increaselulzsec

AnOverviewofBlockchainSecurityAnalysisHaiWang1,2,YongWang3,ZigangCao1,2,ZhenLi1,2,andGangXiong1,2(B)1InstituteofInformationEngineering,ChineseAcademyofSciences,Beijing,Chinaxionggang@iie.
ac.
cn2UniversityofChineseAcademyofSciences,Beijing,China3NationalComputerNetworkEmergencyResponseTechnicalTeam/CoordinationCenter,Beijing,ChinaAbstract.
Theblockchain,withitsowncharacteristics,hasreceivedmuchattentionatthebeginningofitsbirthandbeenappliedinmanyelds.
Atthesametime,however,itssecurityissuesareexposedcon-stantlyandcyberattackshavecausedsignicantlossesinit.
Atpresent,thereislittleconcernandresearchintheeldofnetworksecurityoftheblockchain.
Thispaperintroducestheapplicationsofblockchaininvariouselds,systematicallyanalyzesthesecurityofeachlayeroftheblockchainandpossiblecyberattacks,expoundsthechallengesbroughtbytheblockchaintonetworksupervision,andsummarizesresearchprogressintheprotectiontechnology.
Thispaperisareviewofthecur-rentsecurityoftheblockchainandwilleectivelyhelpthedevelopmentandimprovementofsecuritytechnologiesoftheblockchain.
Keywords:Blockchain·Networksecurity·Cyberattacks·Networksupervision1Background1.
1OriginandDevelopmentoftheBlockchainTherstblockchainwasconceptualizedbyaperson(orgroupofpeople)knownasSatoshiNakamotoin2008[1].
ItwasimplementedthefollowingyearbyNakamotoasacorecomponentofthecryptocurrencybitcoin,whereitservesasthepublicledgerforalltransactionsonthenetwork.
Comparingtotherapiddevelopmentofblockchaintechnology,relevantnormsandstandardsonitarestillincomplete.
Therstdescriptivedocumentontheblockchainisthe"Bitcoin:APeer-to-PeerElectronicCashSystem"writ-tenbyNakamoto,inwhichblocksandchainsaredescribedasadatastructurerecordingthehistoricaldataofthebitcointransactionaccounts.
"Atimestampserverworksbytakingahashofablockofitemstobetimestampedandwidelypublishingthehash,suchasinanewspaperorUsenetpost.
Thetimestampprovesthatthedatamusthaveexistedatthetime,obviously,inordertogetcTheAuthor(s)2019X.
Yunetal.
(Eds.
):CNCERT2018,CCIS970,pp.
55–72,2019.
https://doi.
org/10.
1007/978-981-13-6621-5_556H.
Wangetal.
intothehash.
Eachtimestampincludestheprevioustimestampinitshash,formingachain,witheachadditionaltimestampreinforcingtheonesbeforeit(Fig.
1).
"TheblockchainisalsocalledtheInternetofvalue[2],whichisadistributedledgerdatabaseforapeer-to-peernetwork.
Fig.
1.
Thestructureofblockchain.
Asarule,mostinnovationsdonotappearoutofnowhere,nordoestheblockchain.
Theblockchainisactuallyanaturalresultofthattheledgertech-nologydevelopedintodistributedscenarios.
Ledgertechnologyhasevolvedfromsingleentrybookkeeping,double-entrybookkeeping,digitalbookkeepingtodis-tributedbookkeeping.
Theblockchainstructure(Fig.
1)naturallysolvestheproblemofmultipartytrustindistributedbookkeeping[3].
Duetoitsdecentralization,tamper-resistance,safetyandreliability,theblock-chaintechnologyhasreceivedextensiveattentionsinceitsbirth.
Afternearly10yearsdeveloping,theblockchaintechnologyhasexperiencedtheperiodofv1.
0-bitcoin,v2.
0-Ethernetandv3.
0-EOS.
Notonlyhasthetechnologyitselfbeengreatlyexpandedanddeveloped,butithasalsobeenappliedinmanyelds.
1.
2BlockchainClassicationAccordingtothewayusersparticipate,blockchainscanbeclassiedintoPublicBlockchain,ConsortiumBlockchainandPrivateBlockchain,andalsocanbeclassiedintomainchainsandsidechainsbasedontherelationshipofchains.
Inaddition,severalblockchainscanformanetwork.
ThechainsinthenetworkareinterconnectedinordertogeneratetheInterchain[4].
PublicBlockchain:aconsensusblockchainthateveryonecangetanaccessto.
Heorsheintheblockchaintopologycansendtransactionsandvalidated.
Everyonecancompeteforbillingrights.
Theseblockchainsaregenerallyconsid-eredtobe"completelydecentralized",typicaluselikethebitcoinblockchain,inwhichtheinformationiscompletelydisclosing.
PrivateBlockchain:ablockchaininwhichthepermissiontowriteremaininoneorganization.
Thepermissiontoreadcanbepublicorlimitedtosomeextent.
Withinacompany,thereareadditionaloptions,suchasdatabaseman-agement,audit,andsoon.
Inmostcases,publicaccessisnotnecessary.
ConsortiumBlockchain:inbetweenPublicChainandPrivateChain,itreferstotheblockchainwhoseconsensusprocessiscontrolledbypre-selectednodes.
Forexample,thereisasystemof15nancialinstitutions,eachofwhichAnOverviewofBlockchainSecurityAnalysis57managesonenode,andatleast10ofwhichmustconrmeachblocktoberecognizedasvalidandaddedtothechain.
Therighttoreadtheblockchaincanbeopentothepublic,orlimitedbyparticipants,or"hybrid".
Suchchainscanbecalled"partiallydecentralized".
1.
3PaperOrganizationAtpresent,theblockchainhasreceivedmuchattentionforitsowncharacter-istics,andhasbeenappliedinmanyeldsincludingnance.
However,thereislittleconcernandresearchonitsnetworksecurity.
Therefore,thispaperintro-ducesthebirth,developmentandapplicationofblockchaintechnologyindetail,comprehensivelysearchesandinvestigatesvariousdocumentstargetedonthesecurityneedsofblockchains,andsystematicallyanalyzesthesecuritythreatsanddefensetechnologiesofblockchains.
TheSect.
2ofthispaperintroducesapplicationsoftheblockchainindierentelds.
TheSect.
3focusesonthesecuritythreatsindierentlayersofblockchainsandsummarizescommonattacks.
TheSect.
4summarizestheresearchprogressofblockchainsecurityprotectiontechnologies.
Attheendofthispaper,wesum-marizetheworkofthefullpaper.
