具動態安全性及每秒高交易量的工作量證明區塊鏈

Bing-Jyue Chen; 陳秉玨

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/81132

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林宗男(Tsung-Nan Lin)
dc.contributor.author	Bing-Jyue Chen	en
dc.contributor.author	陳秉玨	zh_TW
dc.date.accessioned	2022-11-24T03:32:13Z	-
dc.date.available	2021-08-23
dc.date.available	2022-11-24T03:32:13Z	-
dc.date.copyright	2021-08-23
dc.date.issued	2021
dc.date.submitted	2021-08-19
dc.identifier.citation	[1] S. Rai, K. Hood, M. Nesterenko, and G. Sharma, “Blockguard: Adaptive blockchainsecurity,” ArXiv, vol. abs/1907.13232, 2019. [2] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,”Cryptography Mail-ing list, https://metzdowd.com, March 2009. [3] G. Wood, “Ethereum: A secure decentralised generalised transaction ledger eip-150revision (759dccd - 2017-08-07),” 2017. [4] M.Rosenfeld,“Analysisofhashrate-baseddoublespending,”CoRR,vol. abs/1402.2009, 2014. [5] K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. E. Kosba, A. Miller,P. Saxena, E. Shi, E. G. Sirer, D. X. Song, and R. Wattenhofer, “On scaling de-centralized blockchains - (a position paper),”Financial Cryptography Workshops,2016. [6] V. Bagaria, S. Kannan, D. Tse, G. Fanti, and P. Viswanath, “Prism: Deconstruct-ing the blockchain to approach physical limits,” inProceedings of the 2019 ACMSIGSAC Conference on Computer and Communications Security, pp. 585–602, Nov.2019. [7] R. Zhang, R. Xue, and L. Liu, “Security and privacy on blockchain,”ACM Comput.Surv., vol. 52, July 2019. [8] A. M. Antonopoulos,Mastering Bitcoin: Unlocking Digital Crypto-Currencies.O’Reilly Media, Inc., 1st ed., 2014. [9] J. Davis, “The crypto-currency.” The New Yorker, 2011. [10] K. Otsuki, R. Banno, and K. Shudo, “Quantitatively analyzing relay networks in bit-coin,” in2020 IEEE International Conference on Blockchain (Blockchain), pp. 214–220, 2020. [11] A. Gervais, G. O. Karame, K. W ̈ust, V. Glykantzis, H. Ritzdorf, and S. Capkun, “Onthe security and performance of proof of work blockchains,” in2016 ACM SIGSACConference on Computer and Communications Security, CCS ’16, p. 3–16, ACM,2016. [12] C. Lepore, M. Ceria, A. Visconti, U. P. Rao, K. A. Shah, and L. Zanolini, “A surveyon blockchain consensus with a performance comparison of pow, pos and pure pos,”Mathematics, vol. 8, no. 10, 2020. [13] S. Zhang and J.-H. Lee, “Analysis of the main consensus protocols of blockchain,”ICT Express, vol. 6, no. 2, pp. 93–97, 2020. [14] J. Reed,Litecoin: An Introduction to Litecoin Cryptocurrency and Litecoin Mining.North Charleston, SC, USA: CreateSpace Independent Publishing Platform, 2017. [15] V. Buterin, D. Reijsbergen, S. Leonardos, and G. Piliouras, “Incentives in ethereum’shybrid casper protocol,”CoRR, vol. abs/1903.04205, 2019. [16] S. N. Sunny King, “Ppcoin: Peer-to-peer crypto-currency with proof-of-stake,” [17] Y. Gilad, R. Hemo, S. Micali, G. Vlachos, and N. Zeldovich, “Algorand: Scalingbyzantine agreements for cryptocurrencies,” inProceedings of the 26th Symposiumon Operating Systems Principles, SOSP ’17, (New York, NY, USA), p. 51–68, As-sociation for Computing Machinery, 2017. [18] Y. Gilad, R. Hemo, S. Micali, G. Vlachos, and N. Zeldovich, “Algorand: Scalingbyzantine agreements for cryptocurrencies,” inProceedings of the 26th Symposiumon Operating Systems Principles, SOSP ’17, (New York, NY, USA), p. 51–68, As-sociation for Computing Machinery, 2017. [19] W. Li, S. Andreina, J.