1 a drivechain bip enabling the op count acks opcode to
play

1 A Drivechain BIP enabling the OP_COUNT_ACKS opcode to add - PowerPoint PPT Presentation

Jul 09, 2023 •276 likes •676 views

1 A Drivechain BIP enabling the OP_COUNT_ACKS opcode to add Bitcoin drivechain capabilities as a soft-fork. BUILDING ON BITCOIN Conference Lisboa, Portugal, 3-4 July 2018 Sergio Demian Lerner Chief Scientist, RSK Labs www. rsk .co 2 About

  1. 1

  2. A Drivechain BIP enabling the OP_COUNT_ACKS opcode to add Bitcoin drivechain capabilities as a soft-fork. BUILDING ON BITCOIN Conference Lisboa, Portugal, 3-4 July 2018 Sergio Demian Lerner Chief Scientist, RSK Labs www. rsk .co 2

  3. About me @SDLerner Lic. Sergio Demian Lerner Computer Security Researcher, Chief Scientist, RSK Labs Inc. 3

  4. Code Product Description 2012 Bitcoin Core Lack of orphan tx limit prior v0.5.3 CVE-2012-3789 Bitcoin Core Multiple DoS Vulnerabilties in Satoshi client CVE-2012-4683 Bitcoin Core Targeted DoS by CPU exhaustion using alerts CVE-2012-4684 Bitcoin Core Network-wide DoS using malleable signatures in alerts CVE-2013-2272 Bitcoin Core Remote discovery of node's wallet addresses CVE-2013-2292 Bitcoin Protocol A transaction that takes 3 minutes to verify using O(n^2) hashing CVE-2013-2293 Bitcoin Core Continuous hard disk seek 2014 BitcoinJ Security vulnerability in BouncyCastle ECDSA (BJB-22) 2014 Ethereum/Bitcoin Unhandled point-at-infinity in public key recovery 2016 Bitcoin protocol A Bitcoin transaction that takes at least 5 hours to verify 2016 Ethereum Uncle Mining, an Ethereum Consensus Protocol Flaw CVE-2017-12842 Bitcoin protocol Leaf-Node weakness in Bitcoin Merkle Tree Design 4

  5. Bitcoin & Radical Innovation Confidential Transactions Faster confirmation Stateful smart-contracts Onchain space 5

  6. Where the new transactions go? • Overlay protocols } Preserve the 10 minute block interval • Extension blocks Increases block size in the same network • Parallel blockchains (now generically called sidechains) 6

  7. Sidechains: who controls the locked funds? • Consensus-enforced (original SPV sidechains) • Federation • Miners (drivechains/Hashrate Escrow) • Hybrids 7

  8. RSK blockchain • Uses Smart Bitcoin as its native currency • Provides stateful smart-contracts and 15-secs block times. • 21% of Bitcoin’s hashing rate (in merge -mining) • 2-way (1:1) peg with global federation • Soon to deploy custom and auditable HSMs for federators • 2-way peg controlled by smart-contract • Next release: intelligent HSMs that validate PoW, real-world delays and generate time-locked transactions with covenants. 8

  9. SPV Sidechain 9

  10. The RSK Case CountAcks Drivechain in the future? 10

  11. Drivechain / Hashrate Escrow Bitcoin Sidechain Blockchain 11

  12. Drivechain / Hashrate Escrow I must signal the sidechain wants to execute H(T) transaction T. Command: Immediately Release of Funds using transaction T 12

  13. Drivechain / Hashrate Escrow I saw the command too. H(T) Signal it! H(T) Command: Immediately Release of Funds using transaction T 13

  14. Drivechain / Hashrate Escrow Now because of our signals, T has become valid. H(T) Let’s include it! H(T) T 14

  15. ACKs and NACKs • “ACK:” following FULL_ACK_LIST • FULL_ACK_LIST: { CHAIN_ACK_LIST... } • CHAIN_ACK_LIST: { sidechain_id ACK_LIST } • ACK_LIST: { ACK... } • ACK: { tx_hash_prefix [ tx_hash_preimage ] } • {} = empty list 15

