CN110309657A - The safety risk estimating method of block chain - Google Patents

Abstract

The invention proposes the safety risk estimating method of a block chain, the security risk of block for coefficient chain in terms of Technical Architecture and liveness two.We establish block chain trusted computing base (BTCB according to block chain technical system framework first, Blockchain Trusted Computing Base) model, then it designs one kind and combines step analysis (AHP, Analytic Hierarchy Process) and paired comparisons security-sensitive analysis method, security sensitive weight is distributed for each security risk influence factor, finally constructs the security risk score function of a block chain.In experimental section, we use this method for 30 instantly important publicly-owned chain block chain project marking, and encrypt currency grading comparative analysis with the publicly-owned chain technology evaluation index of sadie, Weiss, the experimental results showed that our method has certain feasibility.

Description

The safety risk estimating method of block chain

Technical field

The present invention relates to the application fields such as finance, finance, answer more particularly, to block chain technology in fields such as finance, finances Safety-related problem.

Background technique

Block chain originates from bit coin, by the security advantages such as trust, anti-tamper, traceable are gone, becomes the following finance, wealth The important application technology in the fields such as political affairs.Application field economic benefit behind is substantially improved and is hidden in computer computation ability The increasing of benefit, the safety problem increasingly significant of block chain technology.Therefore, the security risk research of block chain is just becoming both domestic and external Research hotspot.

Recent years, a variety of methods have been proposed for the security risk of testing and evaluation block chain.Currently, most of Research uses each shadow for attacking (such as 51% attack, solar eclipse attack and physical attacks etc.) in mathematical method analysis block chain Power is rung, to assess the safety of block chain.Attack type and quantity in block chain are various, are not found completely also so far, Therefore, the effect of each attack of independent analysis is incomplete.In order to comprehensively assess the safety of block chain, Ye Congcong et al. Document --- the safety detection model of block chain proposes a kind of safety evaluation method based on block chain state, analysis is each State becomes success attack shape probability of state, to judge security of system.According to Literature Consult, existing method is not from technology The security risk of architectural framework and the angle research block chain of calculation power, and technical combinations and calculation power can be to the security risks of block chain It has a huge impact.Therefore, a kind of assessment block chain safety wind is proposed from the angle of technical system framework and calculation power herein The new method of danger.

This method is codetermined by quantitative effect factor and qualitative effect factor, and quantitative effect factor includes that block chain is calculated Power, block chain bifurcated depth etc..The qualitative effect factors composition foundation for security of block chain, such as various based on digital signature plus Close algorithm, hash function, common recognition mechanism, intelligent contract etc..We establish block chain according to block chain technical system framework first Trusted computing base (BTCB), and then propose the security sensitive of a kind of binding hierarchy analysis two methods of (AHP) and paired comparisons Property analysis method, for it is each influence block chain security risk factor distribute security sensitive weight, finally devise a block The safety risk estimating method of chain.

Summary of the invention

1) block chain trusted computing base

The core of our appraisal procedures is that the peace of block chain project to be appraised is sufficiently disclosed from the angle of block chain Technical Architecture Full blast danger, for this reason, it may be necessary to be analyzed the various technologies for influencing block chain security risk comprehensively.Basic ideas are from safety wind The intension triggering of danger, using the safety of technology as foothold, fully considers data model, Encryption Algorithm, the common recognition machine of block chain The Safety Influence Factors such as system, network design, decentralization degree, incentive mechanism and intelligent contract.The development and evolution of block chain It substantially experienced 3.0 three phases of block chain 1.0, block chain 2.0 and block chain, although upper different in specific implementation, There are many general character for integral system framework.The document of Shao Qifeng et al. --- block chain technology: framework and progress think the system Framework can be divided into five levels: network layer, common recognition layer, data Layer, intelligent contract layer and application layer, multiple technologies one on the whole It rises and constitutes block catenary system, see Fig. 1.

In order to provide the analytic process of strict logic to the qualitative evaluation of hereafter block chain security risk, we are according to block The Technical Architecture of chain establishes block chain trusted computing base --- BTCB, as shown in Figure 2.BTCB, which is contained, influences block chain safety All elements, and by function difference by their hierarchical classifications, to analyze the potential security risk or safety of statistics block chain Protection mechanism.

Define the institute of 1 (block chain trusted computing base --- BTCB) block chain trust computing basis representation safety zone block catenary system There are the set of safety protecting mechanism, including the storage of data structure, data pattern, data, Encryption Algorithm, hash function, network knot The various block chain security factors such as structure, network protocol, common recognition mechanism, intelligent contract.

Compared with block chain Technical Architecture, the content of BTCB is more extensive, and other than the security factor of technology class, BTCB is also wrapped The enterprise externals security factors such as the industry environment of chain containing block, development trend, policy and Supervision Measures, Enterprise Project, team composition, The enterprises such as technical strength, capital input and operation maintenance security factor and other specific safety elements.But the emphasis of this paper It is from the security risk of the angular quantification block chain project of Technical Architecture, therefore, we only discuss that the technology class of BTCB is wanted safely Element, and as the content of block chain security risk assessment.

