区块链的51%攻击,区块链被攻击达到多少才能被篡改记录
近年来,随着区块链技术的发展,它被广泛应用于金融、保险、物流等领域,但是,区块链也存在一定的安全隐患,其中最为突出的就是51%攻击。
51%攻击是指某一方拥有整个区块链网络的51%的算力,从而拥有控制权,可以改变区块链网络中的记录,甚至可以双花,破坏区块链网络的安全性。
那么,区块链被攻击到多少才能被篡改记录呢?根据实际情况,当攻击者拥有超过51%的算力时,就可以篡改记录,所以,被攻击的算力至少要达到51%才能被篡改记录。
一旦被攻击者拥有超过51%的算力,就可以控制区块链网络,甚至可以改变历史记录,这将对区块链网络造成严重的损害。
因此,为了防止51%攻击的发生,必须加强区块链网络的安全性,加大算力分布的均衡性,使攻击者无法拥有超过51%的算力,从而保护区块链网络的安全性。
总之,区块链被攻击达到51%才能被篡改记录,因此,必须加强区块链网络的安全性,保护区块链网络的安全性。只有这样,才能有效地防止51%攻击的发生,确保区块链的安全性。
请查看相关英文文档
㈠ How should blockchain websites do some security protection work, and how to solve the problem when they are attacked
Weisan Cloud answered: Blockchain developers Some measures can be taken
The first is to use professional code audit services,
The second is to understand safe coding standards and nip them in the bud.
Security of cryptographic algorithms
The development of quantum computers will bring major security threats to the cryptographic systems currently used. Blockchain mainly relies on the elliptic curve public key encryption algorithm to generate digital signatures for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. cannot withstand quantum attacks in theory, and there will be greater risks. More and more Researchers are beginning to focus on cryptographic algorithms that are resistant to quantum attacks.
Of course, in addition to changing the algorithm, there is another way to improve security:
Refer to Bitcoin's handling of public key addresses to reduce the potential risks caused by public key leaks. As a user, especially a Bitcoin user, the balance after each transaction is stored in a new address to ensure that the public key of the address where Bitcoin funds are stored is not leaked.
Security of consensus mechanism
The current consensus mechanisms include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS). , Practical Byzantine Fault Tolerance (PBFT), etc.
㈡ In the blockchain, what is a 51% computing power attack?
In the Bitcoin white paper, there is such a statement: the sum of the computing power controlled by honest nodes is greater than that of a cooperative relationship The system is safe if the sum of the attacker's computing power.
In other words, when the computing power controlled by malicious nodes that have a cooperative relationship in the system exceeds the computing power controlled by honest nodes, the system is at risk of being attacked. This kind of attack initiated by a malicious node controlling more than 50% of the computing power is called a 51% attack.
Are all cryptocurrency systems at risk of a 51% computing power attack? In fact, it is not true. Only cryptocurrencies based on the PoW (Proof of Work) consensus mechanism are subject to 51% computing power attacks, such as Bitcoin, Bitcoin Cash, and the current Ethereum. Cryptocurrencies that are not PoW consensus algorithms are There is no 51% computing power attack, such as EOS, TRON, etc. based on the DPoS (Delegated Proof of Stake) consensus mechanism.
After learning about the 51% computing power attack, you must be curious about what bad things this attack can do.
1. Double Spending. Double spending means that one "money" is spent twice or evenrepeatedly.
How does the 51% computing power attack achieve double spending? Assume that Xiao Hei has 666 BTC. He pays Dabai these coins and also sends these coins to another wallet address of his. In other words, Xiao Hei's share of money is transferred to two people at the same time. In the end, the transaction sent to Dabai was confirmed first and packaged in a block with a block height of N.
At this time, Xiaohei, who controlled more than 50% of the computing power, launched a 51% computing power attack. By reassembling the Nth block, he packaged the transaction sent to him into the block, and continued to extend the blocks on this chain. Due to the advantage of computing power, this volume will become the longest legal chain. In this way, Xiao Hei successfully double spent 666 BTC, and the 666 BTC in Da Bai's wallet "disappeared".
The Xueshuo Innovation Blockchain Technology Workstation under Lianqiao Education Online is the only "Smart Learning Factory 2020- Xueshuo Innovation Workstation" launched by the School Planning and Construction Development Center of the Ministry of Education of China. Approved "Blockchain Technology Professional" pilot workstation. The professional base is based on providing students with diversified growth paths, promoting the reform of the training model integrating professional degree research, production, and research, and building an applied and compound talent training system.
iii How to ensure the safety of blockchain use
One of the characteristics of blockchain projects (especially public chains) is open source. Open source code improves the credibility of the project and allows more people to participate. But the openness of source code also makes it easier for attackers to attack the blockchain system. There have been many hacker attacks in the past two years. Recently, the anonymous currency Verge (XVG) has been attacked again. The attacker has locked a vulnerability in the XVG code, which allows malicious miners to add false times to blocks. After stamping, new blocks were quickly mined, and nearly US$1.75 million worth of digital currency was obtained in just a few hours. Although the attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future.