  16. ACKs and NACKs • ACK: { { XNET { {} 0x101010....10 } } } Proposal and ack in XNET h(0x10....10)=0xbaa501b37267c06d8d20f316622f90a3e343e9e730771f2ce2e314b794e31853) • ACK: { { XNET { {0xba} } } } 2nd positive ack for the proposal • ACK: { { XNET {} } } negative ack for all proposals in XNET • ACK: { {XNET {} } { YNET { {0x3e9e7307} } } } Mix for 2 sidechains • Note: serialization is binary, not ASCII. 16

  17. OP_COUNT_ACKS • The opcode has the following arguments: • Poll_start_blocknum • sidechain_id • ack_period (in blocks) • delay_period (in blocks) • liveness_period (in blocks) Delay Period Ack_period liveness_period Currently max 12960 Currently max 288 Min 100 blocks Currently max 288 17

  18. OP_COUNT_ACKS • The opcode results: • ACK count • NACK count Currently max 288 18

  19. Sample ScriptPub / Scriptsig (no P2SH / P2WSH) ScriptSig: 521000 ScriptPub: 58 4e 45 54 // ("XNET") 144 1440 144 OP_COUNT_ACKS // Push Results OP_2DUP // duplicate ack counts OP_GREATERTHAN // more positive than negative acks ? OP_VERIFY // abort if not OP_SUB // compute positive minus negative, push result into stack 72 // difference (positive-negative) acks required OP_GREATERTHAN // More than 50% positive difference, put 1 on stack, else put 0 19

  20. Sample script: Drivechain + 2 notaries • ScriptPub: 58434f494e 144 144 OP_COUNT_ACKS OP_SWAP 0 OP_TOALTSTACK OP_FROMALTSTACK OP_ADD OP_IF <pubkey1> OP_DUP OP_ADD OP_DUP OP_ADD OP_FROMALTSTACK OP_ADD OP_DUP OP_ADD OP_ADD OP_TOALTSTACK OP_ENDIF OP_SWAP OP_2DUP OP_GREATERTHAN OP_VERIFY OP_IF <pubkey2> OP_SUB 72 OP_GREATERTHAN OP_FROMALTSTACK OP_ADD OP_TOALTSTACK OP_ENDIF • ScriptSig: 1 <Signature1> 1 <Signature2> 500000 • Condition: x=(4 * sig + acks), then (x > naks) and (x-naks > 72) 20

  21. Mandatory Delays & Chances to Revert in RSK RSK User commands RSK Smart-contract RSK Smart-contract Federation sign fund release receives command buids tx commands transaction and forces delay sign tx Drivechain RSK Smart-contract receives signatures, Acks threshold reached. Miners acknowledge during a delays, and inform COUNT_ACKS forces delay poll period and forces delay miners to ack Funds transfer User use Transaction is included CheckSequenceVerify output enabled funds forced delay with covenants in block 21

  22. CountAcks Design Rationale • Lightweight soft-fork • Interoperability with scripting system • Zero risk of invalidating a block • No additional computation during blockchain management and re-org. • Incentive compatible: sidechain pays for withdrawal cost • No inherent change in Bitcoin security model • Bounded computation of poll results (2 sigops cost) • Strong protection from DoS attacks • Minimum block space consumption (800 bytes per withdrawal typical) • Zero risk of cross-secondary chain invalidation • Time for proactive and reactive measures (up to 90 days) 22

  23. Comparison between CountAcks BIP and Hashrate Escrows BIP memory use Property CountAcks Hashrate Escrows Lines of code ~600 ~4000 Initial sidechain registration (in DB) 0 125 Kbytes Withdrawal (max blockchain space) 3 Kbytes 157 Kbytes Withdrawal (avg blockchain space) 864 bytes 157 Kbytes Sources: https://github.com/drivechain-project/docs/blob/master/bip1-hashrate-escrow.md https://github.com/rsksmart/bips/blob/master/BIP-R11.md 23

  24. New BIP and reference implementation https://github.com/rsksmart/bips/blob/master/BIP-R11.md https://github.com/rootstock/bitcoin/tree/op-count- acks_devel 24