2BlockchainApplicationsThelarge-scaledigitalcurrencysystemrepresentedbytheBitcoinnetworkrunsautonomouslyforalongtime,throughwhichitsupportstheglobalreal-timereliabletransactionsthatarediculttoachieveinthetraditionalnancialsys-tem.
Thishascausedinniteimaginationforthepotentialapplicationsoftheblockchain.
Ifthebusinessvaluenetworkbasedontheblockchaingetsrealinthefuture,alltransactionswillbecompletedecientlyandreliably,andallsignedcontractscanstrictlyfollowtheagreement.
Thiswillgreatlyreducethecostofrunningtheentirebusinesssystem,whilesharplyimprovingtheeciencyofsocialcommunicationandcollaboration.
Inthissense,theblockchainmighttriggeranotherindustrialrevolutionastheInternetdid.
Infact,tondtherightapplicationscenario,weshouldproceedfromthecharacteristicsoftheblockchainitself.
Inaddition,youneedtoconsidertherea-sonableboundariesoftheblockchainsolution.
Forexample,blockchainapplica-tionsformassconsumersneedtobeopen,transparent,andauditable,whichcanbedeployedonaborderlesspublicchainoronablockchainthatiscommonlymaintainedbymulticenternodes.
Theapplicationofblockchaininthenancialservicesisthemostconcernedcurrently,andmanybanksandnancialinstitutionsaroundtheworldarethemainpromoters.
Atpresent,theprocessingafterglobalsecuritiestradingisverycomplicated.
Thecostofliquidationisabout5–10billiondollars.
Thepost-tradeanalysis,reconciliationandprocessingcostsexceed20billiondollars.
AccordingtoareportbytheEuropeanCentralBank[5],theblockchain,asadistributedledgertechnology,canmakeagooddealwiththecostofreconciliationand58H.
Wangetal.
simplifythetransactionprocess.
Relativetotheoriginaltransactionprocess,theownershipofthesecuritiescanbechangedinnearrealtime.
Blockchaincanbeusedforownershipandcopyrightmanagementandtrack-ing.
Itincludestransactionsofvaluablessuchascars,housesandartworks,aswellasincludingdigitalpublicationsanddigitalresourcesthatcanbetagged.
Forexample,Factomtriedtouseblockchaintorevolutionizedatamanagementandlogginginbusinesssocietiesandgovernmentdepartments.
Similarly,inresponsetotheproblemoffoodfraud,IBM,Wal-MartandTsinghuaUniversityjointlyannouncedattheendof2016thatblockchainwillbeusedtobuildatrans-parentandtraceablecross-borderfoodsupplychain[6].
Thisnewsupplychainwillimprovethetraceabilityandlogisticsoffoodandcreateasaferglobalfoodmarket.
Whileenjoyingtheconvenienceofcloudstorage,wewillinevitablymentionprivacyconcerns.
Thisconcerncomesfromtwoaspects.
Oneisthatthestoragecentermaybeattackedbyhackers,causingtheirowndataoutow,andthesecondisthatthecompanywantstogetmoreprotstoabusetheprivacyofusers.
Blockchainsolvestheseproblemsperfectly.
Atpresent,therearemanydis-tributedcloudstorageprojects,suchasSia,Storj,MadeSafe,andIPFSinforeigncountries,andFIGTOOandGNXinChina.
InterPlanetaryFileSystem(IPFS)isaglobal,peer-to-peerdistributedlesystem,whichaimstosupplement(orevenreplace)HypertextTransferProtocol(HTTP),seekstoconnectallcomput-ingdeviceswiththesamelesystem.
Replacingdomain-basedaddresseswithcontent-basedaddressestogetafaster,safer,morerobust,andmoredurableweb[7].
TherelationshipbetweenFIGTOOandIPFS:IPFSisapeer-to-peerhyper-mediaprotocolandadistributedwebandFIGTOOisdevelopedonthebasisofitsopensource.
ItisabranchofIPFS,whichisequivalenttobitcoinandEthereumintheblockchain.
Theinfrastructuresareallbasedontheblockchain.
FIGTOOcreatesasharedtradingmarketforfreestoragespaceandsharesglobalstorageresourcesthroughthesharedeconomymodel.
Itusesredchaintechnol-ogytostorelesinslices,buildsdecentralizedcloudstorageandbecomestheinfrastructureofglobalredchaindistributedlestorage[8].
UserGeneratedContent(UGC)isoneoftheimportantaspectofblockchainapplication.
Intheeraofinformationexplosion,howtoquicklyndthemostimportantcontentfromtheoverloadedinformationhasbecomeacoreissueoftheInternet.
UGCNetworkistheworld'srstcontentvalueforecastingplatform,afairandvalue-drivencontent-incentivenetworkwiththemissionofcreatingacontent-drivenblockchainvaluecommunitythatdierentiatestrulyvaluablecontentandachievesareasonablereturn[9].
ItcommittedtosolvingproblemssuchasexcellentcontentdiscoveryandpricingontheUGCplatform,unreason-abledistributionofbenets,andcentralizedcontentstorage.
OtherUGCapplicationsincludeYOYOW(YouOwnYourOwnWord)-ablockchain-basedUGCplatformthatallprocessesrelyoninterest-basedimple-mentation.
Itsolvestheproblemsincurrentcontentplatformlikelackingofhigh-qualitycontentincentives,communitypollution(piracyandAdvertising)AnOverviewofBlockchainSecurityAnalysis59serious[10].
BiHu-atokeninvestorverticalcommunity.
IntheBiHu,theuser'scontributionwillberewardedwiththetoken(KEY)representingtheBiHuanditssurroundingecologicaluserights[11].
Duetoitsdecentralization,eliminatingtrust,tamper-resistance,safetyandreliabilitycharacteristics,theblockchaintechnologyhasbeenusedinlotsofeldsincludingnancialservices,creditandownershipmanagement,trademanage-ment,cloudstorage,user-generatedcontent,copyrightprotection,advertisingandgames.
Inthesecases,blockchaineithersolvestheproblemsofmultipartytrustinthetransaction,orreducesthecostsandrisksoftraditionalindustries.
3BlockchainSecurityAnalysis3.
1SecuritySituationWiththeblockchaintechnologyhasbeenwidelyused,varioustypesofattackshaveemerged.
Suchasfromthemoreandmoredigitalcurrencieshavebeenstolentotheexchangeshavebeenattackedandotherevents.
AccordingtothestatisticsoftheBCSEContheblockchainattackevents,about2.
1billiondollarsofeconomiclossesduetoblockchainsecurityincidentsin2018[12].
Theseareonlyapartofthecurrentlyexposed,andasthevalueofblockchainincreases,thenumberofattackswillcontinuetoincrease(Fig.