Of course, blockchain developers can also take some measures
The first is to use professional code audit services,
The second is to understand safe coding standards, Nip problems in the bud.
Security of cryptographic algorithms
The development of quantum computers will bring major security threats to the cryptographic systems currently in use. Blockchain mainly relies on the elliptic curve public key encryption algorithm to generate digital signatures for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. cannot withstand quantum attacks in theory, and there will be greater risks. More and more Researchers are beginning to focus on cryptographic algorithms that are resistant to quantum attacks.
Of course, in addition to changing the algorithm, there is another way to improve security:
Refer to Bitcoin’s handling of public key addresses to reduce the risk of public key leaks. Potential risks. As a user, especially a Bitcoin user, the balance after each transaction adopts a newThe address is stored to ensure that the public key of the address where Bitcoin funds are stored is not leaked.
Security of the consensus mechanism
The current consensus mechanisms include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (PoS). Proof of Stake (DPoS), Practical Byzantine Fault Tolerance (PBFT), etc.
PoW faces 51% attack problem. Since PoW relies on computing power, when an attacker has a computing power advantage, the probability of finding a new block will be greater than that of other nodes. At this time, it has the ability to undo transactions that have already occurred. It should be noted that even in this case, the attacker can only modify his own transactions and not the transactions of other users (the attacker does not have the private keys of other users).
In PoS, an attacker can only successfully attack when he holds more than 51% of the token amount, which is more difficult than 51% of the computing power in PoW.
In PBFT, the system is safe when the number of malicious nodes is less than 1/3 of the total nodes. In general, any consensus mechanism has its conditions for establishment. As an attacker, you also need to consider that once the attack is successful, the value of the system will be reduced to zero. At this time, the attacker has nothing to do except destroy it. Get other valuable rewards.
For designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to choose an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scenario.
Security of smart contracts
Smart contracts have the advantages of low running costs and low risks of human intervention. However, if there are problems with the design of smart contracts, it may cause greater consequences. loss. In June 2016, The DAO, Ethereum's most crowdfunded project, was attacked. Hackers obtained more than 3.5 million Ethereum coins, which later caused Ethereum to fork into ETH and ETC.
The measures proposed in this regard have two aspects:
The first is to conduct a security audit of smart contracts,
The second is to follow the principles of safe development of smart contracts.
The security development principles of smart contracts include: be prepared for possible errors and ensure that the code can correctly handle bugs and vulnerabilities; release smart contracts with caution, do functional testing and security testing, and fully consider boundaries; keep smart contracts concise; pay attention to blockchain threat intelligence and check for updates in a timely manner; be clear about the characteristics of the blockchain, such as calling external contracts with caution, etc.
Security of digital wallets
Digital wallets mainly have three security risks: First, design flaws. At the end of 2014, a serious random number problem (duplication of R values) caused users to lose hundreds of numbers in a certain lottery.word assets. Second, digital wallets contain malicious code. Third, lost assets caused by loss or damage of computers and mobile phones.
There are four main countermeasures:
The first is to ensure the randomness of the private key;
The second is to verify the hash value before installing the software , ensure that the digital wallet software has not been tampered with;
The third is to use a cold wallet;
The fourth is to back up the private key.
㈣ Is blockchain safe?
Hi, everyone, I am your Q&A assistant—Zi Xiaochen. Recently, blockchain resistance has been widely concerned and discussed. But there are many people who don’t know much about its safety. So today we will talk about the security issues of blockchain.
First of all, would you like to hear an easy-to-understand metaphor? A friend of mine joked: "Blockchain is like a password lock. Without a password, no one can open it." Although this is simple and interesting, it makes a lot of sense. Since the blockchain uses distributed ledger technology, data is stored in a huge network, and the transmission between each node uses asymmetric encryption, the blockchain has extremely high security, and third-party attacks are very vulnerable. difficult.
Secondly, of course there are some security issues that need attention. For example, hacker attack methods such as "51% attack" can pose a threat to the blockchain. In addition, there are also security risks in virtual currency trading venues, such as Bitcoin exchanges, and you need to pay attention to precautions. Therefore, when choosing a blockchain platform or participating in virtual currency transactions, you need to know more and consider carefully to avoid losses.
