TPS&51%Attack

Transcript

1. ABOUT TPS & 51% ATTACK CRYPGEEK 30/6/2018 Blockchainษڧձ #10 @r_etx

2. Proof of Workͷ࿮૊ΈͰɺTPSΛ͍࣋ͬͨ͋͛ͨ

3. TPSͱ͸ɺ

4. transaction per secͷུͰɺҰඵؒ͋ͨΓʹ͞͹͚Δ transactionͷྔΛද͢ɻ TPS͕খ͍͞ͱtransaction͕٧·ͬͯঝೝʹ͕͔͔࣌ؒΔɻ VISA 2000TPS( daily peak rate

   of 4000 TPS) Pay Pal 115TPS so let’s take 4000 TPS as starting goal!!

5. transaction per secͷུͰɺҰඵؒ͋ͨΓʹ͞͹͚Δ transactionͷྔΛද͢ɻ TPS͕খ͍͞ͱtransaction͕٧·ͬͯঝೝʹ͕͔͔࣌ؒΔɻ VISA 2000TPS( daily peak rate

   of 4000 TPS) Pay Pal 115TPS BTC 7TPS

6. transaction per secͷུͰɺҰඵؒ͋ͨΓʹ͞͹͚Δ transactionͷྔΛද͢ɻ TPS͕খ͍͞ͱtransaction͕٧·ͬͯঝೝʹ͕͔͔࣌ؒΔɻ more over Online game 100000TPS

7. transaction per secͷུͰɺҰඵؒ͋ͨΓʹ͞͹͚Δ transactionͷྔΛද͢ɻ TPS͕খ͍͞ͱtransaction͕٧·ͬͯঝೝʹ͕͔͔࣌ؒΔɻ Ωπ͍͡ΌΜ!

8. Proof of Workͷ࿮૊ΈͰɺTPSΛ͍࣋ͬͨ͋͛ͨ

9. TPSͷఆࣜԽ TPS(λ, b) = β(λ, b) ⋅ b ⋅ K

   K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)

10. TPS(λ, b) = β(λ, b) ⋅ b ⋅ K ҰඵؒͰ࢖͑ΔKB

    1/KB ͋ͨΓͷTx K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB) TPSͷఆࣜԽ

11. TPS(λ, b) = β(λ, b) ⋅ b ⋅ K ҰඵؒͰ࢖͑ΔKB

    1/KB ͋ͨΓͷTx TPSͷఆࣜԽ β ͸ɺɹ ͷؔ਺ɻ ͱɹ ͷҧ͍͸? β λ λ

12. ωοτϫʔΫͰ৽͍͠Block͕ੜ੒͞ΕΔ·Ͱ ฏۉ10෼(=600[s])ʹͳΔΑ͏ʹઃఆ͞Ε͍ͯΔɻ λ ; Block Treeʹblock͕௥Ճ͞ΕΔׂ߹ ϒϩοΫ͕஍ٿ্Ͱڞ༗͞ΕΔͷʹ͔͔Δ࣌ؒΑΓ΋ ৽͍͠Block͕ੜ੒͞ΕΔ·Ͱͷ͔͔Δ ฏۉͷ͕࣌ؒ௕͘ͳΔΑ͏ʹઃఆ͞Ε͍ͯΔɻ BitcoinͰ͸ɺ

    λ = 1 600

13. ωοτϫʔΫͰ৽͍͠Block͕ੜ੒͞ΕΔ·Ͱ ฏۉ10෼(=600[s])ʹͳΔΑ͏ʹઃఆ͞Ε͍ͯΔɻ λ = 1 600 β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹ (Networkʹ͓͚Δ஗Ԇ΍ForkΛߟྀ͍ͯ͠Δ) λ

    ; Block Treeʹblock͕௥Ճ͞ΕΔׂ߹

14. ωοτϫʔΫͰ৽͍͠Block͕ੜ੒͞ΕΔ·Ͱ ฏۉ10෼(=600[s])ʹͳΔΑ͏ʹઃఆ͞Ε͍ͯΔɻ λ ; Block Treeʹblock͕௥Ճ͞ΕΔׂ߹ BitcoinͰ͸ɺ λ = 1

    600 β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹ (NetworkͰͷ஗Ԇ΋ؚΜͰ͍Δ) β(λ, b)

