News

First Reputation-based system improves Blockchain security

  • Interdisciplinary Centre for Security, Reliability and Trust (SnT)
    Université / Administration centrale et Rectorat
    22 mars 2019
  • Catégorie
    Recherche, Université

In June 2014 Bitcoin users were confronted with the unthinkable. A Bitcoin mining pool called Ghash.io had attained control over 51% of the network’s total mining power. Bitcoin users, miners and developers responded with shock, panic and denial, but could do nothing about the fact that Ghash.io now had the ability to manipulate the network at will.

Researchers at the University of Luxembourg are now the first to propose a blockchain system that mitigates this risk, guaranteeing proper performance even when more than 51% of the system’s computing power is controlled by an attacker. Their system, RepuCoin, makes it thousands of times more expensive to attack than Bitcoin. It was developed at the University’s Interdisciplinary Centre for Security, Reliability and Trust, and has the potential to be applied in a number of global sectors including fintech, energy, food supply chains, health care and future 5G telecommunications networks.

At their heart, cryptocurrencies such as Bitcoin, which use blockchain technology, are distributed ledgers. Each block in a blockchain is a record of transactions, like a page in a ledger. When the page is full, we open a new page. In the case of a cryptocurrency we gain a new block in the blockchain. And they are distributed because the whole network sees and approves new blocks through democratic consensus. Users therefore don’t have to place their trust – and money – in the hands of a single central authority.

The challenge here is that if new blocks are created too quickly and without regulation, then this can result in conflicting blocks. To prevent this, so-called ‘miners’ – this can be anyone with access to specialised hardware – perform an arbitrary but time-consuming cryptographic computing task to create and verify a new block.

Despite this safety mechanism, the Bitcoin system suffers from a known weakness. If a given miner owns a majority of the total mining power in the system it ceases to be distributed. That miner can add blocks faster than the rest of the network, reject blocks proposed by competing miners, target users with exorbitant transaction fees and reject selected transactions. “This vulnerability can be exploited through a flash attack, where someone briefly hires computing power and can therefore carry out such 51% attacks,” explains lead researcher Dr. Jiangshan Yu – previously at the University’s Interdisciplinary Centre for Security, Reliability and Trust and now a Lecturer at Monash University, Australia.

To prevent such flash attacks from influencing the validity of a blockchain transfer, Yu and his colleagues have developed a solution that takes the long-term performance and reliability of a miner into account. Their system – RepuCoin – is the first to provide guarantees even when an attacker temporarily dominates more than 50 per cent of the system’s computing power.

“Rather than simply using computer processing power to dictate how much of the system a miner controls, the RepuCoin algorithm uses what we call reputation,” says Yu. Unlike social reputation, this is a strictly mathematical quality which accumulates through consistent and honest mining over long periods, like charging a battery before it can be used. It makes RepuCoin the first such system to be resilient against miners holding 51% or more of the network’s computing resources.

A happy consequence of their method is that it also accelerates transaction processing. Bitcoin users currently have to wait hours or days for a transaction to be verified because fewer than 20 transactions can be performed worldwide per second. “The algorithm we propose brings it up to 10,000 transactions per second,” says Yu, who hopes that one or more cryptocurrencies will opt to use it in the near future.

Co-author Prof. Paulo Esteves-Veríssimo, who leads SnT’s work in critical and extreme security and dependability, says: “It’s an elegant solution to a problem that many thought was insoluble. Existing systems always linked computational power to voting power. We separated them, and now someone could join RepuCoin with 99% of the total computing power and they still wouldn’t be able to attack it.”

For reference: RepuCoin: Your Reputation is Your Power (© IEEE Transactions on Computers 2019) Jiangshan Yu, David Kozhaya, Jérémie Decouchant, Paulo Verissimo

    

SnT is turning 10! We’ve come a long way since launching our activities in 2009. Stay tuned for a year full of celebrations, cutting-edge research, and new milestones.

OVER 40 INDUSTRY PARTNERS | MORE THAN 70 EUROPEAN PROJECTS | 103 GRADUATED PHDS | 4 SPIN-OFFS

Photo: © iStock / University of Luxembourg