attacks on mining protocol
play

Attacks on Mining Protocol Yujin Kwon KAIST 2018.03.22 1 - PowerPoint PPT Presentation

Jun 21, 2023 •332 likes •992 views

Attacks on Mining Protocol Yujin Kwon KAIST 2018.03.22 1 Cryptocurrencies Cryptocurrencies Increa rease! se! Cryptocurrencies Increa rease! se! 1 BTC $8.5K 1 ETH $180 Proof-of-Work Mining They use blockcha kchain to run

  1. Attacks on Mining Protocol Yujin Kwon KAIST 2018.03.22 1

  2. Cryptocurrencies

  3. Cryptocurrencies Increa rease! se!

  4. Cryptocurrencies Increa rease! se! 1 BTC ≈ $8.5K 1 ETH ≈ $180

  5. Proof-of-Work Mining  They use blockcha kchain to run without a trusted third party.  Miners generate blocks by spending their comp mputatio utationa nal power er.  If a miner generates a valid block, he earns re rewar ard d for t r the block.  This process is competi etiti tive ve. 12.5 5 BTC (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Block ockch chain ain Miner ner

  6. Proof-of-Work Mining  Problem Nonce – Miners must solve cryptographic problems to generate a valid block. – What is the valid nonce such that 𝐼(𝑑𝑝𝑜𝑢𝑓𝑜𝑢𝑡| 𝑜𝑝𝑜𝑑𝑓 < TARGET 𝐺 ? – 𝐼(∙) is a hash function based on SHA-256 in Bitcoin.

  7. Step (Miner)  New transactions are broadcast to all nodes.  Each node collects new transactions into a block.  Each node works on finding a difficult proof-of-work for its block.  When a node finds a proof-of-work, it broadcasts the block to all nodes.  Nodes express their acceptance of the block by working on creating the next chain, using the hash of the accepted block as the previous hash.

  8. Forks

  9. Forks

  10. Forks

  11. Forks

  12. Forks

  13. Forks  Only one head is accepted as a valid one among heads.  An attacker can generate forks intentionally by holding his found block for a while.

  14. Forks  Only one head is accepted as a valid one among heads.  An attacker can generate forks intentionally by holding his found block for a while.

  15. Mining Difficulty Inc ncrease! rease! iculty ulty Diffic Di Ti Time From “https://blockchain.info”

  16. Mining Pool Others rs 8% 8% Others rs Litecoi oin AntPool ol Others rs Ethpool ool 21% 21% 6% 6% 23% 23% 23% 23% AntPool ol 27% 27% BW.COM COM 30% 30% 6% 6% Ethfans ans ViaBTC BTC.COM C.COM 8% 8% 10% 10% F2Pool 7% 7% 11% 11% BW.COM COM LTC.top MPH F2Pool 7% 7% 10% 10% 10% 10% BitFury 23% 23% F2Pool nano Slush 11% 11% BTCC 30% 30% 11% 11% 7% 7% 11% 11% Ethereum Litecoin Bitcoin  Miners organize pools and prefer to mine together to reduce the variance of reward.  Currently, major players are pools.

  17. Mining Pool Pool manager 1. Give the problem. PPoW: 𝐼(𝑑𝑝𝑜𝑢𝑓𝑜𝑢𝑡| 𝑜𝑝𝑜𝑑𝑓 < target 𝑄 ? FPoW: 𝐼(𝑑𝑝𝑜𝑢𝑓𝑜𝑢𝑡| 𝑜𝑝𝑜𝑑𝑓 < TARGET 𝐺 ? (target 𝑄 ≫ TARGET 𝐺 ) Workers

  18. Mining Pool PPoW 463 125 Pool manager 352 432 FPoW 2. Submit shares. Workers

  19. Mining Pool Pool manager 3. Pay the reward. Workers

  20. Several Mining Attacks  The 51 % Attack  “The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries”, WEIS 2013  Selfish mining – Generate forks intentionally  “Majority Is Not Enough: Bitcoin Mining Is Vulnerable”, FC 2014  Block withholding (BWH) attack – Exploit the pools’ protocol  “The Miner’s Dilemma”, IEEE S&P 2015  “On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining”, CSF 2016  Fork after withholding (FAW) attack – Generate forks intentionally through pools  “Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin ”, ACM CCS 2017

  21. Selfish Mining 21

  22. Selfish Mining  Forks – Due to the nonzero block propagation delay, nodes can have different views. – When a fork occurs, only one block becomes valid. Which of two blocks should I choose as a main (N+1)-th th Bl Block chain? N-th th Bloc ock k (N-1) (N 1)-th th Block (N+1)-th th Block Fork

  23. Selfish Mining  Generate intentional forks adaptively. – An attacker finds a valid block and propagates the block when en anot other her bloc ock k is found d by an honest est node.  Force the honest miners into wasting victims’ computations on the stale public branch.