15. 0OF
    NPSF

16. Topology of network

17. Topology of network ࠓճ͸ߟ͑ͳ͍ɻ

18. TPSͷఆࣜԽ TPS(λ, b) = β(λ, b) ⋅ b ⋅ K

    TPSΛ૿΍͔ͨͬͨ͠Βɺࡾͭͷํ๏͕͋Δ ҰඵؒͰ࢖͑ΔKB 1/KB ͋ͨΓͷTx K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺Λ૿΍͢ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹Λ૿΍͢ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)Λ૿΍͢

19. Txͷ༰ྔΛখ͘͢͞Δɻ SegwitͳͲ K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺Λ૿΍͢ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹Λ૿΍͢ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)Λ૿΍͢

20. Big Block Bitcoin CashͳͲͰ࠾༻ K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺Λ૿΍͢ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹Λ૿΍͢ b

    ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)Λ૿΍͢

21. 10෼ؒʹҰ౓Ͱ͸ͳ͘ɺ ΋ͬͱ୹͍࣌ؒ಺ʹBlock͕ੜ੒͞ΕΔΑ͏ʹ͢Δ K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺Λ૿΍͢ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹Λ૿΍͢ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)Λ૿΍͢

22. K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺Λ૿΍͢ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹Λ૿΍͢ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)Λ૿΍͢ 5ISPVHIQVU
    514

    #MPDL
    TJ[F
    C #MPDL
    SBUF
    Е 'PSL
    JO
    #MPDL
    5SFF 4FDVSJUZ
    ЌЕ

23. K ; 1KB͋ͨΓͷτϥϯβΫΫγϣϯ਺Λ૿΍͢ β ;ϒϩοΫ͕ϝΠϯνΣʔϯʹ௥Ճ͞ΕΔׂ߹Λ૿΍͢ b ; ϒϩοΫͷ࠷େऩ༰αΠζ(KB)Λ૿΍͢ ͲͪΒͷ৔߹΋ɺϑΥʔΫ͕ى͖΍͘͢ͳΓ ҆શੑ͕௿Լ͢Δɻ(51%

    Atttackʹऑ͘ͳΔ)

24. 51% Attack

25. Security Attacker͕ɺHonest nodeͷ computational power ͷ q ͷׂ߹ʹ૬౰͢Δcomputational power Λ͍࣋ͬͯΔͱ͢Δɻ

    λh β(λh , b) > qλh AttackerͷBlock Creation rate honest nodeͷmain chain creation rate Ͱ͋Ε͹҆શɻ

26. Larger Blocks Blockͷେ͖͕͞૿͑Δͱɺάϥϑʹࣔ͢Α͏ʹɺ ஗Ԇ͕࣌ؒ૿Ճ͢ΔɻͦͷͨΊɺ৽͍͠Bock͕ੜ੒͞Εͨnode ͔Β཭Εͨnodeͷup date͕஗͘ͳΔɻ β(λh , b) >

    qλh Easy to attack β become smaller

27. Acceleration Block Creation Blockͷੜ੒͕༰қʹͳΓɺ৽͘͠ݟ͔ͭͬͨBlock͕ ఻ൖͯ͘͠ΔΑΓ΋લʹɺઌʹࣗ෼ͷnodeͰBlock͕ੜ੒͞ΕΔ Honest node͸ඇޮ཰ʹɺAttacker͸ޮ཰తʹϚΠχϯάͰ͖Δ β(λh , b)

    > qλh Easy to attack qλh become bigger

28. Using a GHOST GHOSTΛ༻͍Δ͜ͱʹΑͬͯɺForkͷͨ͠෼΋ ແବʹͳΒͣSecurityʹߟྀ͞ΕΔɻ β(λh , b) > qλh

    λh > qλh

29. Using a GHOST β(λh , b) > qλh λh >

    qλh 1 > q GHOSTΛ༻͍Δ͜ͱʹΑͬͯɺForkͷͨ͠෼΋ ແବʹͳΒͣSecurityʹߟྀ͞ΕΔɻHonest node ͱಉ͡ computational power ͕ͳ͍ͱ߈ܸ͕੒ޭ͠ͳ͍!!

