Free and easy week review 丨 Facebook studies how to prevent PoS protocol long-range attacks, Filecoin officially launches testnet

Introduction: This week's academic topic section, we will share two research papers related to the security topic of the PoS consensus mechanism. One is about the selfish attack of Tezos, and the other is the Facebook Calibra team's attack on the long-range PoS protocol the study.

In the weekly selection of hard-core technical articles, we will also see the content of the new layer 2 solution ZK Sync, the quadratic payment solution, and the zero-knowledge proof algorithm Bulletproofs.

In addition, Filecoin officially launched the testnet last week, and the cross-chain project Cosmos completed the second mainnet upgrade, which is getting closer to the release of its IBC, and the market is about to usher in a new round of public chain launch. test. rt

(Picture from: pexels.com)

The following is a selection review of last week's content, enjoy ~

I. Selected Topics for One Week of Academic Papers: How to Solve the Security Challenges Facing PoS Protocols

In the commentary of the last week , we mentioned the research on selfish mining strategies related to the proof-of-work (PoW) consensus mechanism. It can be said that the research in this area has been very in-depth.

However, more and more blockchain projects are currently adopting a Proof-of-Stake (PoS) consensus mechanism instead of a Proof-of-Work mechanism (PoW) because the former has better scalability and lower energy costs.

Compared to the relatively mature PoW, PoS security research is still in its early stages. In fact, the Proof-of-Stake (PoS) consensus protocol will bring more complex modeling challenges. At present, the PoS consensus protocol is the most well-known security challenge. Long range attack and Nothing at Stake, and in this week's academic topic selection section, we will share two researches related to PoS protocol security topics, one of which is about Tezos Selfish incentive attacks, while the other one is about how to solve PoS long-range attacks.

Paper 1: "Selfishness in Tezos Proof of Stake Agreement"

Brown Cohen and others proposed in early 2019 that complete security is not possible in the longest chain PoS protocol model, and they also predicted that there will also be selfish attacks in the PoS protocol.

And Michael Neuder and others from Harvard John Paulson School of Engineering and Applied Science analyzed the recently updated Tezos PoS protocol and proved that under certain conditions, rational participants are indeed motivated to engage in dishonest behavior .

Paper link: https://arxiv.org/pdf/1912.02954.pdf

They call this selfish behavior, selfish endorsing, an attack scenario that has only been considered in theory before.

On October 17, 2019, an update labeled "Babylon" was included in the Tezos protocol. In response, the researchers analyzed an important component of this upgrade: a new consensus mechanism called Emmy +.

PoS mechanism in Tezos

Tezos implements an optional Delegated Proof of Stake (DPoS) mechanism, sometimes referred to as a Liquidity Proof of Stake (LPoS) mechanism, to distinguish it from other DPoS schemes. The members of the Tezos consensus layer are called representatives, and they need to hold 8000 Tezos account units (this is called a roll). Each agent has a set of related rolls. Active representatives participate in the lottery, in each area of ​​the chain Bake Bake and endorse a block.

Baker is responsible for incorporating transactions into blocks, while endorser cryptographically signs the "best" blocks they see at every height. This bake and endorsement priority draw is performed by randomly selecting a roll and giving the next available priority to the owner of the roll. This technique is called follow-the-Satoshi. At each height of the chain, a random scroll selection process is used to create a list of bakers, and the index of the baker in the list determines the priority of the block they created at this height. In addition, a set of endorsers (endorsers, number of 32) is created for each block height, but there is no priority list of endorsers, so each endorser has the same weight. Bakers and endorsers will receive rewards based on participation to inspire delegates to stay motivated.

Here are the updates to the "Babylon" protocol:

The new consensus protocol Emmy + differs from its predecessor Emmy in three ways:

  1. The validity period of a block is now a function, in addition to the priority of baker, it also includes the number of endorsements.
  2. The fork selection rules have changed. Prior to this update, the "normative" fork was the most recognized fork, which is the heaviest chain rule, and the best fork now is the longest from the founding block. Chain, and the longest chain rule makes forking evaluation easier and reduces the uncertainty of baker;
  3. Modified the rewards for baking blocks and endorsement blocks: Before, baking a block could win a fixed reward of 16 XTZ for the representative, but the current block reward is based on the priority of baker and the number of endorsements of the previous block. Shared decision.