  24. Selfish Mining  𝛿: An attacker’s network capability  When an attacker possesses more than 33% computational power, the attacker can always earn extra rewards.

  25. Selfish Mining

  26. Selfish Mining Im Impra practical! ctical!

  27. Impractical  The value of γ cannot be 1 because when the intentional fork occurs, the honest miner who generated a block will select his block, not that of the selfish miner.  Honest miners can easily detect that their pool manager is a selfish mining attacker. – If the manager does not propagate blocks immediately when honest miners generate FPoWs, the honest miners will know that their pool manager is an attacker. – The blockchain has an abnormal shape when a selfish miner exists.

  28. Block Withholding Attack 28

  29. Block Withholding (BWH) Attack 463 125 Pool manager 352 432 Withhold Submit only PPoWs. An Attacker

  30. Block Withholding (BWH) Attack  An attacker joins the victim pool.  She should split her computational power into solo mining and malicious pool mining (BWH attack).  She receives unearned wages while only pretending to contribute work to the pool. Solo Pool Pool BWH Attack Mining Attacker

  31. Block Withholding (BWH) Attack

  32. Result Infiltration mining power Attacker relative reward Victim relative reward  The BWH attack is always profitable.

  33. The Miners’ dilemma (S&P 2015)  Pools can launch the BWH attack each other through infiltration. Infiltration from Pool 1 into Pool 2 Po Pool ol 1 Po Pool ol 2 Infiltration from Pool 2 into Pool 1

  34. Result  When they execute the BWH attack each other, both of them make a loss.

  35. The Miners’ dilemma (S&P 2015) From “The Miner’s Dilemma”  The equilibrium reward of the pool is inferi nferior or compared to the no-attack scenario.  The fact that the BWH attack is not ot co commo mmon n may be explained.

  36. Fork After Withholding Attack 36

  37. FAW Attack Against One Pool Submit an FPoW to the pool only Tar arge get t poo ool if others generate another block. Otherwise, throw away her FPoW. Pool Pool Solo Mining Attacker Others rs

  38. FAW Attack Against One Pool Submit an FPoW to the pool only Tar arge get t poo ool if others generate another block. Otherwise, throw away her FPoW. Pool Pool Solo Mining Attacker Others rs  An attacker generates forks intentionally through a pool!

  39. FAW vs BWH Case 1) When an attacker finds an FPoW through solo mining… FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs

  40. FAW vs BWH Case 1) When an attacker finds an FPoW through solo mining… FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain The attacker earns the block reward. Victim ctim Othe hers rs

  41. FAW vs BWH Case 2) When an honest miner in the victim pool finds an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs

  42. FAW vs BWH Case 2) When an honest miner in the victim pool finds an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain The victim earns the block reward and shares the reward with the attacker. Victim ctim Othe hers rs

  43. FAW vs BWH Case 3) When only others find an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs

  44. FAW vs BWH Case 3) When only others find an FPoW … FAW/ W/ BWH Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Others earn the block reward. Victim ctim Othe hers rs

  45. FAW vs BWH Case 4) When the attacker finds an FPoW in the victim pool, BWH and others also find another FPoW … Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Victim ctim Othe hers rs

  46. FAW vs BWH Case 4) When the attacker finds an FPoW in the victim pool, BWH and others also find another FPoW … Attack acker er (N (N-1) 1)-th th Block New Block ock N-th th Bloc ock k (N+1)-th th Block Blockch ockchain ain Others earn the block reward. Victim ctim Othe hers rs

  47. FAW vs BWH Case 4) When the attacker finds an FPoW in the victim pool, FAW and others also find another FPoW … Attack acker er Attacker’s Ne New Block ock (N (N-1) 1)-th th Block N-th th Bloc ock k (N+1)-th th Block Others’ Blockch ockchain ain Ne New Block ock Victim ctim Othe hers rs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Protocol Attacks What is a protocol attack? How does it work? Different types of