30. Using a GHOST β(λh , b) > qλh λh >

    qλh 1 > q Block creation rateΛ͋͛ΒΕΔɻ Block sizeΛ͋͛ΒΕΔɻ

31. ͓·͚

32. Bob͸ɺAlice͔Β͓ՖΛങͬͯࢧ෷͓ͬͨۚΛୣ͍͍ͨɻ ͋Δ࣌ࠁtʹൃߦͨ͠txʹରͯ͠ɺTඵਐΜͩ࣌ࠁt+Tʹɺͦͷtxؚ͕·ΕΔ ϒϩοΫ͔Β͞Βʹ3ݸͷϒϩοΫ͕ঝೝ͞ΕͨͷΛ֬ೝ͠ɺAlice͸ɺBobʹ ͓ՖΛൃૹͨ͠ɻ ͜ͷঢ়گͰɺAlice͕Bob͔Β࠮ٗʹ߹͏֬཰ΛٻΊΑɻ ͨͩ͠ɺBob͸minerͰcomputational powerΛ 100͍࣋ͬͯΔɻ ͦΕҎ֎ͷਖ਼௚ͳminer͕͍࣋ͬͯΔ Computational

    power ͕ 300Ͱ͋Δͱ͢Δɻ

33. લఏʀ"UUBDLFS͸"MJDF͕ՖΛૹΔ·ͰӅΕͯ#MPDLΛੜ੒͢Δɻ
    BUUBDLFSͷDPNQVUBUJPOBM
    QPXFS͸ɺIPOFTU
    OPEFͷ
    )POFTU
    OPEF
    ͸ɺ"MJDF͕ՖΛૹΔ·Ͱʹ#MPDL
    ੜ੒ͨ͠ɻ
    ͜ͷͱ͖ɺ"UUBDLFS
    OPEFͰɺ"MJDF͕ՖΛૹΔ·ͰʹL
    CMPDLੜ੒͢Δ֬཰͸ɺ
    QPJTTPO
    ෼෍ͰܭࢉͰ͖ͯɺ P(k) = λke−λ k! ͜͜Ͱɺ"UUBDLFSͰͷ#MPDL
    ੜ੒ͷׂ߹ͷฏۉ஋ɹɹ͸ɺ

    λ λ = 3 × 1 3 = 1

34. Lͷ৔߹͸ɺӅΕͯੜ੒͍ͯͨ͠#MPDL͕NBJO
    DIBJOͱͯ͠࠾༻͞ΕΔɻ
    ҰํɺӅΕͯੜ੒͍ͯͨ͠DIBJO͕Lͷ࣌͸ɺ͞Βʹ#MPDLੜ੒͕ඞཁɻ
    ͕ͨͬͯ͠ɺ߈ܸ͕੒ޭ͢Δ֬཰͸ɺ P = ∞ ∑ k=0 λke−λ k!

    × ( 1 3 ) 3−k JG
    L
    
     JG
    L
    
     1 = 0.19597 ໿Ͱ੒ޭ͢Δɻ ݁ߏͰ͔͍
    "UUBDLFS͸ɺ͜ͷ߈ܸͰಘΒΕΔϝϦοτͱ௨ৗͷOPEFͱͯ͠
    NJOJOHใुͷϝϦοτΛൺֱͯ͠߹ཧతͳ൑அΛ͢Δɻ

35. Bob͸ɺAlice͔Β͓ՖΛങͬͯࢧ෷͓ͬͨۚΛୣ͍͍ͨɻ ͋Δ࣌ࠁtʹൃߦͨ͠txʹରͯ͠ɺTඵਐΜͩ࣌ࠁt+Tʹɺͦͷtxؚ͕·ΕΔ ϒϩοΫ͔Β͞Βʹ3ݸͷϒϩοΫ͕ঝೝ͞ΕͨͷΛ֬ೝ͠ɺAlice͸ɺBobʹ ͓ՖΛൃૹͨ͠ɻ ͜ͷঢ়گͰɺAlice͕Bob͔Β࠮ٗʹ߹͏֬཰ΛٻΊΑɻ ͨͩ͠ɺBob͸minerͰcomputational powerΛ 100͍࣋ͬͯΔɻ ͦΕҎ֎ͷਖ਼௚ͳminer͕͍࣋ͬͯΔ Computational

    power ͕ 300Ͱ͋Δͱ͢Δɻ

36. https://eprint.iacr.org/2013/881.pdf Reference https://bitcoin.org/bitcoin.pdf [1] [2]