2).
Fig.
2.
Economiclossescausedbyblockchainsecurityincidents(tenthousanddollars).
Blockchaintechnologyitselfisstillintheinitialstageofrapiddevelopment,anditssecurityisfarbehindtheneedsofdevelopment.
Therisksmaycomefromattacksbyexternalentitiesorinternalparticipants.
Thepopularityofblockchainmakesnewdemandsonsecurityandprivacyprotectionondatastorage,trans-missionandapplications,andputsforwardnewchallengestoexistingsecuritysolutions,authenticationmechanisms,dataprotection,privacyprotectionandInformationregulation.
Withthecurrentrecurrenceofaseriesofdigitalcurrencytheft,hackingofexchanges,andtheftofuseraccounts,itisurgenttoestablishoneormorecollab-orativesecuritysolutionstoimprovethesecurityperformanceoftheblockchainsystem.
60H.
Wangetal.
3.
2SecurityAnalysisofEachLayerofBlockchainThecurrentblockchainstructurecanberoughlydividedintoapplicationlayer,smartcontractlayer,incentivelayer,consensuslayer,networklayeranddatalayerfromtoptobottom.
Thesecurityanalysisofeachlayerwillbeperformedseparatelybelow.
ApplicationLayer.
Applicationlayersecuritymainlycoversthesecurityissuesofcentralizednodessuchastheexchangeswhichinvolvedigitalcurrencytrans-actionsandmanagelargeamountsoffunds.
Thesenodesareatanypointoffailureoftheentireblockchainnetwork,andtheattackyieldishighandthecostislow,whichisthepreferredtargetoftheattackers[13].
UnauthorizedAccesstoAnExchangeServer.
Exchangesoftendepositlargeamountsofmoneyandareeasilytargeted.
Oncetheexchangeserverauthor-ityisobtainedandthekeyinformationismodied,theattackercanstealthefundskey,tamperwiththetransactionamountorleaksensitiveinformation,causingeconomicandreputationaldevastatingblowstotheexchange.
Forexample,theYoubit(formerlyYapizon)stolenevent.
OnApril22,2017,4hotwalletsofYoubitwerestolen,lost3,816BTC,withatotalvalueofabout$5,300,000,accountingfor36%oftheexchange'sfunds.
OnDecember19,2017,Youbitannouncedthatitwasattackedagain,lostapproximately17%ofitsassets,andatthesametimeannouncedtheexchangeclosedandenteredthebankruptcyprocess[14].
ExchangeDDoS.
Duetothehighdemandfornetworkbandwidthinthetradingplatform,onceaDDoSattackoccurs,itisveryseriousfortheplatformandtheentireindustry.
IfthetradingplatformisattackedbyDDoS,notonlywillitselfsuerlosses,butthetransactionvolumeoftheblockchaincurrencywillalsobegreatlyreduced,whichwillindirectlyaecttheriseandfalloftheblockchaincurrency[15].
AccordingtothereportofglobalDDoSthreatlandscapeQ32017byIncap-sula[16],althoughitsindustryscaleisstillrelativelysmall,Bitcoinhasbecomeoneofthetop10industrieswhicharemostvulnerabletoDDoSattacks.
ThisreectstoacertainextentthattheentireblockchainindustryisfacingseriousDDoSsecuritychallenges.
Forexample,fromNovember2017toDecember2017BitnexannouncedthatithadsueredtheDDoSattackforthreetimes,andalltheservicesoftheexchangehadbeenshutdownforalongtime[17].
Theattackercreatespressureontheserverbycreatingalargenumberofemptyaccounts,causingrelatedservicesandAPIstogooineforhours.
EmployeesHostSecurity.
OnJune20,2011,thelargeBitcoinexchangeMt.
Goxwasattacked.
Itsserverwasnotcompromised,buttheattackergainedaccesstoacomputerusedbyanauditorofMt.
Gox,andgotaread-onlydatabasele,resultinginabout60000users'username,emailaddress,andencryptedpass-word[18]tobeleaked.
Afterobtainingthissensitiveinformation,theattackerAnOverviewofBlockchainSecurityAnalysis61crackedthepasswordofoneofthelargeaccounts,issuedalargesalesmessagethroughthisaccount,andsold400,000BTC[19]underit,tryingtotransferfundsthroughthelegaltransactionprocess.
Fortunately,becausetheexchangeprotectionmeasuresareeective,itlimitsthemaximumvalueof$1,000BTCperaccountperday,soitdoesnotcausemuchdamagetothisaccount.
However,alargenumberofBTCsalerequestscausedtheexchangeBTCpricetodropto1cent,resultinginanimpactofapproximately$8,750,000inassets.
MaliciousProgramInfection.
Onceamaliciousprogramisimplantedintotheexchangesystem,itislikelytocausealargeamountofsensitiveinformationleakage,includingkeyandwalletles.
Thekeyiseverything,andtheleakageofsensitiveinformationoftenmeanslosingcontrolofallassets.
TheexchangeMt.
Goxwasattackedin2014.
ThekeyleofMt.
Goxwasstoredlocallyincleartext,andthekeylewallet.
datleakedduetoTrojaninfection,resultinginalargeamountofassetlossandeventually,Mt.
Goxwentbankruptcy[20].
Itisworthnotingthatinthisattack,theattackerusedtwoyearstograduallytransferassetsinordertoavoidthecommunityrecoveringthelossthroughhardforks.
TheemergenceofthistypeofAPTattackmeansthatmonitoringofthethreatofattackintheblockchainindustrycannotrelysolelyonshort-termanomalytransactionmonitoring.
InitialCoinOering.
TamperingAttack:WhenICOraisesfunds,itusuallyhangsthereceivingaddressontheprojectocialwebsite,andthentheinvestorwilltransfermoneytothisaddressforthecorrespondingtoken.
Hackerscantamperwiththecollectionaddressthroughattackssuchasdomainhijacking,webvulnerabilities,orsocialengineering.
Phishingattack:Theattackerusessocialengineeringandothermeanstoimpersonatetheocial,allowingtheusertotransfermoneytotheattacker'swalletaddress.
Forexample,anattackercanuseanapproximatedomainnameandhighlyphishingwebsitetodefraudinvestorsoruseemailtodisseminatefakeinformation,suchasICOproject'spaymentaddresschangenotice,etc.
ordisseminatephishinginformationonsocialsoftwareandmediatodefraudinvestors.
MiningMachineSystem.
Thecybersecurityawarenessofminingdevicemanu-facturersisuneven,andbecauseofitsclosedsourcecharacteristics,thesecurityofitscodecannotbecheckedbythepublic.