-M. Bohli, and G. Karame, “Securing proof-of-stakeblockchain protocols,” pp. 297–315, 09 2017. [20] M. Castro and B. Liskov, “Practical byzantine fault tolerance,” inProceedings ofthe Third Symposium on Operating Systems Design and Implementation, OSDI ’99,(USA), p. 173–186, USENIX Association, 1999. [21] M. Weber, G. Domeniconi, J. Chen, D. K. I. Weidele, C. Bellei, T. Robinson, andC. E. Leiserson, “Anti-money laundering in bitcoin: Experimenting with graph con-volutional networks for financial forensics,” 2019. [22] M. Campbell-Verduyn, “Bitcoin, crypto-coins, and global anti-money launderinggovernance,”Crime, Law and Social Change, vol. 69, 03 2018. [23] J. Pouwelse, P. Garbacki, D. Epema, and H. Sips, “The bittorrent p2p file-sharingsystem: Measurements and analysis,” inProceedings of the 4th International Con-ference on Peer-to-Peer Systems, IPTPS’05, (Berlin, Heidelberg), p. 205–216,Springer-Verlag, 2005. [24] J. Zahnentferner, “Chimeric ledgers: Translating and unifying utxo-based andaccount-based cryptocurrencies,”IACR Cryptol. ePrint Arch., vol. 2018, p. 262,2018. [25] Dogecoin,“Dogecoin.”https://github.com/dogecoin/dogecoin,2013. [26] D. Mechkaroska, V. Dimitrova, and A. Popovska-Mitrovikj, “Analysis of the possi-bilities for improvement of blockchain technology,” pp. 1–4, 11 2018. [27] V. Buterin, “A next-generation smart contract and decentralized application plat-form,” 2015. [28] F. Sch ̈ar, “Decentralized finance: On blockchain- and smart contract-based financialmarkets,” inFederal Reserve Bank of St. Louis Review, 2021. [29] Tether, “Tether.”https://tether.to/, 2019. [30] Uniswap, “Uniswap.”https://uniswap.org/, 2020. [31] Aave, “Aave.”https://aave.com/, 2020. [32] S. Aggarwal and N. Kumar, “Chapter twenty - attacks on blockchainworkingmodel.,” inThe Blockchain Technology for Secure and Smart Applications acrossIndustry Verticals(S. Aggarwal, N. Kumar, and P. Raj, eds.), vol. 121 ofAdvancesin Computers, pp. 399–410, Elsevier, 2021. [33] Y. Sompolinsky and A. Zohar, “Bitcoin’s security model revisited,”CoRR,vol. abs/1605.09193, 2016. [34] J. P. T. Lovejoy, “An empirical analysis of chain reorganizations and double-spendattacks on proof-of-work cryptocurrencies,” Massachusetts Institute of Technology,2020. [35] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’speer-to-peer network,” inProceedings of the 24th USENIX Conference on SecuritySymposium, SEC’15, (USA), p. 129–144, USENIX Association, 2015. [36] P. Swathi, C. Modi, and D. Patel, “Preventing sybil attack in blockchain using dis-tributed behavior monitoring of miners,” in2019 10th International Conferenceon Computing, Communication and Networking Technologies (ICCCNT), pp. 1–6,2019. [37] M. Apostolaki, A. Zohar, and L. Vanbever, “Hijacking bitcoin: Routing attacks oncryptocurrencies,” in2017 IEEE Symposium on Security and Privacy (SP), pp. 375–392, 2017. [38] S. Das, A. Kim, Z. Tingle, and C. Nippert-Eng, “All about phishing: Exploring userresearch through a systematic literature review,”CoRR, vol. abs/1908.05897, 2019. [39] S. Volokitin, “Software attacks on hardware wallets,” inBlack Hat USA 2018, BlackHat USA, 2018. [40] D. Perez and B. Livshits, “Smart contract vulnerabilities: Vulnerable does not implyexploited,” in30th USENIX Security Symposium (USENIX Security 21), USENIXAssociation, Aug. 