(1) data Layer.Principal concern of the appraisal procedure to data Layer security risk analysis: (a) information attack；(b) add Close algorithm attack.Corresponding safety protecting mechanism is that the data based on Merkle tree store [10] and based on digital signature respectively Encryption Algorithm.Data storage is realized by block mode and chain structure, realizes persistence in the form of KV database mostly.Base In a variety of cryptographic algorithms, hash function and the asymmetric encryption techniques of digital signature, it ensure that the safety of account and transaction is real It is existing.

(2) network layer.Principal concern of the appraisal procedure to IP Security risk analysis: (a) P2P network risks；(b) Broadcast mechanism risk；(c) authentication mechanism risk.Block chain utilizes the mechanism such as the propagation of P2P network settings, verifying, P2P mode Information is propagated, and the information comprising own IP address can be sent to adjacent node, is easy by solar eclipse attack, eavesdropping attack, BGP The attacks such as hijack attack, node client loophole, refusal service (DDoS).Common attack pattern has honeysuckle in broadcast mechanism Attack and transaction extension sexual assault.There is verifying easily around phenomenon in authentication mechanism renewal process, will lead to number once going wrong According to confusion, and bifurcation problem can be related to.Safety protecting mechanism mainly include the network protocol continuously improved, safety it is rigorous Network structure.

(3) common recognition layer.In BTCB, common recognition layer is located on network layer, is made of rich and varied common recognition mechanism.Assessment Principal concern of the method to common recognition layer security risk analysis: the reliability for mechanism of knowing together.Common recognition mechanism is to a time window The algorithm that affairs sequencing in mouthful is reached common understanding.Block chain can support different common recognition mechanism, the common recognition machine having at present It is formed with PoW, PoS, DPoS, Pool verifying pond mechanism and PBFT etc., the attack faced includes that Sybil attack, short-range are attacked It hits, long-range attack, coin age accumulative public product, precomputation attack etc..

(4) excitation layer.Principal concern of the appraisal procedure to excitation layer security risk analysis: (a) issuing mechanism risk； (b) distribution mechanism risk.At present there is no the exposures of security risk event, but are not excluded for existing in excitation layer issuing mechanism safe hidden Suffer from.A large amount of small calculation power nodes are concentrated and mine pond are added by distribution mechanism, easily threaten to decentralization trend.

(5) alternation of bed is applied.A practical landing scene using alternation of bed as block chain technology, is current all areas A most frequent level of security events occurs in the framework of block chain industry.Appraisal procedure is to application alternation of bed security risk point The principal concern of analysis: (a) application extension risk；(b) application environment risk；(c) Market Feedback.Application extension risk refers mainly to Attack to all kinds of scripts, algorithm and intelligent contract.Current potential security threat mainly includes Solidity loophole, escape leakage Hole, short address loophole, stack overflow loophole, reenterability attack, trading order dependent attack, timestamp dependent attack, integer Flooding etc..Application environment risk includes the brings safety winds such as economic situation, monetary policy, team, enterprise background and capital Danger.Market Feedback is concentrated mainly on field relevant to cryptographic assets, such as in user node, digital asset wallet and transaction Among platform, actual loss brought by security incident each time is up to ten million to billions of dollars.

2) paired comparisons

Paired comparisons can help domain expert to better describe sensibility rank, and the content compared includes Sensitive Attributes pair With particular community probable value pair, Fig. 3 is the paired comparisons example of Sensitive Attributes and particular community probable value.We have selected level Analytic approach (AHP), this method infer preference based on the set of paired comparisons, are a kind of decision support tools, in concordance rate (CR) less than 0.1 effective when.Paired comparisons method weighs weight of each probable value relative to other probable values in same rank The property wanted, may then pass through by the weight in tree in same paths it is tired multiply extract the importance in path in tree.

In our example, the design definition of security-sensitive score function is 3 grades of AHP problems by we.See Fig. 4, top layer define the problem of lookup gives security sensitive attribute probable value weight, only one option of the layer and weight are 1, Next layer includes security sensitive attribute, and the leaf node of AHP tree indicates security sensitive attribute probable value.We use with comparison Compared with allowing expert's first more each attribute pair, then the probable value pair of more same attribute, weight on last each probable value path It is tired multiply be exactly its security-sensitive scoring.For example, using the AHP tree in Fig. 4, if it is desired to infer the safety wind of " privately owned chain " Danger scoring, only needs to calculate:

Security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)

* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04

Hierarchical structure in Fig. 4 has some interesting characteristics.The sum of weight of all nodes is 1 in same layer, father node Weight is equal to the sum of the security-sensitive score of child node, and the security-sensitive score summation of all probable values is in hierarchical structure 1, the i.e. weight of root node.If a susceptibility attributes have n different probable values, expert needs to compare (n (n-1)/2) The secondary weight that could obtain attribute value.BTCB has hierarchy, and is multi-level hierarchical structure, it is desirable to rely on BTCB comprehensively, close Reason ground assessment block chain security risk, it would be desirable to analyze all properties and attribute value of same sublayer one by one according to level.Herein In can be accepted or rejected for enumerating for block chain security risk association attributes, but do not influence the reasonability of derivation process, method The understanding of feasibility and reader.

