The Second-preimage Attack to Blockchain Based on the Structure of Merkle Hash Tree

doi:10.3969/j.issn.1671-1122.2018.01.006

Abstract

Abstract:

Blockchain technology is a kind of emerging information technology model. It is widely regarded as a promising concept because of its advantages such as decentralization, high efficiency, and transparency. The breadth of application scenarios and the underlying layer of application determine that the security of the blockchain must be guaranteed. Hash functions are one of the most important foundations for providing the blockchain’s usability and security. Starting from Hash functions in the blockchain and based on the principle of cryptanalysis, this paper presents a type of second preimage attack on the existing blocks by employing the structure and workflow of the blockchain. Specially, the attack constructed in this paper uses the fact that the Hash values in the leaf nodes of a Merkle tree have the same status. After theoretical analysis of proving that the complexity of such an attack is lower than that of trivial brute-force, the attack’s concrete steps based on Hellman’s time-memory tradeoff principle are also described. The conclusion of the attack shows that both the mathematical structure of the Hash function itself and data format of blockchain transaction records are important to the security of the blockchain. This should be considered in the future when we design blockchain systems.

Key words: blockchain, Merkle tree, second-preimage attack, Hellman’s time-memory tradeoff;

CLC Number:

TP309

Maoning WANG, Meijiao DUAN. The Second-preimage Attack to Blockchain Based on the Structure of Merkle Hash Tree[J]. Netinfo Security, 2018, 18(1): 38-44.

Figures/Tables 1

References 27

[1]	NAKAMOTO S. Bitcoin: A Peer-to-peer Electronic Cash System[EB/OL]. ,2008-9-1.
[2]	SWAN M.Blockchain: Blueprint for a New Economy[M]. Sebastopol: O'Reilly Media, Inc., 2015.
[3]	KOSBA A, MILLER A, SHI E, et al. Hawk: The Blockchain Model of Cryptography and Privacy-preserving Smart Contracts[EB/OL]. .
[4]	EYAL I, GENCER A E, SIRER E G, et al. Bitcoin-NG: A Scalable Blockchain Protocol[EB/OL]. .
[5]	SASSON E B, CHIESA A, GARMAN C, et al. Zerocash: Decentralized Anonymous Payments from Bitcoin[EB/OL]. .
[6]	ZHANG Y, WEN J.The IoT Electric Business Model: Using Blockchain Technology for the Internet of Things[J]. Peer-to-peer Networking Application,2017, 10(4): 983-994.
[7]	CHRISTIDIS K, DEVETSIKIOTIS M.Blockchains and Smart Contracts for the Internet of Things[J]. IEEE Access, 2016, 4: 2292-2303.
[8]	bitcoinwiki. Common Vulnerabilities and Exposures[EB/OL].,2017-5-25.
[9]	bitcoinwiki. Weaknesses[EB/OL].,2017-7-4.
[10]	KIAYIAS A, PANAGIOTAKOS G. Speed-security Tradeoff s in Blockchain Protocols[EB/OL]. ,2015-12-1.
[11]	GERVAIS A, KARAME G O, WÜST K, et al. On the Security and Performance of Proof of Work Blockchains[C]//ACM. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, October 24 - 28, 2016,Vienna, Austria. Myers and Shai Halevi. New York, USA: ACM, 2016: 3-16.
[12]	STEVENS M, LENSTRA A K, De Weger B.Chosen-prefix Collisions for MD5 and Applications[J]. International Journal of Applied Cryptography, 2012, 2(4): 322-359.
[13]	STEVENS M, SOTIROV A, APPELBAUM J, et al. Short Chosen-prefix Collisions for MD5 and the Creation of a Rogue CA Certificate[EB/OL]..
[14]	STEVENS M. New Collision Attacks on SHA-1 Based on Optimal Joint Local-collision Analysis[EB/OL]. .
[15]	BHARGAVAN K, LEURENT G. Transcript Collision Attacks: Breaking Authentication in TLS, IKE,SSH[EB/OL].,2016-2-21.
[16]	GIECHASKIEL I, CREMERS C, RASMUSSEN K B. On Bitcoin Security in the Presence of Broken Cryptographic Primitives[EB/OL]. , 2017-8-29.
[17]	bitcoincore.org. Bitcoin Core[EB/OL].,2017-8-18.
[18]	HELLMAN M.A Cryptanalytic Time-memory Trade-off[J]. IEEE Transactions on Information Theory, 1980, 26(4): 401-406.
[19]	QUISQUATER J J, STANDAERT F X.Time-memory Tradeoffs[M]// Henk C.A.v. Tilborg. Encyclopedia of Cryptography and Security. New York:Springer,2005: 614-616.
[20]	BIRYUKOV A, SHAMIR A. Cryptanalytic Time/memory/data Tradeoffs for Stream Ciphers[EB/OL]. .
[21]	BIRYUKOV A, SHAMIR A, WAGNER D. Real Time Cryptanalysis of A5/1 on a PC[EB/OL]. .
[22]	SASAKI Y. Recent Applications of Hellman's Time-memory Tradeoff[EB/OL]. ,2015-9-1.
[23]	OECHSLIN P. Making a Faster Cryptanalytic Time-memory Trade-off[EB/OL]. ,2017-9-15.
[24]	BARKAN E, BIHAM E, SHAMIR A. Rigorous Bounds on Cryptanalytic Time/memory Tradeoffs[EB/OL]. , 2017-9-15.
[25]	QUISQUATER J J, STANDAERT F X, ROUVROY G, et al. A Cryptanalytic Time-memory Tradeoff: First FPGA Implementation [EB/OL].,2017-9-20.
[26]	HONG J, KIM B I.Performance Comparison of Cryptanalytic Time Memory Data Ttradeoff Methods[J]. Bulltin of the Korean Mathematical Society, 2016, 53(5): 1439-1446.
[27]	DINUR I, DUNKELMAN O, KELLER N, et al. Memory-efficient Algorithms for Finding Needles in Haystacks[EB/OL]. ,2017-10-9.