2021. [41] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart con-tracts sok,” inProceedings of the 6th International Conference on Principles of Se-curity and Trust - Volume 10204, (Berlin, Heidelberg), p. 164–186, Springer-Verlag,2017. [42] X. Zhao, Z. Chen, X. Chen, Y. Wang, and C. Tang, “The dao attack paradoxes inpropositional logic,” in2017 4th International Conference on Systems and Informat-ics (ICSAI), pp. 1743–1746, 2017. [43] M. Apostolaki, G. Marti, J. M ̈uller, and L. Vanbever, “Sabre: Protecting bitcoinagainst routing attacks,” 2018. [44] C. Grunspan and R. P ́erez-Marco, “The mathematics of bitcoin.” arXiv, 2020. [45] Bitfury, “Proof of stake versus proof of work white paper.”https://bitfury.com/content/downloads/pos-vs-pow-1.0.2.pdf, 2016. [46] C.GrunspanandR.P ́erez-Marco,“Doublespendraces,”CoRR,vol. abs/1702.02867, 2017. [47] M. Zamani, M. Movahedi, and M. Raykova, “Rapidchain: Scaling blockchain viafull sharding,” CCS ’18, ACM, 2018. [48] E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly, E. Syta, and B. Ford, “Om-niledger: A secure, scale-out, decentralized ledger via sharding,” in2018 IEEE Sym-posium on Security and Privacy (SP), 2018. [49] Y. Sompolinsky and A. Zohar, “Secure high-rate transaction processing in bitcoin,”Financial Cryptography and Data Security, vol. 8975, Jan. 2015. [50] Y. Lewenberg, Y. Sompolinsky, and A. Zohar, “Inclusive block chain protocols,”Financial Cryptography and Data Security, vol. 8975, Jan. 2015. [51] Y. Sompolinsky, Y. Lewenberg, and A. Zohar, “Spectre: A fast and scalable cryp-tocurrency protocol,”IACR Cryptology ePrint Archive, vol. 2016, p. 1159, 2016. [52] Y. Sompolinsky and A. Zohar, “Phantom: A scalable blockdag protocol.” Cryptol-ogy ePrint Archive, Report 2018/104, 2018. https://eprint.iacr.org/2018/104. [53] C. Li, P. Li, W. Xu, F. Long, and A. C. Yao, “Scaling nakamoto consensus to thou-sands of transactions per second,”CoRR, vol. abs/1805.03870, 2018. [54] R. Alexander,IOTA - Introduction to the Tangle Technology: Everything You Needto Know about the Revolutionary Blockchain Alternative. Independently published,2018. [55] H. Pervez, M. Muneeb, M. Irfan, and I. Haq, “A comparative analysis of dag-basedblockchain architectures,” pp. 27–34, 12 2018. [56] B.-J. Chen, T.-H. Jian, and T. Lin, “B++: A high-throughput proof-of-work basedblockchain with eventual consistency,” inICC 2021 - 2021 IEEE International Con-ference on Communications (ICC), pp. 1–6, 2021. [57] G. Bissias, B. N. Levine, A. P. Ozisik, G. Andresen, and A. Houmansadr, “An anal-ysis of attacks on blockchain consensus,”CoRR, vol. abs/1610.07985, 2016. [58] J.JangandH.Lee,“Profitabledouble-spendingattacks,”CoRR,vol. abs/1903.01711, 2019. [59] M. Alharby and A. van Moorsel, “Blocksim: An extensible simulation tool forblockchain systems,”Frontiers in Blockchain, vol. 3, p. 28, 2020. [60] E. Ghosh and B. Das, “A study on the issue of blockchain’s energy consumption,”inProceedings of International Ethical Hacking Conference 2019, pp. 63–75, 2020.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/81132	-
dc.description.abstract	由於區塊鏈能讓參與者在去中心的環境中達成對資料的共識，它在許多領域中扮演著重要的角色。在類比特幣協議中，所有的礦工都必須去競爭、檢查和確認每一個區塊。這樣子的設計隱含了一個思想：「所有的交易都必須用最高安全等級的規格來保護」。這個思想導致了今日區塊鏈的每秒交易吞吐量受限在一個非常低的常數值。在真實世界的應用中，不同交易的安全需求經常是相異的；根據這個想法，我們提出了一個每秒交易吞吐量能夠擴展的區塊鏈。該方法打破了現有區塊鏈在區塊安全上的限制，從而能夠更有效率地分配系統資源來確認各種具不同安全需求的交易。在我們的分析中，此區塊鏈能夠繼承類比特幣協議的「最終一致性」，這使得本系統的使用者既能享受低安全要求所帶來的低手續費，又不必擔心已確認的交易受到駭客的攻擊（即雙花攻擊）。在這之上，我們也實作了開源的模擬器，根據我們的模擬結果，能見我們的系統交易吞吐量可以達到現有系統的一百倍之上；同時，相比於現有系統，在此區塊鏈中等待過久仍未確認的交易也大幅減少了七成以上。	zh_TW