3) derivation of security risk score function

In order to measure the security risk of block chain, we have proposed a kind of new methods --- power and skill are calculated based on block chain The measurement method of art architectural framework, and the functional relation of quantitative safety risk score and the scoring of qualitative security risk has been determined, with Show the potential degree of security risk of block catenary system.It is worth noting that, security risk score function value is higher, block chain Degree of risk is lower.The primary symbols and its definition that this section is related to are listed below.(description item --- symbol)

Block chain security risk scoring --- S

Block chain quantitative safety risk score --- S-quanti

The qualitative security risk scoring of block chain --- S-quali

3.1 formal definition

In this section, we will provide the formal definition of this paper.Without loss of generality, it will be assumed that only One block catenary system exists, and this method can easily be extended to handle the combined system of multiple block chains.

The attribute that 2 (the security sensitive attributes of block chain) of definition can influence block chain degree of security risk is known as block chain Security sensitive attribute.Security sensitive attribute is mutually exclusive and can be layered by class, positioned at the n omicronn-leaf child node of AHP structure tree.

According to BTCB, in the second layer of the AHP structure tree of block chain security risk analysis, the security sensitive for having five classes different Attribute --- data Layer, network layer, common recognition layer, excitation layer and apply alternation of bed, wherein data Layer can be divided into again data structure, Data pattern and data store three attributes.We indicate all safety of block chain with set A=(A1 ..., Ai ..., An) Sensitive Attributes, Ai indicate one of attribute.

Define 3 (probable values of security sensitive attribute) define security sensitive attribute special characteristic or parameter be known as safety it is quick Feel the probable value of attribute.

One security sensitive attribute Ai indicates that wherein pij indicates attribute Ai with set pi=(pi1 ..., pi2 ..., pin) J-th of probable value.The probable value of security sensitive attribute is mutually exclusive and is located at least significant end --- the leaf knot of AHP structure tree Point.For example, " privately owned chain ", " alliance's chain " and " publicly-owned chain " is block chain attribute " network structure " in our AHP structure tree Probable value, see Fig. 4.

4 (security-sensitive score function) security-sensitive score function f [pij]: A*pij ∈ [0,1] are defined according to category Property security-sensitive distributed to each probable value of attribute to the influence power size of block chain security risk, function from Variable includes attribute Ai and attribute probable value pij.

We illustrate the calculating process of security-sensitive score function using the information of Fig. 4:

F [privately owned chain]=security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)

* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04；

F [alliance's chain]=security risk scores (alliance's chain)=weight (weight for searching security sensitive attribute value)

* weight (network structure) * weight (alliance's chain)=1*0.4*0.3=0.12.

3.2S-quanti function solves

Middle acute hearing proposes the principle of bit coin, and the competition between honest chain and attack chain is described as binomial and is swum at random It walks, i.e., success events are that honest chain is extended a block, its leading degree is increased by 1, and turkey is the chain extension of attacker Gap is reduced 1, and calculates the probability of attacker's successful attack under different attack dynamics by one block.One attack chain energy Shown in the probability such as formula (1) for enough catching up with honest chain:

P is the probability that honest node produces next block, and q is the probability that attacker produces next block, p+q =1, qz are that finally prevent z block of attacker falls behind gap and change the probability of current block transaction content.According to middle acute hearing 51% attack viewpoint, as q > 0.5, attacker can centainly pull up to honest person because the calculation power of attacker be greater than honesty The calculation power of node.As soon as assuming that honest node, which will expend the average expectancy time, generates a block, then the potential progress of attacker It is a Poisson distribution, the desired value of distribution are as follows: λ=z × (q/p).We make progress attacker the Poisson of number of blocks k The probability density of distribution, multiplied by the probability that attacker can still pull up under the quantity, final summation obtains attacker and chases after Catch up with the total probability of z block:

From probability level analysis, if attacker goes out, block likelihood ratio honesty miner is high, and attacker can centainly change some The transaction content of block.In order to avoid summing to unlimited ordered series of numbers, formula (2) can be converted into the form of formula (3):

Inversely, therefore S-quanti function can be designed as the safety of block chain and successful attack probability:

Algorithm 1 is the algorithm for calculating S-quanti functional value:

Algorithm 1 calculates S-quanti functional value

Input: honest miner successfully digs mine Probability p, and attack chain block falls behind gap z

Output: S-quanti functional value

1. calculating attacker successfully digs mine probability q, q=1-p

2. calculating lambda=z* (q/p)

3. enabling sum=0

4.for attacker makes progress number of blocks k=0 to z

5. calculating poisson=pow (lambda, k) * exp (- lambda)

6. if k≤1, mul_k=1；Otherwise mul_k*=k

7.poisson=poisson/mul_k

8.sum+=poisson* (1-pow (q/p, z-k))

9. returning to sum

It is worth noting that, as q > 0.5, attacker can centainly pull up to honest person from probability level analysis, because This, we only discuss the S-quanti value changing rule of q≤0.5 (i.e. p >=0.5).According to Fig. 5 we have found that fixed p value, S- Quanti value indicates that attack chain is remoter from the target of success attack with the non-linear increase of z value, and block chain is safer at this time, so Score is higher；Fixed z value, S-quanti value is with the non-linear increase of p value, because honest chain is calculated, power is bigger, and block chain is more pacified at this time Entirely, so score is higher.