The formula for baking rewards is as follows:

5

The endorsement block reward has also changed. The current formula is:

6

Selfish endorsement attack

The researcher gives an example of a motivated attack called selfish endorsement, which motivates a rational Baker X within a certain concept to ignore the longest chain rule and create a separate two-block score faster than the rest of the network cross.

67

The figure above shows how Baker X uses this attack method to bake a block in slot l, although it has the second priority (at this time, the block baked at 0 priority is also released on time).

Since baking priorities and endorsement permissions are public, principal X is able to predict and calculate when this attack can be performed.

How profitable is this attack?

According to the analysis of the researcher, even if he holds 40% of the XTZ interest, the X that performs such a selfish attack is expected to earn only 254.94 XTC more than the annual return of honest participation. Therefore, the impact of this attack is actually small. of.

But in any case, this is an example of how to attack the longest chain PoS system in general.

Interestingly, the researchers also proposed a simple fix for this type of attack, which can further reduce the attack revenue (down to 0.21 XTZ a year).

Researchers also provide a framework that can be used to check other PoS systems for potential vulnerabilities in selfish behavior by parameterizing the time and reward models of specific protocols.

Free and easy comments: The research on selfish behavior attacks on the PoS consensus mechanism is still at a very early stage. Although the results of this research show that the impact of related attacks is very limited, it also lays some foundation for future research in related directions .

Paper 2: "Winkle: Stopping Long-Range Attacks in PoS Systems"

The so-called Long Range Attack refers to the attacker creating a blockchain branch starting from the genesis block and trying to replace the current legitimate main chain, and the branch chain and the main chain may exist Different transactions or blocks.

If the attacker is able to create an alternative transaction chain that is indistinguishable from the real transaction chain from the same founding block, then we believe that the long-range attack is successful.

78

(Figure: Hostile bifurcation attempting a long-range attack)

Previously, some solutions have been proposed to mitigate long-range attack problems, such as regularly including a "checkpoint" in the client software, but if a (nasty) centralized approach is not introduced, these solutions will Difficult to deploy.

Assuming that the old key is securely destroyed, the rotating mechanism of the verifier key can help alleviate this problem.

However, validators may also have the incentive to sell their old keys to attackers (after emptying related assets), especially when the true identity of the validator is unknown in an unlicensed system. When the verifier has such rational and dishonest behavior, the security of the entire system will face huge risks.

So how to effectively solve this problem?

Professor George Danezis from Facebook Calibra and others noticed that it would be more challenging to bribe a considerable number of PoS coin holders (even if they have no system rights) because they have more than validators many.

This observation led them to introduce a new mechanism called Winkle, which uses votes from clients to create a decentralized secondary layer based on client authentication to confirm checkpoints (a snapshot of the blockchain) and prevent PoS protocols Long-range attack.

The voting mechanism is very simple: each client includes an additional field (the hash of the previously sorted block) in the transaction it signed.

This approach relies only on the short-term honesty of the verifier and the long-term honesty of more stakeholders. In addition, the researchers also proposed the use of delegation schemes and assumed similar use of Bitcoin or Ethereum. The Winkle checkpoint delay was about several hours or several days.

Paper link: https://eprint.iacr.org/2019/1440.pdf

This design is used to enhance consensus protocols and dynamically change validators to resist long-range attacks. Although Winkle can also protect other systems, it is mainly applicable to blockchains based on Byzantine Fault Tolerance (BFT) consensus, such as PBFT, LibraBFT, Tendermint, HotStuff, or SBFT.

Finally, the researchers also proposed a key drawback about Winkle: it assumes an honest account to vote for the latest checkpoint. However, this creates a boundary race condition between blocks, which means a challenge for cold wallets.

Free and easy comments: The Facebook Calibra team studies the security issues of the PoS protocol. It is likely that its Libra project will turn to PoS in the future (Note: Libra's long-term goal is to become an unlicensed network, and its original design is the alliance chain. ), And the long-range attack problem is obviously the most urgent security issue to be solved by Libra . At present, the solution proposed by Facebook is still flawed, which requires further research and exploration.