dc.description.provenance	Made available in DSpace on 2022-11-24T03:32:13Z (GMT). No. of bitstreams: 1 U0001-0908202123032200.pdf: 2738878 bytes, checksum: 700a376e175860bb6c221b738909756d (MD5) Previous issue date: 2021	en
dc.description.tableofcontents	口試委員會審定書 i 致謝 iii Acknowledgments v 中文摘要 vii Abstract ix 1 Introduction 1 1.1Bitcoin-like blockchains . . . . . . . . . . . . . . . . . . . . . . . . . .1 1.2The proposed architecture . . . . . . . . . . . . . . . . . . . . . . . . . .2 1.3The structure of this thesis . . . . . . . . . . . . . . . . . . . . . . . . .2 2 Blockchain and its Application 5 2.1Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 2.1.1Data Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 2.1.2Network Layer . . . . . . . . . . . . . . . . . . . . . . . . . . .7 2.1.3Consensus Layer . . . . . . . . . . . . . . . . . . . . . . . . . .8 2.1.4Incentive Layer . . . . . . . . . . . . . . . . . . . . . . . . . . .10 2.2Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 2.2.1Cryptocurrency . . . . . . . . . . . . . . . . . . . . . . . . . . .12 2.2.2DApp: Decentralized Applications . . . . . . . . . . . . . . . . .14 3 Attacks on Blockchain 17 3.1Attacks on transaction verification . . . . . . . . . . . . . . . . . . . . .17 3.1.1Race attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 3.1.2Finney attack . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 3.1.3Vector76 attack . . . . . . . . . . . . . . . . . . . . . . . . . . .19 3.1.4Blockchain reorganization attack . . . . . . . . . . . . . . . . . .19 3.1.5Majority attack . . . . . . . . . . . . . . . . . . . . . . . . . . .19 3.1.6Double-spending attacks . . . . . . . . . . . . . . . . . . . . . .20 3.2Attacks on blockchain network . . . . . . . . . . . . . . . . . . . . . . .20 3.2.1Eclipse attack . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 3.2.2Sybil attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 3.2.3Routing attack . . . . . . . . . . . . . . . . . . . . . . . . . . .21 3.3Attacks on user wallet . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 3.3.1Attacks on hot wallet . . . . . . . . . . . . . . . . . . . . . . . .22 3.3.2Attacks on cold wallet . . . . . . . . . . . . . . . . . . . . . . .22 3.4Attacks on smart contract . . . . . . . . . . . . . . . . . . . . . . . . . .22 3.4.1Re-entrancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 3.4.2Integer overflow . . . . . . . . . . . . . . . . . . . . . . . . . .23 3.5Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 4 To Prevent Double Spending: Understanding Proof-of-Work Consensus Al-gorithm 25 4.1Proof-of-Work algorithm . . . . . . . . . . . . . . . . . . . . . . . . . .25 4.1.1The inequality to be satisfied . . . . . . . . . . . . . . . . . . . .25 4.1.2Mining: to update a blockchain ledger . . . . . . . . . . . . . . .26 4.1.3The mining model . . . . . . . . . . . . . . . . . . . . . . . . .27 4.2Revisit double-spending attacks . . . . . . . . . . . . . . . . . . . . . .28 4.2.1The probability of a successful double-spending attack . . . . . .29 4.2.2Eventual consistency . . . . . . . . . . . . . . . . . . . . . . . .30 4.3Problem: limited throughput . . . . . . . . . . . . . . . . . . . . . . . .30 5 Related Works: Toward