3.3 sincere function dig block Probability estimate

According to the design feature of block chain, the percentage generation of all mine machines occupied area block chain the whole network that miner is grasped power at long last Table he successfully dig the probability of mine.For example, if it is 100 that the present the whole network of bit coin, which calculates power, and some miner possesses 10 Power is calculated, then it is exactly 0.1 that he competes the successful probability of book keeping operation every time.Assuming that block chain the whole network before the addition of known attack node Calculation power is M, and the calculation power for attacking node is A, then the probability that honest node successfully digs block isAttack node is successfully dug Mine probabilityThe mine machine of mainstream is the calculating magnitude of 14T or so at present, and each mine machine is per second at least 14 are done to collide multiplied by the Hash of 2 20 powers, we can say that, the mine machine of this 14T specification just has the calculation power of 14T.If Lay spy's coin mine machine that power is 14T, which is calculated, with one digs Lay spy coin (the whole network of Lay spy coin calculates power and is about 390TH/s at present), at this point, The successful probability of mine machine isIt is worth noting that, the calculation power between unused currency type, is There is no any relationship, for example Lay spy's coin mine machine cannot dig bit coin, mine algorithm is different, he will not Xie Laite coin because digging Function topic.

3.4 qualitative analysis

Existing common recognition algorithm can partially solve the problems, such as 51% attack, such as PoS, DPoS, this explanation is only from quantitatively Analysis block chain security risk be it is insufficient, we also need the security risk of qualitative analysis block chain.Hereinbefore we Technical system framework is defined as the qualitative effect factor of block chain security risk to the influence factor of block chain security risk, and builds Found BTCB, for comprehensively, reasonably analyze block chain security risk.In addition, we are again according to AHP analytic approach, it is qualitative shadow Ring factor scores.

The needs that definition and function based on security sensitive attribute structure tree derive, we first do following hypothesis and definition:

(1) the security sensitive number of attributes of penultimate stage is p, therefore security sensitive attribute probable value can be divided into p group；

(2) quantity of every group of security sensitive attribute probable value be q1, q2, q3 ..., qp；

(3) height of every group of security sensitive attribute probable value is respectively n1, n2, n3 ..., np；

(4) every group of security sensitive attribute probable value indicates are as follows::

First group of security sensitive attribute probable value is respectively as follows:

Second group of security sensitive attribute probable value is respectively as follows:

……

Pth group security sensitive attribute probable value is respectively as follows:

Note

It (5) will setIt is fixed Justice is the security-sensitive score of security sensitive attribute probable value；

(6) path weight value of security sensitive attribute probable value are as follows:

The path weight value of s11:

The path weight value of s12:

……

Path weight value:

The path weight value of s21:

……

Path weight value:

Note

(7) set of input variable is indicated with X, is remembered If the block chain includes Sij, i ∈ [1, p], j ∈ [1, max (q1, q2 ... ... qp)], then otherwise it is 0 that the xij value of same index, which is 1,.

We sum input and the product of its path weight value to obtain formula (5),

And because

So formula (6) can be write as the form of formula (7):

The calculating of 3.5 security risk score functions

As described above, block chain quantitative safety risk score (S-quanti) and qualitative security risk scoring (S-quali) Joint effect block chain security risk scoring (S), adjusts the impact factor of the former two, it is made to meet following limitation:

Alpha+beta=1 (8)

α, β >=0.We design the functional relation of S and S-quanti, S-quali are as follows:

S=α × S-quanti+ β × S-quali, S ∈ [0,1] (9)

3.6 analysis of complexity

We analyze the complexity of block chain security risk score function calculating.It is fallen for this purpose, z is expressed as attacker by us Block number afterwards, n are expressed as the AHP level quantity of security sensitive attribute, and p is expressed as the quantity of security sensitive attribute, and q is indicated The quantity of each security sensitive attribute probable value.

The complexity that theorem block chain security risk score function calculates is O (max (z, n × p × q)).

The complexity for proving that block chain security risk score function calculates mainly is influenced by three factors: quantitative safety Risk score S-quanti；The security-sensitive score w [xij] of each security sensitive attribute probable value；Qualitative security risk is commented Divide S-quali.

According to the algorithm for calculating S-quanti functional value, we use variable storage k-1 times calculated result, then follow each time The computation complexity of ring is O (1), is recycled z times, therefore the computation complexity of S-quanti function is O (z).It calculates w [xij], i.e., It is the security-sensitive score function f [xij] for calculating each security sensitive attribute probable value, sees definition 4.The set sizes of attribute It is p, the set sizes of attribute probable value are q, and the computation complexity of w [xij] is O (n), and the safety of each security sensitive attribute is quick The computation complexity of perceptual score function f [Ai] is O (n × q) (the security-sensitive score of attribute Ai probable value and), last The computation complexity of qualitative security risk scoring S-quali is O (n × p × q) (the security-sensitive score of each attribute Ai and). However, can be extracted in O (1) every if block chain security sensitive attribute probable value is pre-processed and counted in advance The calculating of the security-sensitive score w [xij] of a security sensitive attribute probable value, the qualitative security risk score function of block chain are real It can be carried out in O (p × q) on border.According to the addition rule T (n, m) of time complexity=T1 (n)+T2 (m)=O (max (T1 (n), T2 (m)), the complexity that block chain security risk score function calculates is O (max (z, n × p × q)).