Protocol Attacks What is a protocol attack? How does it work? Different types of

Outline : Part 1 Introduction Protocol Attacks What is a protocol attack? How does it work? Different types of protocol attack By Sushant Rewaskar Introduction: Types of attacks What is a protocol attack? Buffer overflow

518 views • 13 slides
On instabilities of the Bitcoin protocol Ricardo P erez-Marco @rperezmarco CNRS, IMJ-PRG,

On instabilities of the Bitcoin protocol Ricardo P erez-Marco @rperezmarco CNRS, IMJ-PRG,

Dynamical instability Perdurance of the Bitcoin protocol. Hard forks Double spend attacks Catch-up mining instability On instabilities of the Bitcoin protocol Ricardo P erez-Marco @rperezmarco CNRS, IMJ-PRG, Univ. Paris 7 Breaking

1.23k views • 85 slides
Finding Protocol Manipulation Attacks Nupur Kothari Ratul Mahajan, Todd Millstein, Ramesh

Finding Protocol Manipulation Attacks Nupur Kothari Ratul Mahajan, Todd Millstein, Ramesh

Finding Protocol Manipulation Attacks Nupur Kothari Ratul Mahajan, Todd Millstein, Ramesh Govindan, Madanlal Musuvathi Manipulation Attacks Adversaries induce victim into undesirable behavior by lying in their messages Exploit partial

216 views • 19 slides
Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate

Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate

Attacks on PoW systems Yujin Kwon KAIST 1 Various Attacks Double Spending Generate forks intentionally Selfish mining Generate forks intentionally Majority Is Not Enough: Bitcoin Mining Is Vulnerable, FC 2014

466 views • 46 slides
Analysis of Control, Data separation in ForCES protocol for protection against DoS attacks

Analysis of Control, Data separation in ForCES protocol for protection against DoS attacks

Analysis of Control, Data separation in ForCES protocol for protection against DoS attacks Hormuzd Khosravi Shashidhar Lakkavalli Lily Yang 60 th IETF Meeting, San Diego 1 Problem Statement Requirements RFC 3654 Protection against

629 views • 7 slides
Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks

Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks

Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks Author: Ralf-Philipp Weinmann University of Luxembourg WOOT, USENIX, 2012. Presenter: Hyuntae Kim Part 1. Introduction - GSM overview - MS-BTS

1.2k views • 42 slides
On Adaptive Attacks against Jao-Urbaniks Isogeny-Based Protocol Africacrypt, July 2020 Andrea

On Adaptive Attacks against Jao-Urbaniks Isogeny-Based Protocol Africacrypt, July 2020 Andrea

On Adaptive Attacks against Jao-Urbaniks Isogeny-Based Protocol Africacrypt, July 2020 Andrea Basso 1 , P eter Kutas 1 , Simon-Philipp Merz 2 , Christophe Petit 1 , Charlotte Weitk amper 1 University of Birmingham, UK Royal Holloway,

575 views • 19 slides
Key Reinstallation Attacks: Breaking the WPA2 Protocol Mathy Vanhoef @vanhoefm Black Hat

Key Reinstallation Attacks: Breaking the WPA2 Protocol Mathy Vanhoef @vanhoefm Black Hat

Key Reinstallation Attacks: Breaking the WPA2 Protocol Mathy Vanhoef @vanhoefm Black Hat Europe, 7 December 2017 Introduction PhD Defense, July 2016: You recommend WPA2 with AES, but are you sure thats secure? Seems so! No

857 views • 56 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw

OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw

OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw Jarecki, Hugo Krawczyk, Jiayu Xu Motivation: Password Authentication Passwords are the prevalent tool for authentication Passwords are vulnerable

481 views • 22 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Customized protocol modeling for detection of guessing and DoS attacks Bogdan Groza Marius Minea

Customized protocol modeling for detection of guessing and DoS attacks Bogdan Groza Marius Minea

Customized protocol modeling for detection of guessing and DoS attacks Bogdan Groza Marius Minea Institute e-Austria Timi soara and Politehnica University of Timi soara Formal Methods for Components and Objects Graz, 30 November 2010

416 views • 26 slides
Mining Threat-intelligence from Billion- scale SSH Brute-Force Attacks Yuming Wu 1 , Phuong M.