Onceacybersecurityissueoccurs,theresultisfatal.
Andwhetherthedevicemanufacturerwillinterspersethebackdoorforremotecontrolofthedevice,orstealtheminingoutput,isstillremaintobediscussed.
0day:Mostminingsystemisageneral-purposesystem.
Onceaminingsystemisfoundtohavea0dayvulnerability,thesecuritybarriersofthesystemwillbebrokeninaninstant.
Theattackercanusethevulnerabilitytoobtainthemodifypermissionandthentamperwithrewardreceivingaddressandthenhijacktheuser'sreward.
62H.
Wangetal.
Weakpasswordattack:Atpresent,theminingsysteminthemarketisbasedontheB/Sarchitecture.
Accesstotheminingsystemisusuallythroughtheweborothermeans.
Iftheweakpasswordisused,itwillbevulnerabletointrusion.
MiningPool.
ByJune2018,thetopveBitcoinminingpoolsintheworldareBTC.
com,AntPool,SlushPool,BTC.
TOPandF2Pool.
About60%oftheworld'shashpowerisinthehandsofChineseminers[21].
Hashpowerforgeryattack:Theminingpoolwilltesttheactualhashpowerofthecurrentminerthroughacertainproofofworktestalgorithm.
Thehackercanfalselyreportthehashpowerbyndingthevulnerabilityofthealgorithm,andthenobtaintheexcessiverewardthatdoesn'tmatchtheactualcontribution.
Selshminingattack:Amaliciousminingpooldecidesnottoreleasetheblockitnds,andthuscreatesafork.
Whentheprivateforkislongerthanthepublicchain,themaliciousminingpoolissuestheprivatefork.
Becausetheforkisthelongestchaininthecurrentnetwork,itwillberecognizedasalegalchainbyhonestminers,sotheoriginalpublicchainandthehonestdataitcontainswillbediscarded.
Theresultsofthestudyindicatethatthemaliciousminingpoolswillyieldmorebenetsnormallybyusingselshminingstrategies.
Butsuchattacksusuallyrequirehugehashpowerasasupport.
Centralization:Theexistenceoftheminingpoolviolatestheprincipleofdecentralizationoftheblockchain.
Theoretically,ifitcancontrolatleast51%ofthehashpowerofentirenetwork,itwillbeabletomonopolizetheminingright,billingrightanddistributionright,whichwillaecttheecologicalsecurityoftheblockchain,sothatthecreditsystemofthecryptocurrencywillceasetoexistandthecryptocurrencysystemwillbecompletelydestroyed.
PossibleMethods.
Itisimpossibleforanyonepartytorespondtovariousattacksattheapplicationlayer.
Theapplicationdevelopersshouldensurethatthesoft-waresdon'tcontaindiscoveredvulnerabilitiesandarethoroughlytested.
Asthecentralnode,suchasatradingplatform,real-timemonitoringofsystemhealthandsomeprotectedmethods(e.
g.
dataencryptionstorage,etc.
)arerequiredtoensurethatthesystemisnotsubjecttointernalandexternalattacks.
Allemployeesshouldbesystematicallytrainedbeforetheyareemployedtoavoidbecominganattackportal.
Asauser,youshouldbeabletokeepyourownaccountandkeyproperly,distinguishbetweentrueandfalseinformationandbecautiousintradingtoavoidphishingattacks.
SmartContractLayer.
Asmartcontractismorethanjustacomputerpro-gramthatcanbeexecutedautomatically.
Itisasystemparticipant.
Itrespondstothereceivedmessage,itcanreceiveandstorevalue,anditcansendoutinfor-mationandvalue[22].
Forthesecurityrisksofsmartcontracts,thefollowingattacksaresummarized.
ReentrancyAttack.
Theessenceofreentrancyattackistohijackthecontractcontrolowanddestroytheatomicityofthetransaction,whichcanbeunder-stoodasalogicalraceconditionproblem.
Forexample,TheDAOwasattacked,AnOverviewofBlockchainSecurityAnalysis63andtheattackerusedthevulnerabilityinthecontracttolaunchareentrancyattackandgained60milliondollars.
Inordertorecoverthispartofthefunds,theEthereumcommunitydecidedtoperformahardfork,rollbackallthetrans-actionrecordssincethestartoftheattackandxthecontractvulnerabilitiesinthenewbranch.
Thevulnerabilityisdescribedbelow.
HereisasimpliedversionofTheDAOcontract:contractSimpleDAO{mapping(address=>uint)publiccredit;functiondonate(addressto){credit[to]+=msg.
value;}functionqueryCredit(addressto)returns(uint){returncredit[to];}functionwithdraw(uintamount){if(credit[msg.
sender]>=amount){msg.
sender.
call.
value(amount)();credit[msg.
sender]=amount;}}}ParticipantscallthedonatefunctiontodonatetheirownEthertoacontractaddress,thedonationinformationisstoredinthecreditarray,andtherecipientcontractcallsTheDAO'swithdrawfunctiontoreceivefunds.
Beforeactuallysendingthetransaction,TheDAOchecksifthereisenoughdonationinthecreditarray,andafterthetransactionisover,thetransactionamountisreducedfromcredit.
TheattackerrstconstructsamaliciouscontractMallory,asfollows:contractMallory{SimpleDAOpublicdao=SimpleDAO(0x354addressowner;functionMallory(){owner=msg.
sender;}function(){dao.
withdraw(dao.
queryCredit(this));}functiongetJackpot(){owner.
send(this.
balance);}}AfterMallorydeployed,theattackercallsTheDAO'sdonatefunctiontodonateabitofEthertotheMallorycontract.
AftertriggeringMallory'sfallbackfunction(unnamedfunction),therearemanytriggermethods,suchastransfermoneytoMallory.
ThefallbackfunctionwillcallTheDAO'swithdrawfunctionandextractallthefundsthatbelongtoit.
Itseemstobenoproblemsofar.
How-ever,aftermsg.
sender.
call.
value(amount)()inthewithdrawisexecuted,Mal-lory'sfallbackfunctionisautomaticallycalledafterthetransferiscompletedduetothetransferoperationfeature,sothewithdrawfunctioniscalledagain.
Becausecreditisnotupdatedatthistime,soyoucanstillwithdrawmoney64H.
Wangetal.
normally,thenyoufallintoarecursiveloop,andeachtimeyoucanextractapartofEtherintheDAOtotheMallorycontract.
Thisloopwillcontinueuntiloneofthreeconditionsoccurs,gasisexhausted,thecallstackisfull,andTheDAObalanceisinsucient.
Anexceptionisthrownwhenoneoftheaboveconditionsoccurs.