  25. Summary • Bitcoin federated sidechains have risks of federators stealing the locked funds • Adding a CountAcks drivechain layer miners prevent federators malicious activity • You can use also use a pure CountAcks sidechain. www.RSK.co @SDLerner | @RSKSmart 25

  26. Interoperability • COUNT_ACKS opcode allow the combination of a drivechain with any other feature of the scripting system. • Allows to bootstrap a merged-mining two-way pegged cryptocurrency from an initial state when is has no merge-mining engagement to a state where it has a high merge-mining engagement, using notary signatures during the initial period. • scriptPub can be parametrized for any combination 26

  27. Zero risk of block invalidation • The opcode and miner's ack-ing algorithm was designed such that acks in the coinbase field can never invalidate a block. • This prevents attacks against pools from malicious or faulty proxy consensus observer plug-ins • Reduces the risk for miners not implementing the soft-fork of extending a soft-forked block that is invalid because of the coinbase tag. 27

  28. Minimum Computation and Incentive compatibility • No blockchain computation overhead if there is no sidechain activity • Sidechain pays for every cycle of computation 28

  29. Bitcoin security model • poll liveness period to be equal or higher than 100 blocks, to respect the same maturity rule as coinbases (enables urgent community hard- forks) • Any blockchain that uses the bitcoin unit of account and holds a high amount of bitcoins could affect the security of Bitcoin. • Also merge-mining can modify the incentives of Bitcoin miners, and those incentives should be analyzed. 29

  30. Time for proactive and reactive measures • 2 days max for polls allow humans to detect corrupted or hacked miners and warn to stop acknowledge process. • 30 days before transaction becomes valid prevents from massive dishonest miners behavior. • 2 days of liveness enables publication even if miners interest decrease significantly. 30

  31. Bounded computation of poll results • The liveness period and ack period have maximum values (currently 4320 blocks, or one month). • Benefits: • sets a bound to opcode running time • is compatible with blockchain pruning • Still to cache one months of tags requires 1.3 Mbytes top 31

  32. Strong protection from DoS attacks • Polls created for unknown sidechains can be safely ignored by miners. • Unknown or fake transaction candidates do interfere with honest candidates and are automatically negatively acknowledged. 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Drivechain Overview and Misconceptions Paul Sztorc TAB Conf Atlanta, GA Jan 27, 2018

Drivechain Overview and Misconceptions Paul Sztorc TAB Conf Atlanta, GA Jan 27, 2018

1 Drivechain Overview and Misconceptions Paul Sztorc TAB Conf Atlanta, GA Jan 27, 2018 v1.0 Feb 4 th , 2018 v2.0 2 3 Drivechain gives miners more power Optionality Criterion DC allows users to choose to make a

1.07k views • 80 slides
Drivechain Overview, Demo, Teasers Construct 2017 January 30 th Paul Sztorc Agenda 1. What

Drivechain Overview, Demo, Teasers Construct 2017 January 30 th Paul Sztorc Agenda 1. What

Drivechain Overview, Demo, Teasers Construct 2017 January 30 th Paul Sztorc Agenda 1. What are sidechains? How SCs must work. 2. Design Philosophy Specific choices made by DC. 3. Some technical details, and diagrams. 4. Screenshots of

578 views • 21 slides
Midterm Review Jason Mars Monday, February 11, 13 ISA - Instruction Length Fixed Length

Midterm Review Jason Mars Monday, February 11, 13 ISA - Instruction Length Fixed Length

Midterm Review Jason Mars Monday, February 11, 13 ISA - Instruction Length Fixed Length Variable Length 32 bits shift opcode rs rt rd funct amount 32 bits opcode rs rt immediate / offset 32 bits opcode target 32 bits shift

954 views • 73 slides
Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements:

Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements:

Denial of Service A/acks Cunsheng Ding Department of CSE HKUST, Hong Kong Acknowledgements: Materials are taken from the Internet COMP4631 1 Agenda of this lecture Zombie computers, bots, botnets Denial of service (DoS) a/acks

630 views • 45 slides
Opcode statistics for detecting compiler settings Kenneth van Rijsbergen 1 1 MSc student System and

