel Institute of Technology jointly announced: "We have discovered a blockchain against the Satoshi consensus protocol (BCH and BTC) The cost of a denial-of-service attack before this attack mode is much lower (only 20% of the network's computing power is required). The Bitcoin blockchain is based on POW mining to maintain system security, and the attacker rewards by destroying mining , Thereby causing rational miners to stop mining. This attack is called Blockchain Denial of Service (BDoS). "
BDOS Analysis
IC3 was developed by Carnegie Mellon University, Cornell University, Cornell Institute of Technology, EPFL, Blockchain research team composed of faculty members at ETH Zurich, UC Berkeley, University College London, UIUC and Technion College at Cornell Institute of Technology in New York. The POW-type blockchain has always been the focus of their attention. When they announced the discovery of the BDOS attack mode, they also published a professional paper that showed how attackers could induce rational miners to stop mining and proposed solutions.
The paper believes that BDoS attacks can stop the blockchain by manipulating rewards to rational miners. The attacker will put the system in a state where the rational miner will stop mining. In order to cause the block computing power to stop, the attacker will first generate a block and only publish its block header. Given a block header, a rational miner has three options:
1. Continue mining the main chain and then ignore the block header;
2. Because it is uncertain which transactions are in the block, first dig an empty block (SPV mining);
3 Can stop mining without consuming computing power or winning rewards;
If the miner chooses to ignore this block header and continue to mine the main chain (defense block), the attacker will quickly broadcast the complete block (attack block) corresponding to the block header. Because the network connectivity of each node in the peer-to-peer network is inconsistent, some nodes will receive the attack block first, and some nodes will receive the defensive block first. This will cause two groups of miners to play a game and seize the right to book. Under a certain probability, the rational miner loses the game, the defensive block will never be included in the main chain and become an orphan block. The rational miner loses a block of revenue and wastes computing power and mining electricity costs.
In option 2, the default offense block is legal. Continue to follow the offense block chain and dig an empty block in advance. Originally, the block revenue can be obtained, but the attacker can not send the complete block information, making this block impossible. On the main chain, miners who mine offensive blocks and normal mining will lose a block of revenue.
The researchers have concluded that no matter whether a miner mines a defensive block or an offensive block, the attacker can make the miner unprofitable, so the best option for the miner is to shut down and not dig. So, this attack can bring down the Bitcoin (BCH and BTC) network.
Comparison between BDOS and DOS. Compared
with DOS attacks, if an attacker wants to perform a DoS attack, the computing power possessed by the attacker is higher than the sum of other participants, that is, 51% of the attack. For major cryptocurrencies, 51% attacks are very expensive for most entities. The BDOS attack threshold is even lower, requiring 20% of the computing power to carry out this attack.
Compared with a 51% attack, the 51% attack threshold is higher, but it can destroy consistency and benefit from double spending. This is not the case in BDOS attacks. Attackers cannot naturally benefit from the attack, but actually sacrifice their own mining rewards to attack.
How to combat BDOS
Although the BDOS computing power requirements are lower than 51% attacks, the threshold for 20% is still high for mainstream currencies such as BTC and BCH that have strong computing power protection. If you want to avoid DBOS attacks, you must increase the computing power of the entire network as much as possible. After all, 20% of the computing power is the investment of real gold and silver, and the attackers do not have any gains. It belongs to the injured one thousand and the loss is 800 the behavior of.
The IC3 team also proposed a solution. IC3 proposes a small modification to the consensus rules, so that miners can give lower priority to blocks whose block header is above a certain threshold time (such as 1 minute). level. This will increase the chance for an attacker to lose the block spread competition, and thus reduce the effectiveness of BDoS attacks.
Another possible solution for BDoS attacks is to use the solitary block reward mechanism, which is also currently being adopted by Ethereum. Miners who mine solitary blocks can also get block rewards, and the mining power will not be wasted. If the solitary block reward mechanism is used, rational miners can continue to maintain computing power in BDoS attacks. Even if option 1 is not obtained, the rational miners will be rewarded (equivalent to the Ethereum full block reward). 7/8).