Second, hard core technical articles of the week

2. A bridge for millions of users to enter the world of cryptocurrencies: read the article Ethereum expansion solution ZK Sync in one article

The new layer 2 solution proposed by Matter Labs, which is based on the concept of ZK Rollup, aims to bring the throughput of thousands of transactions per second to Ethereum, while ensuring that funds are as secure as layer 1 accounts.

Article link: https://www.8btc.com/article/528151

According to the author, Zinc v0.1 will be released in January 2020.

Free and easy comments: ZK Sync is definitely the most discussed Ethereum layer 2 solution recently. After Ethereum completes the Istanbul upgrade, this layer 2 solution can expand the Ethereum tps to 2000+, even Bitcoin. Developer Greg Maxwell also commented on the scheme, saying that he had also proposed a similar idea (CoinWitness) in 2013, which also caused some interesting debates;

2.2 Vitalik's latest thinking: What kind of subversive effect will the second party payment bring?

Ethereum co-founder Vitalik Buterin introduced the concept and application of quadratic voting and quadratic payment in this article. This new method is likely to overturn many large and small public decision making.

Article link: https://www.8btc.com/article/528030

Free and easy comments: This article describes a voting / payment system. Depending on how much you value your goals, you can vote multiple times, but each new vote will cost more than the previous vote. On the surface, This seems to reduce the influence gap between the rich and the poor, but as pointed out in the article, identity management and collusion are the biggest problems facing the system.

2,3 Understanding Bulletproofs of Zero Knowledge Proof Algorithm: Range Proof ( I & II )

In this series, zero-knowledge researcher Jiang Xiaobai introduced the application of Bulletproofs to Range proof and introduced an optimization process to reduce CC to O (log (n) level.

Article link 1: https://www.8btc.com/media/530155

Article link 2: https://www.8btc.com/media/532874

Free and easy comment: Bulletproofs algorithm has been applied more and more. It has the advantages of smaller proof size and no need for trusted settings. The disadvantage is that it will be very time-consuming to verify highly complex transactions, so it is more suitable. Low and medium complexity transactions.

3. Technical progress of mainstream blockchain projects:

3.1 Advances in New Technology of Lightning Network

Last week's technical progress on Bitcoin was mainly from the Lightning Network. First, LND ushered in a new maintenance update version LND 0.8.2-beta RC2. This candidate version contains several bug fixes and small UX improvements. , Especially for the restoration of static channel backups. Followed by some improvements on C-Lightning and LND.

Link: https://bitcoinops.org/en/newsletters/2019/12/11/

Free and easy comments: Lightning Network, as an extension layer of Bitcoin, has developed very rapidly in the past year (including user experience, LAPP, and security). As mainstream exchanges gradually support this solution, As related technologies become more mature, the use of Lightning Network is expected to usher in new growth.

3, 2 Filecoin goes live on testnet and announces hardware standards for the first time

The highly-concerned blockchain project Filecoin launched the testnet last week, and according to the Q4 roadmap published on the official website, after going through two phases of the testnet, the Filecoin mainnet is expected to be in March-April 2020 Officially launched.

Link: https://www.8btc.com/article/529640

Easy and Easy Comment: After several bounces, Filecoin finally entered the testnet stage. Before that, too many mining machine scams that used its influence consumed Filecoin and IPFS's reputation, and its official launch time, and many heavyweights The public chain is overlapping, and the market has ushered in many large-scale projects in the same period, and the situation does not seem optimistic.

Cosmos completed the second mainnet upgrade of the 3, 3 cross-chain project

The Cosmos mainnet was successfully upgraded to Cosmos Hub 3 on December 12, 2019 Beijing time. The upgraded Cosmos Hub 3 adds parameter change proposals, module refactoring, supply modules, high-level queries, and includes event refactoring and other legacy technology updates.

Link: https://www.8btc.com/media/530042

Easy and Easy Comment: This update makes it easier for developers to create applications based on the Cosmos SDK, but obviously, the development progress of IBC is still slower (originally planned to be released in November). Currently I see Cosmos IBC this year It is already difficult to land. Similarly, the mainnet of its rival Polkadot will also be delayed. Who will go online first? This will be a highlight in the first half of next year.

This week's exciting content is here, see you next week ~