Detailed description of the invention

Fig. 1 describes block chain technical system framework

Fig. 2 describes block chain trusted computing base

Fig. 3 describes the paired comparisons of attribute and attribute probable value

Fig. 4 describes the three-decker example of AHP tree

Fig. 5 describes S-quanti value with z value variation tendency

Fig. 6 describes S-quanti value with p value variation tendency

Fig. 7 describes security sensitive weight questionnaire sample

Fig. 8 describes the comparative analysis of experimental result and RatingToken scoring

Specific embodiment

Below with reference to example, the present invention is further illustrated:

1) experimental situation describes

Up to the present, only there are two authoritative institutions to the progress technical security risk assessment of block chain and open number in the whole world According to one is Development of China's IT Industry center --- sadie block chain research institute, assessment object is publicly-owned chain, assession number 31 , assessment content includes realizing function, basic property, safety and centralization degree；The machine the other is U.S. independently grades Structure --- Weiss Ratings, assessment object is publicly-owned chain, assession number 93, assessment content include function, basic property, Safety and energy consumption processing.In order to verify the feasibility of this model, this experiment has chosen 30 instantly famous publicly-owned catenary systems As experimental subjects.

2) experimental data describes

The model calculation encrypts currency as experimental group data, the publicly-owned chain technology evaluation index in the sadie whole world and Weiss The control group graded as experiment, the mean absolute deviation that sadie and the scoring of Weiss two systems is calculated is 0.1632, is put down Equal relative deviation is the visualization comparative analysis that 20.1278%, Fig. 7 is two systems scoring, in conjunction with calculated result and map analysis, We have found that the appraisal result deviation of two different assessment systems is larger but still has relatively uniform place, and Weiss scores Generally higher than sadie scores.

In an experiment, we attempt to answer following study a question:

1. the quantified goal that block chain safety risk estimating method realizes block chain security risk?

2. is the security sensitive weight of block chain security sensitive attribute and attribute value from He Erlai?

We explain the process of experiment, and give used questionnaire sample.For simplicity, we carry out reality It just look like that there are single context is the same when testing, it is believed that, method provided by us can be readily extended to handle Multiple contexts (i.e. by obtaining the data in relation to context from domain expert there, and create and are suitable for each context Appraisal procedure), however, this problem has left following work for.

3) experimental diagrams describe

Fig. 1 describes block chain technical system framework

Fig. 2 describes block chain trusted computing base

Fig. 3 describes the paired comparisons of attribute and attribute probable value

Fig. 4 describes the three-decker example of AHP tree

Fig. 5 describes S-quanti value with z value variation tendency

Fig. 6 describes S-quanti value with p value variation tendency

Fig. 7 describes security sensitive weight questionnaire sample

Fig. 8 describes the comparative analysis of experimental result and RatingToken scoring

4) analysis of experimental results

We are according to the S-quanti value of formula (4) calculation block catenary system, according to formula (7) calculation block catenary system S-quali value, according to the S value of formula (9) calculation block catenary system.Statistical check is concluded that

(1) most of rating organization grades to Bitcoin, Ethereum and Litecoin higher, and four mechanisms all think Ethereum safety is high, this is consistent with our model evaluation result；

(2) most of rating organization all thinks that Decred, Bitcoin SV and Sia safety are lower, and our model Think that its safety is moderate, power is larger to cause its quantitative safety risk score higher this is because their the whole network is calculated；

(3) most of rating organization all thinks that Bytecoin, Bitcore and ETN safety are lower, the model of this and we Assessment result is consistent；

(4) our model evaluation result is generally lower than market and has evaluation and test data, this is because we only analyze 12 The evaluation result of a index does not evaluate and test the processing of item meter zero, causes our evaluation and test data relatively low, but evaluates and tests rank and have evaluation and test Data are unanimous on the whole, this can illustrate the feasibility of the model to a certain extent.

Fig. 8 is the graphical comparative analysis of experimental calculation result and RatingToken scoring, it is observed that we have found that two The result that a different Rating Model calculates is unanimous on the whole in the rank of security risk.We are by taking Dash project as an example, in detail Introduce the Computing Principle of our appraisal procedures.The qualitative security risk scoring S-quali of Dash project is 0.5, in this 15 areas Belong to relatively low rank in block chain project, but his the whole network calculation power is higher, is 3190.88T H/s, occupies the 4th.According to being situated between above The honest mine Probability p of digging of the honest digging mine probability calculation formula to continue, Dash is (3190.88T H/s)/(3190.88T H/s+7 × 14T H/s)=0.97 (attack of this experiment calculates power and is uniformly set as 7 × 14TH/s), and then calculate quantitative safety risk Score S-quanti is 1.Comprehensive assessment show that the security risk score S of Dash project is 0.55, belongs to intermediate security level, this It is consistent with objective fact.