DuetothecharacteristicsoftheSolidityexceptionhandling,allprevioustransactionsarevalid.
Theoretically,repeatingthisoperationcanextractalltheEtherofTheDAO'stoMallory.
UnauthorizedAccessAttack.
Mostofthisattackduetofailuretomakeexplicitfunctionvisibility,orfailstodosucientpermissionchecks,whichcancauseanattackertoaccessormodifyafunctionorvariablethatshouldnotbeaccessed.
Forexample,amulti-signaturecontractvulnerabilityintheParitywalletwasexploitedbyanattackertostealatotalof153,037Etherinthreetimes.
ThenParityocialblogandTwitterreleasedsecurityalert[23]andupdatedthenewversionofthelibrarycontract.
ThebugcomesfromtheMulti-Siglibraryleenhanced-wallet.
solwrittenbyParity'sfounderGavinWood.
Theattackerexploitedthebugtoresetthewalletowner,tookoverthewalletandstolenallthefunds.
Thisisessentiallyabreachofauthorityinthecontract.
SolidityDevelopmentSecurity.
Possiblebugswhenwritingsmartcontractsinclude:Racecondition:Thebiggestriskofcallinganexternalfunctionisthatthecallingbehaviormaycausethecontrolowtobehijackedandaccidentallymod-ifythecontractdata.
Thistypeofbughasmanyspecicforms,suchasreentrantandcross-functionraceconditions.
Transaction-OrderingDependence:Aattackercanconstructhisowntrans-actionbasedontheorderinformationcontainedinthependingtransactions,andtrytogethistransactiontobewrittenintotheblockbeforeothers.
Integeroverowandunderow:Whenprogramming,youshouldthinkaboutwhetherintegeroverowscanoccur,howthestateofuintvariableswillbetransferred,andwhohastheauthoritytomodifythosevariables.
DenialofServiceAttackBasedonExceptionRollback:Forexample,acrowd-fundingcontractgivesarefundtoaparticipant.
Thecontractmayneedtotra-verseanarraytoprocessarefundforagroupofusers.
Thesimpleideaisthateveryrefundissuccessful,otherwisetheprogramshouldberolledback.
Theconsequenceofthispracticeisthatoneofthemalicioususersforcedtherefundtofailandalluserswereunabletoreceivetherefund.
Itisrecommendedtouseapullpaymentmechanism,whichseparatestherefundoperationintoanindependentfunction,whichiscalledbytherefundrecipienttopulltherefund.
PossibleMethods.
Onceasmartcontractisdeployedinadistributed,decen-tralizednetwork,itisdiculttochange.
Itpreventsdatamanipulationandestablishesatrustmechanismbasedontheencryptionalgorithm.
Ontheotherhand,whentheblockchainisfacingasecurityattack,itlacksaneectivecor-rectionmechanismandisdiculttoreverse.
Therefore,beforethedevelopmentofsmartcontracts,itisnecessarytoguardagainstthevulnerabilitiesthathaveAnOverviewofBlockchainSecurityAnalysis65alreadyoccurred.
Itshouldconductsucientsecuritytestsbeforeissued.
Pro-fessionalsperformcodeoptimizationsinatimelymanner,conductregularcodeaudits,andmonitorabnormalbehaviorofdeployedcontractstoreducelosses.
IncentiveLayer.
Thepurposeoftheincentivelayeristoprovidecertainincentivestoencouragenodestoparticipateinthesecurityvericationoftheblockchain.
Thesecurityoftheblockchaindependsontheparticipationofmanynodes.
Forexample,thesecurityoftheBitcoinblockchainisbasedonthegreathashpowerthatmanynodesparticipateintheproofofworkwhichmakesitimpossibleforanattackertoprovideahigheramountofcomputation.
Thever-icationprocessofanodeusuallyconsumescomputingresourcesandelectricpower.
Inordertoencouragenodeparticipation,theblockchainusuallyrewardsparticipantsintheformofvirtualcurrency.
Bitcoin,Litecoin,andEtherareallproductsofthismechanism.
Blockchainprojectsneedtoadapttothemarkettoautomaticallyadjusttherewards,ratherthansimplyreducingthem.
Intheblockchainprojectrewardmechanism,whenthenode'sworkingcostisclosetoorgreaterthantheincome,theyoftenchoosenottoworkforthisblockchain,whichcaneasilyleadtocen-tralizationproblems.
ConsensusLayer.
TheconsensusmechanismgivestheblockchainthesoultodierentiateitfromotherP2Ptechnologies.
Commonlyusedconsensusmech-anismsareProofofWork(PoW),ProofofStake(PoS),andDelegatedProofofStake(DPoS).
ThepossibleattacksincludeBribeAttack,Long-RangAttack,AccumulationAttack,PrecomputingAttackandSybilAttack.
Table1showstheapplicationscopeoftheattacksfortheconsensusmechanisms.
Table1.
AttackmethodsandapplicationscopeforconsensusmechanismAttackmethodsPoWPoSDPoSBribeAttack+Long-RangeAttack++CoinAgeAccumulationAttack++PrecomputingAttack+SybilAttack+++Atpresent,theexistingconsensusmechanismsarenotperfect,anditisnec-essarytoexploreamoresecureandfasterconsensusmechanismwhileincreasingthedicultyofexistingattacks.
NetworkLayer.
Theinformationtransmissionoftheblockchainmainlydependsonthepeer-to-peernetwork.
TheP2Pnetworkreliesonnearbynodes66H.
Wangetal.
forinformationtransmissioninwhichitmustexposeeachother'sIP.
Ifthereisanattackerinthenetwork,itisveryeasytobringsecuritythreatstoothernodes.
ThenodeofthepublicblockchainnetworkmaybeanordinaryhomePC,acloudserver,etc.
,anditssecuritymustbeuneven.
Theremustbeanodewithpoorsecurity,andattackingitwilldirectlythreatentheothernodes.
Themainattacksareasfollows.
Eclipseattack:Thenodeiskeptinanisolatednetworkbyhoardingandoccupyingthevictim'sslots.
Thistypeofattackisdesignedtoblockthelat-estblockchaininformationfromenteringtheeclipsenode,therebyisolatingthenodes[24].
BGPhijacking:Atpresent,thesecurityresearchershaveprovedtheconcep-tualfeasibilityoftheattack.
FromNovember5,2015,toNovember15,2016,throughtheanalysisandstatisticsofthenodenetwork,mostofthebitcoinnodesarecurrentlyhostedinafewspecicInternetServiceProviders(ISP),while60%ofBitcoinconnectionsareintheseISPs.