Opcode statistics for detecting compiler settings Kenneth van Rijsbergen 1 1 MSc student System and

Introduction Methodology Results Discussion Conclusion Opcode statistics for detecting compiler settings Kenneth van Rijsbergen 1 1 MSc student System and Network Engineering Faculty of Science University of Amsterdam 5 February 2018

622 views • 33 slides
pop-count update draft-ietf-pim-pop-count-03 pop-count version 3 changes Mainly changes to

pop-count update draft-ietf-pim-pop-count-03 pop-count version 3 changes Mainly changes to

pop-count update draft-ietf-pim-pop-count-03 pop-count version 3 changes Mainly changes to message format Allow for information fields to be optional Allow for defining new fields in the future New format for link speeds

239 views • 8 slides
WHAT IS THE POINT-IN-TIME COUNT? The Point-in-Time (PIT) count is a count of sheltered and

WHAT IS THE POINT-IN-TIME COUNT? The Point-in-Time (PIT) count is a count of sheltered and

WHAT IS THE POINT-IN-TIME COUNT? The Point-in-Time (PIT) count is a count of sheltered and unsheltered homeless persons on a single night in January. These counts reveal the number of homeless persons in our shelters and on our streets

1.09k views • 49 slides
A11y A%acks: Exploi1ng Accessibility in Opera1ng Systems

A11y A%acks: Exploi1ng Accessibility in Opera1ng Systems

A11y A%acks: Exploi1ng Accessibility in Opera1ng Systems Yeongjin Jang , Chengyu Song, Simon P. Chung, Tielei Wang, and Wenke Lee Georgia Ins;tute of

829 views • 39 slides
What is the Point-In- Time Count? The Point-in-Time (PIT) count is a count of sheltered and

What is the Point-In- Time Count? The Point-in-Time (PIT) count is a count of sheltered and

What is the Point-In- Time Count? The Point-in-Time (PIT) count is a count of sheltered and unsheltered homeless persons on a single night in January. These counts reveal the number of homeless persons in our shelters and on our

375 views • 10 slides
30/9/20 L.O To count in 25s Sc -I know what digit multiples of 25 end in -I can use reasoning

30/9/20 L.O To count in 25s Sc -I know what digit multiples of 25 end in -I can use reasoning

30/9/20 L.O To count in 25s Sc -I know what digit multiples of 25 end in -I can use reasoning to show my understanding 30/9/20 L.O To count in 25s Key Vocabulary Multiple Digit 30/9/20 L.O To count in 25s Starter Count up in 50s with

499 views • 14 slides
iSCSI PDU Header Notes Octet 0 Octet 1 Octet 2 Octet 3 AHS Data Length Length Always 48

iSCSI PDU Header Notes Octet 0 Octet 1 Octet 2 Octet 3 AHS Data Length Length Always 48

iSCSI PDU Header Notes Octet 0 Octet 1 Octet 2 Octet 3 AHS Data Length Length Always 48 bytes Opcode Opcode-specific fields 1. AHS_length is given in 4 byte words allowing a maximum size of 1020 bytes for BHS all combined AHSes. 2.

327 views • 3 slides
UI Redressing A-acks on Android Devices Marcus Niemietz

UI Redressing A-acks on Android Devices Marcus Niemietz

UI Redressing A-acks on Android Devices Marcus Niemietz Ruhr-University Bochum Horst Grtz InsAtute German Book Clickjacking und UI-Redressing

879 views • 54 slides
New ew Fa Faculty lty Li Life fe Hac acks: ks: So youre at a PUI Michelle L. Kovarik

New ew Fa Faculty lty Li Life fe Hac acks: ks: So youre at a PUI Michelle L. Kovarik

New ew Fa Faculty lty Li Life fe Hac acks: ks: So youre at a PUI Michelle L. Kovarik Trinity College, Hartford CT How can I meet the teaching expectations of a PUI while Teaching simultaneously producing publishable research? Be

254 views • 6 slides
Inference A)acks on Property- Preserving Encrypted Databases Charles

Inference A)acks on Property- Preserving Encrypted Databases Charles

Inference A)acks on Property- Preserving Encrypted Databases Charles V. Wright Portland State University @hackermath Joint work with Muhammad Naveed