a High-throughput Blockchain 33 5.1Sharding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 5.2High-forking blockchains . . . . . . . . . . . . . . . . . . . . . . . . . .35 5.2.1GHOST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35 5.2.2SPECTRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 5.2.3PHANTOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 5.3Adaptive security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37 5.4Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37 6 Proposed architecture: B++39 6.1Core Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 6.1.1Security Level . . . . . . . . . . . . . . . . . . . . . . . . . . .39 6.1.2Finite State Machine . . . . . . . . . . . . . . . . . . . . . . . .40 6.2Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 6.2.1Data Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 6.2.2Network Layer . . . . . . . . . . . . . . . . . . . . . . . . . . .45 6.2.3Consensus Layer . . . . . . . . . . . . . . . . . . . . . . . . . .45 6.2.4Incentive Layer . . . . . . . . . . . . . . . . . . . . . . . . . . .47 7 Results 49 7.1Theoretical Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 7.1.1Average Throughput . . . . . . . . . . . . . . . . . . . . . . . .49 7.1.2Eventual Consistency . . . . . . . . . . . . . . . . . . . . . . . .50 7.2Blockchain Simulator . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 7.3Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 7.3.1System Throughput . . . . . . . . . . . . . . . . . . . . . . . . .54 7.3.2Distribution of Block Interval Time . . . . . . . . . . . . . . . .55 7.3.3Number of Timeout TXs . . . . . . . . . . . . . . . . . . . . . .56 8 Discussion 59 8.1Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 8.2Future works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 8.2.1Make a deal when a TX is secure enough . . . . . . . . . . . . .60 8.2.2Adjust the minimal security leveldmin. . . . . . . . . . . . . . .61 8.2.3Use other consensus algorithms . . . . . . . . . . . . . . . . . .61 8.2.4Stabilize system throughput . . . . . . . . . . . . . . . . . . . .62 9 Conclusion 65 Bibliography 69 Appendices 75 A.1 Proof for Proposition 1: Constant Interval in B++ . . . . . . . . . . . . .77 A.2 Proof for Proposition 2: Eventual Consistency in B++ . . . . . . . . . . .78
dc.language.iso	en
dc.subject	最終一致性	zh_TW
dc.subject	區塊鏈	zh_TW
dc.subject	可擴展的系統交易量	zh_TW
dc.subject	可調整的安全性	zh_TW
dc.subject	工作量證明	zh_TW
dc.subject	Scalable throughput	en
dc.subject	Adaptive security	en
dc.subject	Blockchain	en
dc.subject	Eventual consistency	en
dc.subject	Proof-of-Work	en
dc.title	具動態安全性及每秒高交易量的工作量證明區塊鏈	zh_TW
dc.title	A High-Throughput Proof-of-Work based Blockchain with Adaptive Security	en
dc.date.schoolyear	109-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	鄧惟中(Hsin-Tsai Liu),陳俊良(Chih-Yang Tseng),蔡子傑
dc.subject.keyword	區塊鏈,可擴展的系統交易量,可調整的安全性,工作量證明,最終一致性,	zh_TW
dc.subject.keyword	Blockchain,Scalable throughput,Adaptive security,Proof-of-Work,Eventual consistency,	en
dc.relation.page	79
dc.identifier.doi	10.6342/NTU202102231
dc.rights.note	同意授權(限校園內公開)
dc.date.accepted	2021-08-19
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電信工程學研究所	zh_TW
顯示於系所單位：	電信工程學研究所

文件中的檔案：

檔案	大小	格式
U0001-0908202123032200.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.67 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。