Therefore,theseISPscansee60%ofBitcointrac,andcanalsocontrolthetracofthecurrentBit-coinnetwork.
Theresearchersveriedthatatleasttwoattacksareconceptualfeasiblethroughthehijackingscenario,andgivenvalidationcode[25].
Thesecuritydefenseforthenetworklayercanbemainlyimprovedfromtwoaspects:P2Pnetworksecurityandnetworkauthenticationmechanism.
Inthetransmissionprocessofthenetwork,areliableencryptionalgorithmisusedfortransmissiontopreventmaliciousattackersfromstealingorhijackingthenodenetwork.
Strengthenthevalidity,rationalityandsecurityofdatatransmissioninnetwork.
Clientnodesshoulddothenecessaryvericationforimportantopera-tionsandinformation.
DataLayerBlockData.
Maliciousinformationattack:Writemaliciousinformation,suchasvirussignatures,politicallysensitivetopics,etc.
intheblockchain.
Withthedataundeletefeatureoftheblockchain,informationisdiculttodeleteafteritiswrittenintheblockchain.
Ifmaliciousinformationappearsintheblockchain,itwillbesubjecttomanyproblems.
AteamofresearchersattheRWTHAachenUniversityandtheGoetheUniversityFrankfurtinGermanypointedoutthatamongthe1,600documentsaddedtotheBitcoinblockchain,59lescontainedlinkstoillegalchildren'spic-tures,politicallysensitivecontentorprivacyviolations[26].
Currently,onlyafewBitcoinblockchaintransactionscontainotherdata.
IntheBitcoinblockchain,about1.
4%ofthe251milliontransactionscontainotherdata,thatis,onlyafewofthesetransactionscontainillegalorundesirablecontent[26].
Still,evensuchsmallamountsofillegalorinappropriatecontentcanputparticipantsatrisk.
SignatureandEncryptionMethod.
Cryptographyisthekeytoensurethesecu-rityandtamperresistanceofblockchain,andblockchaintechnologyreliesheavilyAnOverviewofBlockchainSecurityAnalysis67ontheresearchresultsofcryptography,whichprovidesakeyguaranteefortheinformationintegrity,authenticationandnon-repudiationoftheblockchain.
Asamainstayoftheblockchain,theencryptiontechnologyisparticularlyimportant.
Forexample,theMD5andSHA1hashalgorithmspopularinpreviousyearsbuthavebeenprovedtobeinsucientlysecure.
Atpresent,theSHA256algorithmiswidelyusedinbitcoin.
Sofar,thisalgorithmisstillsafe,butwiththedevelopmentofnewtechnologyandresearch,itmaynotbesafeinthefuture.
Therefore,whendesigningblockchainapplications,itisimportanttocarefullychoosetheencryptionmethod.
Currentmainstreamsignaturemethodsincludeaggregatesignature,groupsignature,ringsignature,blindsignature,proxysig-nature,interactiveincontestablesignature(IIS),blindedveriableencryptedsignature(BVES),andsoon.
Attacksoncryptographicalgorithms,especiallythehashfunctions,includebrute-forceattack,collisionattack,lengthexpansionattack,backdoorattackandquantumattack.
3.
3NetworkSupervisionofBlockchainWhileblockchainbringstechnologicalinnovation,italsobringshugechallengesfornetworksupervision.
Thetraditionalsupervisionmodeismostlycentralizedmanagement.
Howtousetheblockchaintechnologyandthecurrentlegalsystemtosupervisetheapplicationoftheblockchainisoneoftheproblemsthatthegovernmentandtheindustrypayattentionto.
Inordertoovercometheproblemsofblockchaininnetworksupervision,itisnecessarytocrosstheunderlyingtechnologyandthinkabouthowtocombinethespeciccasesoftechnologyapplicationwithsupervision.
Atpresent,byclas-sifyingapplicationcases,theycanbedividedintothreecategories,"RecyclingBox","DarkBox"and"Sandbox"[27].
Theapplicationcasesineachcategorybringmanychallengesforthelegal,supervisionanddecision-makingdepart-ments.
Thethreecategoriesarefullyanalyzedbelow.
3.
4"RecyclingBox""Recyclingbox"arethosecasesthatattempttosolveindustrypainpointsthroughblockchainsolutionsinabetter,faster,andcheaperway.
Theirgoalsarenotillegal,andthemotivationissimple.
Intheprocessoftheapplicationlaunched,thenetworksupervisionauthoritiescanimplementsupervisiononlybymakingminormodicationstothecurrentsupervisionframework.
ThemosttypicalexampleistheinterbanksettlementsystemdevelopedbyRipple.
Thepaymentsolutionusesasingledistributedledgertoconnecttheworld'smajornancialinstitutionsandcross-banktransactionsthatoccurbetweeneachothercanbedoneinrealtime.
Comparedwiththetraditionalmethod,itnotonlysavesalotoftime,improveseciency,butalsosavesaservicefee[27].
68H.
Wangetal.
3.
5"DarkBox""Darkbox",itssourceissimilarto"darknet".
Casesbelongingtothiscategory,withoutexception,allcontradictthecurrentlaw.
Suchcasesarenumerous,forexample,theonlinedrugmarket,thearmsmarketorotherillegalgoodsmarket,humantrackingnetworks,terroristnancingandcommunicationnetworks,moneylaunderingandtaxevasioncanallbeclassiedassuch.
Theseillegalserviceshaveexistedinthedarknetworkforalongtime.
Nowadays,becauseoftheapplicationofblockchaintechnology,someofthemarelikediscoveringtheNewWorld.
It'seasytoidentifythe"darkbox",butitcanbediculttotrytostopthem[27].
Thereasonwhythe"darkbox"isdiculttobestoppedisthatinrecentyears,thedigitalcurrencyhasbecomeanimportanttoolformoneylaundering,illegaltransactions,andescapingforeignexchangecontrolduetoitsanonymityanddecentralization.
Digitalcurrencydoesnotrequireacreditcardandbankaccountinformation.
Criminalscanavoidthesupervisionagenciesandcannottracethesourceanddestinationoffundsthroughtraditionalcapitaltransactionrecords,whichmakestraditionalsupervisionmethodsmalfunction.
3.
6"Sandbox"The"sandbox"isoneofthemostexcitingandheadachesforlegislatorsinthesethreecategories,andmanyofthemostdisruptiveandpublicinterestcasesfallintothiscategory.
Theterm"sandbox"wastakenfromarecentinitiativebytheFinancialConductAuthority(FCA)called"RegulatorySandbox".