Claims (1)

1. a kind of safety risk estimating method based on block chain, it is characterised in that as follows:

A, block chain trusted computing base

The core of our appraisal procedures is that the safety wind of block chain project to be appraised is sufficiently disclosed from the angle of block chain Technical Architecture Danger, for this reason, it may be necessary to be analyzed the various technologies for influencing block chain security risk comprehensively；Basic ideas are from security risk Intension triggering, using the safety of technology as foothold, fully considers data model, the Encryption Algorithm, common recognition mechanism, net of block chain The Safety Influence Factors such as network design, decentralization degree, incentive mechanism and intelligent contract；The development of block chain is substantially passed through with evolution 3.0 three phases of block chain 1.0, block chain 2.0 and block chain have been gone through, although upper different in specific implementation, whole body There are many general character for system structure；The document of Shao Qifeng et al. --- block chain technology: framework and progress think that the architectural framework is whole Five levels can be divided on body: network layer, common recognition layer, data Layer, intelligent contract layer and application layer, multiple technologies are constituted together Block catenary system, is shown in Fig. 1；

In order to provide the analytic process of strict logic to the qualitative evaluation of hereafter block chain security risk, we are according to block chain Technical Architecture establishes block chain trusted computing base --- BTCB, as shown in Figure 2；BTCB contains the institute for influencing block chain safety There is element, and by function difference by their hierarchical classifications, to analyze the potential security risk or safeguard protection of statistics block chain Mechanism；

Define all peaces of 1 (block chain trusted computing base --- BTCB) block chain trust computing basis representation safety zone block catenary system The set of all risk insurance protection mechanism, including the storage of data structure, data pattern, data, Encryption Algorithm, hash function, network structure, net The various block chain security factors such as network agreement, common recognition mechanism, intelligent contract；

Compared with block chain Technical Architecture, the content of BTCB is more extensive, and other than the security factor of technology class, BTCB also includes area The enterprise externals security factors such as block chain industry environment, development trend, policy and Supervision Measures,

The enterprises security factors such as Enterprise Project, team's composition, technical strength, capital input and operation maintenance and other spies Different security factor；But the emphasis of this paper is from the security risk of the angular quantification block chain project of Technical Architecture, and therefore, we are only The technology class security factor of BTCB is discussed, and as the content of block chain security risk assessment；

1) data Layer；Principal concern of the appraisal procedure to data Layer security risk analysis: (a) information attack；(b) Encryption Algorithm Attack；Corresponding safety protecting mechanism is that the data storage [10] based on Merkle tree and the encryption based on digital signature are calculated respectively Method；Data storage is realized by block mode and chain structure, realizes persistence in the form of KV database mostly；Based on number A variety of cryptographic algorithms, hash function and the asymmetric encryption techniques of signature, ensure that the application solutions of account and transaction；

2) network layer；Principal concern of the appraisal procedure to IP Security risk analysis:

P2P network risks；

Broadcast mechanism risk；

Authentication mechanism risk；

Mechanism, the information of P2P mode such as block chain propagated using P2P network settings, verifying are propagated, can will comprising itself IP The information of location is sent to adjacent node, be easy by solar eclipse attack, eavesdropping attack, BGP hijack attack, node client loophole, The attack such as refusal service (DDoS)；Common attack pattern has honeysuckle attack and transaction extension sexual assault in broadcast mechanism；It tests There is verifying easily around phenomenon in card new mechanism process, will lead to data corruption once going wrong, and can be related to bifurcated Problem；Safety protecting mechanism mainly includes the network protocol continuously improved, safe rigorous network structure；

3) common recognition layer；In BTCB, common recognition layer is located on network layer, is made of rich and varied common recognition mechanism；Appraisal procedure To the principal concern of common recognition layer security risk analysis: the reliability for mechanism of knowing together；Common recognition mechanism is in a time window The algorithm reached common understanding of affairs sequencing；Block chain can support different common recognition mechanism, and the common recognition mechanism having at present has PoW, PoS, DPoS, Pool verify pond mechanism and PBFT etc., the attack faced include Sybil attack, short-range attack, Long-range attack, coin age accumulative public product, precomputation attack etc.；

4) excitation layer；Principal concern of the appraisal procedure to excitation layer security risk analysis: (a) issuing mechanism risk；(b) it distributes Mechanism risk；At present there is no the exposures of security risk event, but are not excluded in excitation layer issuing mechanism that there are security risks；Dispenser A large amount of small calculation power nodes are concentrated and mine pond are added by system, easily threaten to decentralization trend；

5) alternation of bed is applied；A practical landing scene using alternation of bed as block chain technology, is current all block chains A most frequent level of security events occurs in the framework of industry；Appraisal procedure is to application alternation of bed security risk analysis Principal concern:

Application extension risk；

Application environment risk；

Market Feedback；

Application extension risk refers mainly to the attack to all kinds of scripts, algorithm and intelligent contract；Current potential security threat is main It is attacked including Solidity loophole, escape loophole, short address loophole, stack overflow loophole, reenterability attack, trading order dependence Hit, timestamp dependent attack, integer overflow attack etc.；Application environment risk includes economic situation, monetary policy, team, enterprise back The brings security risk such as scape and capital；Market Feedback is concentrated mainly on field relevant to cryptographic assets, such as saves in user Among point, digital asset wallet and transaction platform, actual loss brought by security incident each time is supreme up to ten million Hundred million dollars；

B, paired comparisons

Paired comparisons can help domain expert to better describe sensibility rank, the content compared include Sensitive Attributes to and it is special Determine attribute probable value pair, Fig. 3 is the paired comparisons example of Sensitive Attributes and particular community probable value；We have selected step analysis Method (AHP), this method infer preference based on the set of paired comparisons, are a kind of decision support tools, small in concordance rate (CR) It is effective when 0.1；Paired comparisons method weighs importance of each probable value relative to other probable values in same rank, so It can be tired out afterwards by the weight in same paths in setting and be multiplied to extract the importance in path in tree；