1.24k views • 47 slides
Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a

Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a

Introduction to Computer Programming Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a repetition structure that iterates a specific number of times In contrast, a condition controlled loop iterates a

560 views • 39 slides
How we count them and how much they count: Conceptual framework and guidelines for statistics on

How we count them and how much they count: Conceptual framework and guidelines for statistics on

How we count them and how much they count: Conceptual framework and guidelines for statistics on cooperatives Marie J. Bouchard* Madeg Le Guernic ** Damien Rousselire *** * Chair, COPAC TWG on Co-op Statistics, Professor, Universit du

551 views • 17 slides
Micropayments From Centralized to Blockchain-based Distributed Schemes Ghada Almashaqbeh

Micropayments From Centralized to Blockchain-based Distributed Schemes Ghada Almashaqbeh

Micropayments From Centralized to Blockchain-based Distributed Schemes Ghada Almashaqbeh NuCypher Customer Merchant 2 Customer Merchant 3 Customer Merchant The Merchant could fail to provide the service and keep the customers money

366 views • 32 slides
F Facilitating M&amp;A Transactions ili i M&amp;A T i Terms, Conditions, Benefits and Pitfalls

F Facilitating M&amp;A Transactions ili i M&amp;A T i Terms, Conditions, Benefits and Pitfalls

F Facilitating M&amp;A Transactions ili i M&amp;A T i Terms, Conditions, Benefits and Pitfalls of Transaction Related Insurance Products September 2014 Presenters Jonathan Legge manages the Transactional Risk and Executive Liability

543 views • 18 slides
5 th Annual Municipal Finance Conference Track 1 Issues in Capital Markets and Credit Managing

5 th Annual Municipal Finance Conference Track 1 Issues in Capital Markets and Credit Managing

July 12, 2016 5 th Annual Municipal Finance Conference Track 1 Issues in Capital Markets and Credit Managing the Advance Refunding Option Authors: Andrew Kalotay / Lori Raineri Discussant: Dave Abel / William Blair When and When Not to

341 views • 10 slides
REAL ESTATE SETTLEMENT PROCEDURES ACT DEFINITIONS Application Changed Circumstances

REAL ESTATE SETTLEMENT PROCEDURES ACT DEFINITIONS Application Changed Circumstances

REAL ESTATE SETTLEMENT PROCEDURES ACT DEFINITIONS Application Changed Circumstances Federally Related Mortgage Loan Required Use Settlement Service COVERAGE RESPA applies to all Federally Related Mortgage Loans

784 views • 47 slides
IBE vs Traditional Public Key Radia Perlman Radia.perlman@sun.com 1 Notes Im not talking

IBE vs Traditional Public Key Radia Perlman Radia.perlman@sun.com 1 Notes Im not talking

IBE vs Traditional Public Key Radia Perlman Radia.perlman@sun.com 1 Notes Im not talking about details of particular implementations Im talking about intrinsic properties of IBE vs traditional concepts of public key-based

399 views • 5 slides
Degrees of Incoherence: a framework for Bayes/non-Bayes compromises Or, How I learned to Reduce

Degrees of Incoherence: a framework for Bayes/non-Bayes compromises Or, How I learned to Reduce

Degrees of Incoherence: a framework for Bayes/non-Bayes compromises Or, How I learned to Reduce my Incoherence Mark J. Schervish, Teddy Seidenfeld, and Joseph B. Kadane Carnegie Mellon University Mark Schervish Jay Kadane 1 Outline De

591 views • 32 slides
The ElGamal Public-key System Dan Boneh Recap:

The ElGamal Public-key System Dan Boneh Recap:

Online Cryptography Course

632 views • 42 slides
SpiderOak 6 years Idea: Create a central repository of your data Client based

SpiderOak 6 years Idea: Create a central repository of your data Client based

SpiderOak 6 years Idea: Create a central repository of your data Client based Windows, Mac, Linux, mobile platforms Backup data from all your devices Share any folder File-Synchronization of any folder Unique Feature

564 views • 13 slides

More recommend