Appli-cationcasesbelongingtothiscategoryhaveveryvaluablebusinessobjectives,butthecurrentsituationisthatduetothevariouscharacteristicsofthedis-tributedledgertechnology,mostofthesecasescannotmeettheexistingsuper-visionrequirements.
Theircommonfeatureiswhatthebusinesspursuedislegal,butitmaycausevariousrisks,sothegovernmentwillnotletitgoandwillhaveappropriatesupervision.
Thetypicalcaseispeer-to-peer(P2P)funding.
ItisnecessarytomentiontheventurecapitalfundTheDAObasedontheblockchain.
AlthoughTheDAO'sICOisnodierentfromordinaryventurecapital,theirgoalsarealltoinvestinastartup.
Itseemstohavenothingtodowithillegality.
However,thewayTheDAOworksisnotnormalatall,whichisoneofthereasonswhyitwillbeincompatiblewiththeexistinglegalsystem.
TheDAOhasnophysicalexistence,nolegalstatusinanyjurisdiction,noleadership,management,orevenemployees.
Alloperationsareautomaticallydonebytheblockchaininadecentralizedmanner.
Itisnotresponsibletoanyoneexceptthoseanonymousdonors.
TechCrunchcommentedonsuchorganizationsas"completelytransparent","shareholdershavefullcontrol",and"unparalleledexibilityandself-governance".
Atpresent,theskillspossessedbymostoftheregulatorsarehighlyspecial-ized,andtheyareonlysuitableforacertainplace.
Theapplicationsofblockchainaremostlyglobal,andthecoverageareaisverywide.
ThisalsoexplainswhytheAnOverviewofBlockchainSecurityAnalysis69FCA'sproposedregulatorysandboxprogramhassueredacoldspotassoonasitwaslaunched,andmanyblockchainstartupshaveexpressednointerestinit.
4TheCurrentStatusofBlockchainSecurityProtectionBlockchaintechnologyiscurrentlyintheearlystageofdevelopment.
Therearemanysecurityissuesfromtheunderlyingtechnologytotheupperapplication.
Thethirdchapterhasanalyzedthevulnerabilitiesofeachlayeroftheblockchainandthepossibleattacks.
Atpresent,whenstudyingblockchainsecurity,mostofthescholarsmainlyfocusonintegrity,privacyprotectionandscalability[4].
Defensesagainsttheseattackshavebeengiveninsomepapers.
Intheblockchainintegrityprotectionaspect,forexample,forselshminingattacks,Eya[28]andHeilman[29]bothproposeddefensivemeasures.
TheexistenceofProofofWorkmechanismandthelargenumberofhonestminersmaketheblockchainintegrityprotected.
Althoughtheblockchainprovidesanonymization,itisnotcompletelyanony-mous.
Theattackercanstillperformcertainmappingbyanalyzingnetworktraf-candtransactioninformation.
Intheliterature[30–32],scholarsanalyzedandadvancedahybridmechanism.
It'smainideaisthattheusersendssomebitcoinfromanaddressandputsthebitcoinintoanotheraddressinsuchawaythatitisdiculttondthecorrespondencebetweentheinputandoutputaddressesofthesameuser.
Atpresent,therearetwomaintypesofmethodsforblockchainprivacyprotection:Oneistoaddananonymousprotectionmechanismtoanexistingblockchainthroughatechnologysuchas"securetransmission".
AnotherpossibleapproachistocreateanewblockchainthatisincompatiblewiththeBitcoinsystem,suchasZerocash,whichprovidesanonymitybyusingnewprimi-tivesinitsblock[33].
Infact,somemoreforward-lookingtechnologieshavebeenstudiedtoobtainabetteranonymityguarantee,suchasCoinjoinsolutions,softwarethatprovidesanonymousfunctionality(e.
g.
Mimblewimble)andnext-generationencryptiontechnologyrepresentedbyattribute-basedencryption.
Cryptographyisthecornerstoneofblockchaintechnology.
Oncethehashfunctionorencryptionalgorithmisnolongersecure,thesecurityoftheblockchainwillnolongerexist.
ThehashfunctionSHA256andtheencryptionalgorithmellipticcurvecryptographyusedfortheblockchainarestillsafe,butwiththedevelopmentofnewtechnologies(e.
g.
quantumcomputing),itssecu-rityremainstobediscussed.
Therefore,weshouldpayattentiontonewresearchresultsinatimelymannerandactivelyseekmoresecurealgorithms.
Blockchaintechnologycurrentlyhasmanysecurityproblems,butanyinno-vativetechnologyneedsaprocessofcontinuousproblemsolvingfrombirthtomaturity,soastheblockchain.
What'smore,featuresoftheblockchainlikeelim-inatingthecenter,eliminatingtrust,andtamper-resistance,cansolveproblemsexistinmanyindustries.
70H.
Wangetal.
5ConclusionAsanemergingtechnology,theinherentdatasecurityandeectiveprivacypro-tectionmaketheblockchainindustrybeusedmoreandmorewidely.
However,itisworthnotingthatwiththeexpansionofitsapplication,moreandmorenewtypesofsecuritythreatsareemergingtargetedontheblockchain.
Thewaytostrengthenthesecurityprotectionoftheblockchainneedsfurtherresearchindeed.
Thesecondchapterofthispaperintroducestheapplicationscenariosofblockchaintechnologyindierenteldsandanalyzesthecorrespondingprojects.
Thethirdchapterfocusesonthesecurityanalysisofthetechnologyandappli-cationofeachlayeroftheblockchain,andsummarizesthevulnerabilitiesandpossibleattacks.
Thefourthchaptersummarizesthecurrentstatusofblockchainsecurityprotection,itshowsthatmoreresearchisneededonthesecurityaspect.
Accordingtoalargenumberofpapershavebeenresearched,mostusersandresearchersoftheblockchainpaymoreattentiontotheapplicationofblockchainsandtechnologyitself,butlessattentionandresearchestosecurity.
Wethinkblockchainanonymityresearchandupper-levelsecurity,especiallysmartcon-tractlayerandapplicationlayersecurityrequirescontinuousattentionandresearch.
Ihopethattheworkofthispapercanalertthepractitioner"networksecurityoftheblockchainisstillwaitingfordeeperresearch".
References1.
Nakamoto,S.
:Bitcoin:apeer-to-peerelectroniccashsystem(2008)2.
Zhao,G.
:Blockchain:thecornerstoneofthevalueInternet.
PublishingHouseofElectronicsIndustry,Beijing(2016)3.
Yang,B.
,Chen,C.
:BlockchainPrinciple,DesignandApplication.
ChinaMachinePress,Beijing(2017)4.
Fang,W.
,Zhang,W.
,Pan,T.
,etal.
:Cybersecurityinblockchain:threatsandcountermeasures.