In our example, the design definition of security-sensitive score function is 3 grades of AHP problems by we；See Fig. 4, Top layer defines the problem of lookup gives security sensitive attribute probable value weight, only one option of the layer and weight are 1, next Layer includes security sensitive attribute, and the leaf node of AHP tree indicates security sensitive attribute probable value；We use paired comparisons, allow The first more each attribute pair of expert, the then probable value pair of more same attribute, weight is tired on last each probable value path Multiplying is exactly the scoring of its security-sensitive；For example, using the AHP tree in Fig. 4, if it is desired to infer that the security risk of " privately owned chain " is commented Point, it only needs to calculate:

Security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)

* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04

Hierarchical structure in Fig. 4 has some interesting characteristics；The sum of weight of all nodes is 1 in same layer, father node weight Equal to the sum of the security-sensitive score of child node, the security-sensitive score summation of all probable values is 1 in hierarchical structure, i.e., The weight of root node；If a susceptibility attributes have n different probable values, expert needs to compare (n (n-1)/2) secondary The weight of attribute value can be obtained；BTCB has hierarchy, and is multi-level hierarchical structure, it is desirable to rely on BTCB comprehensively, reasonably Assess block chain security risk, it would be desirable to analyze all properties and attribute value of same sublayer one by one according to level；Needle herein Enumerating and can be accepted or rejected to block chain security risk association attributes, but do not influence the reasonability of derivation process, method it is feasible The understanding of property and reader；

C, the derivation of security risk score function

In order to measure the security risk of block chain, we have proposed a kind of new methods --- power and technology body are calculated based on block chain The measurement method of system structure, and the functional relation of quantitative safety risk score and the scoring of qualitative security risk has been determined, to show The potential degree of security risk of block catenary system；It is worth noting that, security risk score function value is higher, the risk of block chain Degree is lower；The primary symbols and its definition that this section is related to are listed below；(description item --- symbol)

Block chain security risk scoring --- S

Block chain quantitative safety risk score --- S-quanti

The qualitative security risk scoring of block chain --- S-quali

1) formal definition

In this section, we will provide the formal definition of this paper；Without loss of generality, it will be assumed that only one Block catenary system exists, and this method can easily be extended to handle the combined system of multiple block chains；

The attribute that 2 (the security sensitive attributes of block chain) of definition can influence block chain degree of security risk is known as the safety of block chain Sensitive Attributes；Security sensitive attribute is mutually exclusive and can be layered by class, positioned at the n omicronn-leaf child node of AHP structure tree；

There is the security sensitive category that five classes are different in the second layer of the AHP structure tree of block chain security risk analysis according to BTCB Property --- data Layer, network layer, common recognition layer, excitation layer and apply alternation of bed, wherein data Layer can be divided into data structure, number again Three attributes are stored according to mode and data；We indicate that all safety of block chain are quick with set A=(A1 ..., Ai ..., An) Feel attribute, Ai indicates one of attribute；

3 (probable values of security sensitive attribute) of definition define the special characteristic of security sensitive attribute or parameter is known as security sensitive category The probable value of property；

One security sensitive attribute Ai indicates with set pi=(pi1 ..., pi2 ..., pin), wherein the of pij expression attribute Ai J probable value；The probable value of security sensitive attribute is mutually exclusive and is located at least significant end --- the leaf node of AHP structure tree；Than Such as, in our AHP structure tree, " privately owned chain ", " alliance's chain " and " publicly-owned chain " be block chain attribute " network structure " can It can be worth, see Fig. 4；

4 (security-sensitive score function) security-sensitive score function f [pij]: A*pij ∈ [0,1] are defined according to attribute pair Security-sensitive is distributed to each probable value of attribute, argument of function by the influence power size of block chain security risk Including attribute Ai and attribute probable value pij；

We illustrate the calculating process of security-sensitive score function using the information of Fig. 4:

F [privately owned chain]=security risk scores (privately owned chain)=weight (weight for searching security sensitive attribute value)

* weight (network structure) * weight (privately owned chain)=1*0.4*0.1=0.04；

F [alliance's chain]=security risk scores (alliance's chain)=weight (weight for searching security sensitive attribute value)

* weight (network structure) * weight (alliance's chain)=1*0.4*0.3=0.12；

2) S-quanti function solves

Middle acute hearing proposes the principle of bit coin, the competition between honest chain and attack chain is described as binomial random walk, i.e., Success events are that honest chain is extended a block, its leading degree is increased by 1, and the chain that turkey is attacker extends one Gap is reduced 1, and calculates the probability of attacker's successful attack under different attack dynamics by block；One attack chain can chase after Shown in the probability such as formula (1) of upper honesty chain:

P is the probability that honest node produces next block, and q is the probability that attacker produces next block, p+q=1, Qz is that finally prevent z block of attacker falls behind gap and change the probability of current block transaction content；It is clever according to middle 51% attack viewpoint, as q > 0.5, attacker can centainly pull up to honest person, because the calculation power of attacker is greater than honest section The calculation power of point；Assuming that honest node, which will expend the average expectancy time, generates a block, then the potential progress of attacker is exactly One Poisson distribution, the desired value of distribution are as follows: λ=z × (q/p)；We make progress attacker the Poisson point of number of blocks k The probability density of cloth, multiplied by the probability that attacker can still pull up under the quantity, final summation obtains attacker's pursuit The total probability of upper z block:

From probability level analysis, if attacker goes out, block likelihood ratio honesty miner is high, and attacker can centainly change some block Transaction content；In order to avoid summing to unlimited ordered series of numbers, formula (2) can be converted into the form of formula (3):

Inversely, therefore S-quanti function can be designed as the safety of block chain and successful attack probability:

Algorithm 1 is the algorithm for calculating S-quanti functional value:

Algorithm 1 calculates S-quanti functional value

Input: honest miner successfully digs mine Probability p, and attack chain block falls behind gap z

Output: S-quanti functional value

It is as follows:

It calculates attacker and successfully digs mine probability q, q=1-p

It calculates lambda=z* (q/p)

Enable sum=0

For attacker makes progress number of blocks k=0 to z

Calculate poisson=pow (lambda, k) * exp (- lambda)

If k≤1, mul_k=1；Otherwise mul_k*=k

Poisson=poisson/mul_k

Sum+=poisson* (1-pow (q/p, z-k))

Return to sum

It is worth noting that, as q > 0.5, attacker can centainly pull up to honest person from probability level analysis, therefore, I Only discuss q≤0.5 (i.e. p >=0.5) S-quanti value changing rule；According to Fig. 5 we have found that fixed p value, S-quanti Value indicates that attack chain is remoter from the target of success attack, block chain is safer at this time, so score is got over the non-linear increase of z value It is high；Fixed z value, S-quanti value is with the non-linear increase of p value, because honest chain is calculated, power is bigger, and block chain is safer at this time, so Score is higher；

3) really function digs block Probability estimate

According to the design feature of block chain, the percentage of all mine machines occupied area block chain the whole network that miner is grasped power at long last is represent He successfully digs the probability of mine；For example, if it is 100 that the present the whole network of bit coin, which calculates power, and some miner possesses 10 calculation power, It is exactly 0.1 that so he competes the successful probability of book keeping operation every time；Assuming that block chain the whole network before known attack node is added calculates power For M, the calculation power for attacking node is A, then the probability that honest node successfully digs block isIt is general that attack node successfully digs mine RateThe mine machine of mainstream is the calculating magnitude of 14T or so at present, and each mine machine be per second at least to be done 14 and multiply It is collided with the Hash of 2 20 powers, we can say that, the mine machine of this 14T specification just has the calculation power of 14T；If with one It calculates Lay spy's coin mine machine that power is 14T and digs Lay spy coin (the whole network of Lay spy coin calculates power and is about 390TH/s at present), at this point, the mine machine Successfully probability isIt is worth noting that, the calculation power between unused currency type, is not appoint What relationship, for example Lay spy's coin mine machine cannot dig bit coin because digging, mine algorithm is different, he will not Xie Laite coin function Topic；

4) qualitative analysis

Existing common recognition algorithm can partially solve the problems, such as 51% attack, such as PoS, DPoS, this explanation is only from quantitatively upper analysis The security risk of block chain be it is insufficient, we also need the security risk of qualitative analysis block chain；Hereinbefore we are technology Architectural framework is defined as the qualitative effect factor of block chain security risk to the influence factor of block chain security risk, and establishes BTCB, for comprehensively, reasonably analyze block chain security risk；In addition, we again according to AHP analytic approach, be qualitative effect because Element scoring；

The needs that definition and function based on security sensitive attribute structure tree derive, we first do following hypothesis and definition:

The security sensitive number of attributes of penultimate stage is p, therefore security sensitive attribute probable value can be divided into p group；

The quantity of every group of security sensitive attribute probable value be q1, q2, q3 ..., qp；

The height of every group of security sensitive attribute probable value is respectively n1, n2, n3 ..., np；

Every group of security sensitive attribute probable value indicates are as follows::

First group of security sensitive attribute probable value is respectively as follows:

Second group of security sensitive attribute probable value is respectively as follows:

……

Pth group security sensitive attribute probable value is respectively as follows:

Note

It will setIt is defined as pacifying The security-sensitive score of full Sensitive Attributes probable value；

The path weight value of security sensitive attribute probable value are as follows:

The path weight value of s11:

The path weight value of s12:

……

Path weight value:

The path weight value of s21:

……

Path weight value:

Note

The set of input variable is indicated with X, is remembered

If the block chain includes sij, i ∈ [1, p], j ∈ [1, max (q1, q2 ... ... qp)], then The xij value of same index is 1, is otherwise 0；

We sum input and the product of its path weight value to obtain formula (5),

And because

So formula (6) can be write as the form of formula (7):

5) calculating of security risk score function

As described above, block chain quantitative safety risk score (S-quanti) and qualitative security risk scoring (S-quali) are common Block chain security risk scoring (S) is affected, the impact factor of the former two is adjusted, it is made to meet following limitation:

Alpha+beta=1 (8)

α, β >=0；We design the functional relation of S and S-quanti, S-quali are as follows:

S=α × S-quanti+ β × S-quali, S ∈ [0,1] (9).