In short, blockchain is an open technology, which has huge advantages in ensuring data security and preventing tampering. But we also need to be alert to potential security risks and choose reliable platforms and exchanges to participate in cryptocurrency investments.
I hope my answer can help you better understand the blockchain and its security issues. If you have any questions or want to share your experience, please feel free to message me privately! Finally, don’t forget to like, comment and forward, follow my articles, more content is waiting for you!
㈤ How to ensure the security of using blockchain?
Blockchain itself solves the problem of large-scale collaboration between strangers, that is, strangers do not need to trust each other. You can collaborate with each other. So how to ensure trust between strangers to achieve each other's consensus mechanism? The centralized system uses credible third-party endorsements, such as banks. Banks are regarded as reliable and trustworthy institutions by ordinary people. People can trust banks and let banks resolve real-life disputes. But how does a decentralized blockchain ensure trust?
In fact, blockchain uses the basic principles of modern cryptography to ensure its security mechanism. The knowledge system involved in the field of cryptography and security is very complicated. I will only introduce the basic knowledge of cryptography related to blockchain, including Hash algorithm, encryption algorithm, information summary and digital signature, and zero-knowledge proof., quantum cryptography, etc. You can use this lesson to understand how the blockchain using cryptography technology can ensure its confidentiality, integrity, authentication and non-repudiation.
Lesson 7 of the basic course: Basic knowledge of blockchain security
1. Hash algorithm (Hash algorithm)
Hash function (Hash), also known as hash function. Hash function: Hash (original information) = digest information. The hash function can map a binary plaintext string of any length into a shorter (usually fixed-length) binary string (Hash value).
A good hash algorithm has the following 4 characteristics:
1. One-to-one correspondence: The same plaintext input and hash algorithm can always get the same summary information output.
2. Input sensitivity: Even if there is any slight change in the plain text input, the newly generated summary information will change greatly, which is hugely different from the original output.
3. Easy to verify: both the plaintext input and the hash algorithm are public, and anyone can calculate by themselves whether the output hash value is correct.
4. Irreversible: If there is only the output hash value, it is absolutely impossible to deduce the plaintext from the hash algorithm.
5. Conflict avoidance: It is difficult to find two plaintexts with different contents, but their hash values are consistent (collision occurs).
Example:
Hash (Zhang San lent Li Si 100,000, with a loan period of 6 months) = 123456789012
A record of 123456789012 is recorded in the ledger.
It can be seen that the hash function has 4 functions:
Simplifying information
It is easy to understand, and the hashed information becomes shorter.
Identification information
You can use 123456789012 to identify the original information, and the summary information is also called the id of the original information.
Concealed information
The ledger contains a record such as 123456789012, and the original information is concealed.
Verification information
If Li Si deceives when repaying the loan, Zhang San only lent Li Si 50,000, both parties can use the hash value and the previously recorded hash value 123456789012 to verify the original information
Hash (Zhang San lent Li Si 50,000, with a loan period of 6 months) = 987654321098
987654321098 is completely different from 123456789012, which proves that Li Si lied, successfully ensuring that the information cannot be tampered with .
Common Hash algorithms include MD4, MD5, and SHA series algorithms. Nowadays, the SHA series algorithms are basically used in mainstream fields. SHA (Secure Hash Algorithm) is not an algorithm, but a set of hash algorithms. Initially it was the SHA-1 series, but now the mainstream applications are SHA-224, SHA-256, and SHA-384. SHA-512 algorithm (commonly known as SHA-2). Recently, SHA-3 related algorithms have also been proposed. For example, KECCAK-256 used by Ethereum belongs to this algorithm.
MD5 is a very classic Hash algorithm, but unfortunately both it and the SHA-1 algorithm have been cracked, and are considered by the industry to be not secure enough to be used in commercial scenarios. It is generally recommended to use at least SHA2-256 or higher. Safe algorithm.
Hash algorithms are widely used in blockchains. For example, in a block, the next block will contain the hash value of the previous block, and the content of the next block + the hash value of the previous block The hash values are used together to calculate the hash value of the next block, ensuring the continuity and non-tamperability of the chain.
2. Encryption and Decryption Algorithms
Encryption and decryption algorithms are the core technology of cryptography. They can be divided into two basic types in terms of design concepts: symmetric encryption algorithms and asymmetric encryption algorithms. They are distinguished according to whether the keys used in the encryption and decryption processes are the same. The two modes are suitable for different needs and form a complementary relationship. Sometimes they can also be used in combination to form a hybrid encryption mechanism.