J.
CyberSecur.
3(2),87–104(2018)5.
Distributedledgertechnologiesinsecuritiespost-trading.
https://www.
ecb.
europa.
eu/pub/pdf/scpops/ecbop172.
en.
pdf.
Accessed4July20186.
IBMNews.
https://www.
ibm.
com/news/cn/zh/2016/10/19/D468881I72849Y25.
html.
Accessed4July20187.
Benet,J.
:IPFS-ContentAddressed,Versioned,P2PFileSystem.
https://github.
com/ipfs/papers/raw/master/ipfs-cap2pfs/ipfs-p2p-le-system.
pdf.
Accessed4July20188.
RedChainWhitePaper.
https://cdn.
thiwoo.
com/RedChain/reeedwhite.
pdf.
Accessed4July20189.
UNetwork:ADecentralizedProtocolforPublishingandValuingOnlineContent.
https://u.
network/Uwhitepaperen.
pdf.
Accessed4July201810.
YOYOWWhitePaper.
https://yoyow.
org/les/white-paper3.
pdf.
Accessed4July201811.
BIHUWhitePaper.
https://home.
bihu.
com/whitePaper.
pdf.
Accessed4July201812.
BCSECSecurityTrendAnalysis.
https://bcsec.
org/analyse.
Accessed4July201813.
CHAITINTECH,ConsenSys.
:BlockchainSecurityGuide.
https://chaitin.
cn/cn/download/blockchainsecurityguide20180507.
pdf.
Accessed4July2018AnOverviewofBlockchainSecurityAnalysis7114.
YoubitFilesforBankruptcyAfterSecondHackThisYear.
https://www.
ccn.
com/south-korean-exchange-youbit-declares-bankruptcy-after-second-hack-this-year.
Accessed4July201815.
BlockchainSecurityv1.
https://bcsec.
org/report.
Accessed4July201816.
GLOBALDDOSTHREATLANDSCAPEQ32017.
https://www.
incapsula.
com/ddos-report/ddos-report-q3-2017.
html.
Accessed4July201817.
BitnexAttackedStatement.
https://twitter.
com/bitnex/status/940593291208331264.
Accessed4July201818.
MtGoxAccountDatabaseLeaked.
https://news.
ycombinator.
com/itemid=2671612.
Accessed4July201819.
LulzSecRogueSuspectedofBitcoinHack.
https://www.
theguardian.
com/technology/2011/jun/22/lulzsec-rogue-suspected-of-bitcoin-hack.
Accessed4July201820.
BitcoinTradingPlatformMt.
GoxFiledforBankruptcyProtection.
http://www.
bbc.
com/zhongwen/simp/business/2014/02/140228bitcoin.
Accessed4July201821.
PoolDistribution.
https://btc.
com/stats/poolpoolmode=month.
Accessed4July201822.
SmartContractWiki.
https://github.
com/EthFans/wiki/wiki/%E6%99%BA%E8%83%BD%E5%90%88%E7%BA%A6.
Accessed4July201823.
ParitySecurityAlert.
https://paritytech.
io/security-alert.
Accessed4July201824.
Heilman,E.
,Kendler,A.
,Zohar,A.
,etal.
:EclipseattacksonBitcoin'speer-to-peernetwork.
In:UsenixConferenceonSecuritySymposium(2015)25.
BGPHijack-btc.
https://github.
com/nsg-ethz/hijack-btc.
Accessed4July201826.
Matzutt,R.
,Hiller,J.
,Henze,M.
,etal.
:Aquantitativeanalysisoftheimpactofarbitraryblockchaincontentonbitcoin.
In:22ndInternationalConferenceonFinancialCryptographyandDataSecurity.
Springer,Curacao(2018)27.
DepthLongTextInterpretationofBlockchainandSupervision:"recyclingboxes","blackboxes"and"sandboxes".
https://www.
pintu360.
com/a49882.
htmls=87&o=1.
Accessed4July201828.
Eyal,I.
,Sirer,E.
G.
:Majorityisnotenough:bitcoinminingisvulnerable.
Commun.
ACM61(7),95–102(2018)29.
Heilman,E.
:Oneweirdtricktostopselshminers:freshbitcoins,asolutionforthehonestminer(posterabstract).
In:B¨ohme,R.
,Brenner,M.
,Moore,T.
,Smith,M.
(eds.
)FC2014.
LNCS,vol.
8438,pp.
161–162.
Springer,Heidelberg(2014).
https://doi.
org/10.
1007/978-3-662-44774-11230.
Valenta,L.
,Rowan,B.
:Blindcoin:blinded,accountablemixesforbitcoin.
In:Brenner,M.
,Christin,N.
,Johnson,B.
,Rohlo,K.
(eds.
)FC2015.
LNCS,vol.
8976,pp.
112–126.
Springer,Heidelberg(2015).
https://doi.
org/10.
1007/978-3-662-48051-9931.
Bissias,G.
,Ozisik,A.
P.
,Levine,B.
N.
,etal.
:Sybil-resistantmixingforbitcoin.
In:Proceedingsofthe13thWorkshoponPrivacyintheElectronicSociety.
ACM(2015)32.
Meiklejohn,S.
,Orlandi,C.
:Privacy-enhancingoverlaysinbitcoin.
In:Brenner,M.
,Christin,N.
,Johnson,B.
,Rohlo,K.
(eds.
)FC2015.
LNCS,vol.
8976,pp.
127–141.
Springer,Heidelberg(2015).
https://doi.
org/10.
1007/978-3-662-48051-91033.
Sasson,E.
B.
,Chiesa,A.
,Garman,C.
,etal.
:Zerocash:decentralizedanonymouspaymentsfrombitcoin.
In:SecurityandPrivacy,pp.
459–474.
IEEE(2014)72H.
Wangetal.
OpenAccessThischapterislicensedunderthetermsoftheCreativeCommonsAttribution4.
0InternationalLicense(http://creativecommons.
org/licenses/by/4.
0/),whichpermitsuse,sharing,adaptation,distributionandreproductioninanymediumorformat,aslongasyougiveappropriatecredittotheoriginalauthor(s)andthesource,providealinktotheCreativeCommonslicenseandindicateifchangesweremade.
Theimagesorotherthirdpartymaterialinthischapterareincludedinthechapter'sCreativeCommonslicense,unlessindicatedotherwiseinacreditlinetothematerial.
Ifmaterialisnotincludedinthechapter'sCreativeCommonslicenseandyourintendeduseisnotpermittedbystatutoryregulationorexceedsthepermitteduse,youwillneedtoobtainpermissiondirectlyfromthecopyrightholder.