Mining Threat-intelligence from Billion- scale SSH Brute-Force Attacks Yuming Wu 1 , Phuong M.

Mining Threat-intelligence from Billion- scale SSH Brute-Force Attacks Yuming Wu 1 , Phuong M. Cao 1 , Alexander Withers 2 , Zbigniew T. Kalbarczyk 1 , Ravishankar K. Iyer 1 1 University of Illinois at Urbana-Champaign (UIUC) 2 National

421 views • 14 slides
TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June,

TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June,

TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June, 2018 Martin Husk Jaroslav Kapar Introduction Information Exchange From collaborative intrusion detection to sharing expertise Numerous alert

372 views • 12 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
Chapter 11 Signalling 11.1 The Informed Player Moves First: Signalling Signalling is a

Chapter 11 Signalling 11.1 The Informed Player Moves First: Signalling Signalling is a

Chapter 11 Signalling 11.1 The Informed Player Moves First: Signalling Signalling is a way for an agent to communicate his type under adverse selection . The signalling contract specifies a wage that depends on an

505 views • 35 slides
Penalized Fits to a Multiway Layout with Multivariate Responses Rudolf Beran University of

Penalized Fits to a Multiway Layout with Multivariate Responses Rudolf Beran University of

Penalized Fits to a Multiway Layout with Multivariate Responses Rudolf Beran University of California, Davis Workshop on Model Selection and Related Areas University of Vienna 24 July 2008 1 Multivariate Linear Model Y = CM + E , where

540 views • 22 slides
Inference for Two Samples In designed experiments, we compare the distribution of some variable

Inference for Two Samples In designed experiments, we compare the distribution of some variable

ST 435/535 Statistical Methods for Quality and Productivity Improvement / Statistical Process Control Inference for Two Samples In designed experiments, we compare the distribution of some variable under various conditions, defined by the levels

583 views • 34 slides
Source SS df MS F sig Factor 38.9 3 12.967 6.062 0.002 Error 77.0 36 2.139 Total

Source SS df MS F sig Factor 38.9 3 12.967 6.062 0.002 Error 77.0 36 2.139 Total

GLM is called general because it is a common framework for analysing (modeling) data we have seen so far (full &amp; restricted models) that: testing hypotheses about differences testing competing linear models = between mean

1.01k views • 88 slides
Cases of COVID-19 per 100,000 Population for Select Races/Ethnicities, Select Dates (April 29 -

Cases of COVID-19 per 100,000 Population for Select Races/Ethnicities, Select Dates (April 29 -

Cases of COVID-19 per 100,000 Population for Select Races/Ethnicities, Select Dates (April 29 - June 8, 2020), Illinois 2500 2000 1860 1694 1723 1500 1338 914 1150 1000 1071 1084 928 592 763 492 469 462 394 500 586 318 230 326

278 views • 5 slides
Exiting the Fragility Trap Rethinking Our Approach to the Worlds Most Fragile States David

Exiting the Fragility Trap Rethinking Our Approach to the Worlds Most Fragile States David

Exiting the Fragility Trap Rethinking Our Approach to the Worlds Most Fragile States David Carment &amp; Teddy Samy NPSIA, Carleton University Problem Some states are stuck despite copious amounts of aid (reform failure, fungibility,

769 views • 27 slides
Quantum quantum information and thermodynamics with ions Introduction to ion trapping and

Quantum quantum information and thermodynamics with ions Introduction to ion trapping and

Quantum quantum information and thermodynamics with ions Introduction to ion trapping and cooling Trapped ions as qubits for quantum computing and simulation Qubit architectures for scalable entanglement Quantum thermodynamics

1.18k views • 56 slides
BOSE-EINSTEIN CONDENSATION OF MAGNONS IN SUPERFLUID 3 He-B and its applications to vortex studies

BOSE-EINSTEIN CONDENSATION OF MAGNONS IN SUPERFLUID 3 He-B and its applications to vortex studies

BOSE-EINSTEIN CONDENSATION OF MAGNONS IN SUPERFLUID 3 He-B and its applications to vortex studies V.B. Eltsov, S. Autti, Yu.M. Bunkov, P.J. Heikkinen, J.J. Hosio, M. Krusius, M. Silaev, G.E. Volovik, V.V. Zavjalov Low Temperature Laboratory

626 views • 37 slides

More recommend