Symmetric encryption algorithm (symmetric cryptography, also known as public key encryption, common-key cryptography) uses the same encryption and decryption keys. Its advantages are high computational efficiency and high encryption strength; its disadvantage is that it needs to be advanced in advance. Shared key, easy to leak and lose the key. Common algorithms include DES, 3DES, AES, etc.
Asymmetric encryption algorithm (asymmetric cryptography, also known as public-key cryptography) is different from the encryption and decryption keys. Its advantage is that it does not need to share the key in advance; its disadvantage is that the calculation efficiency is low. Only short content can be encrypted. Common algorithms include RSA, SM2, ElGamal and elliptic curve series algorithms. Symmetric encryption algorithm is suitable for the encryption and decryption process of large amounts of data; it cannot be used in signature scenarios: and the key often needs to be distributed in advance. Asymmetric encryption algorithms are generally suitable for signature scenarios or key negotiation, but are not suitable for encryption and decryption of large amounts of data.
3. Information Digest and Digital Signature
As the name suggests, information digest is to perform a Hash operation on the information content to obtain a unique summary value to replace the original complete information content. Information summary is the most important use of the Hash algorithm. Utilizing the anti-collision characteristics of the Hash function, information summary can solve the problem that the content has not been tampered with.
Digital signatures are similar to signing on paper contracts to confirm contract content and prove identity. Digital signatures are based on asymmetric encryption and can be used to prove the integrity of a certain digital content and at the same time confirm the source (or non-repudiation) .
We have two property requirements for digital signatures that make them consistent with what we expect from handwritten signatures. First, only youYou can make your own signature, but anyone who sees it can verify its validity; second, we want the signature to be related only to a specific file and not to other files. These can all be used to achieve digital signatures through our asymmetric encryption algorithm above.
In practice, we generally sign the hash value of the information rather than the information itself. This is determined by the efficiency of the asymmetric encryption algorithm. Corresponding to the blockchain, the hash pointer is signed. If this method is used, the previous one is the entire structure, not just the hash pointer itself.
4. Zero Knowledge proof
Zero knowledge proof means that the prover makes the verifier believe that a certain assertion is correct without providing any additional information to the verifier.
Zero-knowledge proofs generally meet three conditions:
1. Completeness: a true proof can allow the verifier to successfully verify;
2. Reliability (Soundness): a false proof It is impossible for the verifier to pass the verification;
3. Zero-Knowledge: If it is proved, no information other than the proof information can be learned from the proof process.
5. Quantum cryptography
As the research on quantum computing and quantum communication receives more and more attention, quantum cryptography will have a huge impact on cryptographic information security in the future.
The core principle of quantum computing is to use qubits to be in multiple coherent superposition states at the same time. In theory, a large amount of information can be expressed through a small number of qubits and processed at the same time, greatly increasing the calculation speed.
In this case, a large number of current encryption algorithms are theoretically unreliable and can be cracked, which makes the encryption algorithms have to be upgraded, otherwise they will be broken by quantum computing.
As we all know, quantum computing is still in the theoretical stage and is still far away from large-scale commercial use. However, the new generation of encryption algorithms must take into account the possibility of this situation.
㈥What are the technical principles of blockchain
The key points involved in blockchain technology include: decentralization, trustless, collective Maintenance (Collectivelymaintain), reliable database (ReliableDatabase), timestamp (Timestamp), asymmetric encryption (AsymmetricCryptography), etc.
Blockchain technology redefines the way credit is generated in the network: In the system, participants do not need to know the background information of other people, nor do they need to rely on guarantees or guarantees from third-party institutions. Blockchain Technology ensures that the system transfers valueThe mobile activities are recorded, transmitted, and stored, and the final result must be credible.
(6) Blockchain 50 attack principle and how to prevent it Extended reading
The source of the principle of blockchain technology can be summarized as a mathematical problem: Byzantium General question. The Byzantine Generals Problem extends to Internet life, and its connotation can be summarized as: in the context of the Internet, when it is necessary to conduct value exchange activities with unfamiliar counterparties, how can people prevent themselves from being deceived by malicious saboteurs? Be confused and make wrong decisions.
Further extending the Byzantine Generals Problem to the technical field, its connotation can be summarized as: in the absence of a trustworthy central node and a trustworthy channel, the problems distributed in the network How should each node reach consensus. Blockchain technology solves the long-known Byzantine Generals Problem by providing a way to create a consensus network without trusting individual nodes.
㈦ What is the main way to ensure the security of blockchain?
Blockchain technology is a distributed recording technology that ensures the security of blockchain by encrypting and distributing data. Data security and reliability.
The security of the blockchain is mainly ensured through the following methods:
1. Encryption technology: The blockchain uses symmetric encryption and asymmetric encryption algorithms, which can effectively protect the security of data.
2. Distributed storage: Blockchain data is not stored centrally on a single node, but is stored dispersedly on various nodes in the network, which effectively prevents data tampering and loss.
3. Consensus mechanism: Blockchain usually uses a consensus mechanism to confirm the legitimacy of transactions, which helps prevent malicious transactions from occurring.
4. Contract mechanism: Blockchain can automatically execute transactions through smart contracts, which helps prevent manipulation of transactions.
Blockchain technology also brings some challenges while achieving security. For example, the security of the blockchain can be attacked by vulnerabilities, or assets can be stolen because private keys are leaked. Therefore, when using blockchain technology, you also need to pay attention to issues such as identity authentication and password security to ensure the security of the blockchain.
In addition, the security of blockchain technology may also be affected by policies, regulations, etc. For example, in some countries and regions, blockchain technology may be subject to censorship and restrictions, which may also have an impact on the security of the blockchain.
In general, the security of blockchain technology is mainly guaranteed through encryption technology, distributed storage, consensus mechanism and contract mechanism, but other challenges and influencing factors need to be paid attention to.
㈧ The security rules of blockchain
The security rules of blockchain, that is, the first rule:
Storage is everything
A person’s property ownership and security , fundamentally depends on how the property is stored and how it is defined. In the Internet world, massive user data is stored on the platform’s servers, so all of this dataThe right is still a mystery, just like who owns your and my social IDs, it is difficult to determine, but user data assets have pushed up the market value of the platform, and as users, they have not enjoyed the market value dividend. The blockchain world has led to changes in storage media and methods, allowing the ownership of assets to be delivered to individuals.
Extended information
The risks faced by the blockchain system are not only attacks from external entities, but also attacks from internal participants, as well as component failures, such as software failures. Therefore, before implementation, it is necessary to develop a risk model and identify special security requirements to ensure an accurate grasp of risks and response plans.
1. Security features unique to blockchain technology
● (1) Security of written data
Under the action of the consensus mechanism, only when most nodes (or multiple key nodes) in the entire network When everyone agrees that the record is correct at the same time, the authenticity of the record can be recognized by the entire network, and the record data is allowed to be written into the block.
● (2) Security of reading data
Blockchain does not have inherent security restrictions on information reading, but it can control information reading to a certain extent, such as encrypting certain elements on the blockchain, The key is then handed over to the relevant participants. At the same time, the complex consensus protocol ensures that everyone in the system sees the same ledger, which is an important means to prevent double payments.
● (3) Distributed Denial of Service (DDOS)
Attack Resistance Blockchain’s distributed architecture gives it point-to-point, multi-redundant characteristics, and there is no single point of failure, so it is more resistant to denial of service attacks. The method is much more flexible than a centralized system. Even if one node fails, other nodes are not affected, and users connected to the failed node cannot connect to the system unless there is a mechanism to support them to connect to other nodes.
2. Security challenges and response strategies faced by blockchain technology
● (1) The network is open and undefended
For public chain networks, all data is transmitted on the public network, and all nodes joining the network You can connect to other nodes and accept connections from other nodes without any obstacles. There is no authentication or other protection at the network layer. The response to this type of risk is to require greater privacy and carefully control network connections. For industries with higher security, such as the financial industry, it is advisable to use dedicated lines to access the blockchain network, authenticate the accessed connections, exclude unauthorized node access to avoid data leakage, and pass the protocol stack level firewall Security protection to prevent network attacks.
● (2) Privacy
Transaction data on the public chain are visible to the entire network, and the public can track these transactions. Anyone can draw conclusions about something by observing the blockchain, which is not conducive to the legal privacy of individuals or institutions. Protect. The response strategies for this type of risk are:
First, the certification agency acts as an agent for users to conduct transactions on the blockchain, and user information and personal behaviors do not enter the blockchain.
Second, instead of using a network-wide broadcast method, the transmission of transaction data is limited to nodes that are conducting relevant transactions.
Third, access to user data is controlled by permissions, so only visitors holding the key can decrypt and access the data.
Fourth, use privacy protection algorithms such as "zero-knowledge proof" to avoid privacy exposure.
● (3) Computing power
Blockchain solutions using proof-of-work are faced with the problem of 51% computing power attack. With the gradual concentration of computing power, it is objectively possible that organizations that control more than 50% of the computing power will emerge. Without improvement, it cannot be ruled out that it will gradually evolve into the law of the jungle where the jungle is the law of the jungle. The response strategy for this type of risk is to use a combination of algorithms and realistic constraints, such as joint management and control using asset mortgages, legal and regulatory means, etc.
