Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
©2015ICube
The graph of transactions in the IOTA cryptocurrency
Jun, 20th, 2018, Clermont-Ferrand
Quentin Bramas [email protected]
1
Talk ChainIntroduction
2
The Tangle
Unconfirmed Transactions
Parasite Chain Attack
Conclusion
The TangleIntroduction
3
Data is distributed :
The TangleIntroduction
3
Data is distributed :no single point of failure
The TangleIntroduction
3
Data is distributed :no single point of failureno central Authority
The TangleIntroduction
3
Data is distributed :no single point of failureno central Authorityno need to trust the others
The TangleIntroduction
3
Data is distributed :no single point of failureno central Authorityno need to trust the others
I want to add some data
The TangleIntroduction
4
Blockchain:
Block of data 1 Block of data 2
ref to block 1
Block of data 3
ref to block 2
The TangleIntroduction
4
Basic principle of the Bitcoin Protocol :
Blockchain:
Block of data 1 Block of data 2
ref to block 1
Block of data 3
ref to block 2
The TangleIntroduction
4
Basic principle of the Bitcoin Protocol : - Choose randomly one node
Blockchain:
Block of data 1 Block of data 2
ref to block 1
Block of data 3
ref to block 2
The TangleIntroduction
4
Basic principle of the Bitcoin Protocol : - Choose randomly one node
The more computing power, the more chance you have to be selected
Blockchain:
Block of data 1 Block of data 2
ref to block 1
Block of data 3
ref to block 2
The TangleIntroduction
4
Basic principle of the Bitcoin Protocol : - Choose randomly one node- This node decides what to write in the Blockchain
The more computing power, the more chance you have to be selected
Blockchain:
Block of data 1 Block of data 2
ref to block 1
Block of data 3
ref to block 2
The TangleIntroduction
5
ProblemIt does not scale
The TangleIntroduction
5
ProblemIt does not scale
The Tangle Unconfirmed TransactionsIntroduction
6
The Tangle (IOTA)
The Tangle Unconfirmed TransactionsIntroduction
6
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
The Tangle Unconfirmed TransactionsIntroduction
6
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
The Tangle Unconfirmed TransactionsIntroduction
6
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
You come up with a DAG (Directed Acyclic Graph)
The Tangle Unconfirmed TransactionsIntroduction
6
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
You come up with a DAG (Directed Acyclic Graph)
You’re only limited by bandwidth and storage
The Tangle Unconfirmed TransactionsIntroduction
7
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
sites
The Tangle Unconfirmed TransactionsIntroduction
7
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
sites
tips (unconfirmed sites)
The Tangle Unconfirmed TransactionsIntroduction
7
The Tangle (IOTA)
Each transaction is a small block that reference two previous ones
sites
tips (unconfirmed sites)
A new site and its parents should not create conflicts.
The Tangle Unconfirmed TransactionsIntroduction
8
The Tangle (IOTA)
How to read a value?
The Tangle Unconfirmed TransactionsIntroduction
9
The Tangle (IOTA)
How to read a value?
If you take a tip, you can order transactions and do the same as in a blockchain
The Tangle Unconfirmed TransactionsIntroduction
10
The Tangle (IOTA)
What if tips are conflicting?
A new site cannot confirm conflicting sites
How to read a value?
The Tangle Unconfirmed TransactionsIntroduction
11
The Tangle (IOTA)
What if tips are conflicting?
How to read a value?
Two conflicting tangles can appear
Which one is correct?
The Tangle Unconfirmed TransactionsIntroduction
12
The Tangle (IOTA)
Tip Selection Algorithm (TSA):- so we know how to read values- so we know where to extend the Tangle
The Tangle Unconfirmed TransactionsIntroduction
12
The Tangle (IOTA)
Tip Selection Algorithm (TSA):- so we know how to read values- so we know where to extend the Tangle
In Bitcoin, we read values from, and we try to extend, the longest chain. If you don’t follow this, you’ll lose money.
The Tangle Unconfirmed TransactionsIntroduction
13
The Tangle (IOTA)
In the Tangle, forks are ok if not conflicting
The Tangle Unconfirmed TransactionsIntroduction
13
The Tangle (IOTA)
In the Tangle, forks are ok if not conflicting
But conflicting forks are worst in this case
The Tangle Unconfirmed TransactionsIntroduction
13
The Tangle (IOTA)
In the Tangle, forks are ok if not conflicting
But conflicting forks are worst in this case
The Tangle Unconfirmed TransactionsIntroduction
14
The Tangle (IOTA)
In the Tangle, forks are ok if not conflicting
So its better to have something like this
The Tangle Unconfirmed TransactionsIntroduction
15
The Tangle (IOTA)
The Tangle Unconfirmed TransactionsIntroduction
15
The Tangle (IOTA)
Should be chosen with higher probability
The Tangle Unconfirmed TransactionsIntroduction
16
The Tangle (IOTA)Compute cumulative weight to each site
The Tangle Unconfirmed TransactionsIntroduction
16
The Tangle (IOTA)Compute cumulative weight to each site
1
1
1
2
6
3
35
8
6
1
11
12
8
15
The Tangle Unconfirmed TransactionsIntroduction
16
The Tangle (IOTA)Compute cumulative weight to each site
1
1
1
2
6
3
35
8
6
1
11
12
8
15
Perform a random walk
The Tangle Unconfirmed TransactionsIntroduction
16
The Tangle (IOTA)Compute cumulative weight to each site
1
1
1
2
6
3
35
8
6
1
11
12
8
15
Perform a random walk
The Tangle Unconfirmed TransactionsIntroduction
17
The Tangle (IOTA)Compute cumulative weight to each site
11
12
15
Perform a random walk
The Tangle Unconfirmed TransactionsIntroduction
17
The Tangle (IOTA)Compute cumulative weight to each site
11
12
15
Perform a random walk
The Tangle Unconfirmed TransactionsIntroduction
17
The Tangle (IOTA)Compute cumulative weight to each site
11
12
15
Perform a random walk
4
3
The Tangle Unconfirmed TransactionsIntroduction
17
The Tangle (IOTA)Compute cumulative weight to each site
11
12
15
Perform a random walk
Transition function:
4
3
The Tangle Unconfirmed TransactionsIntroduction
17
The Tangle (IOTA)Compute cumulative weight to each site
11
12
15
Perform a random walk
Transition function:
4
3
MCMC
The Tangle Unconfirmed TransactionsIntroduction
17
The Tangle (IOTA)Compute cumulative weight to each site
11
12
15
Perform a random walk
Transition function:
4
3
LMCMCMCMC
The Tangle Unconfirmed Transactions Parasite Chain Attack
18
How many tips are left behind ?
The Tangle Unconfirmed Transactions Parasite Chain Attack
18
How many tips over the time ?
How many tips are left behind ?
The Tangle Unconfirmed Transactions Parasite Chain Attack
18
How many tips over the time ?
How many tips are left behind ?
The Tangle Unconfirmed Transactions Parasite Chain Attack
19
How many tips over the time ?
How many tips are left behind ?
The Tangle Unconfirmed Transactions Parasite Chain Attack
20
How many tips over the time ?
How many tips are left behind ?
The Tangle Unconfirmed Transactions Parasite Chain Attack
21
The Tangle Unconfirmed Transactions Parasite Chain Attack
21
How many tips are left behind ?
The Tangle Unconfirmed Transactions Parasite Chain Attack
21
How many tips are left behind ?
- theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Parasite Chain Attack
21
How many tips are left behind ?
- theoretical analysis, assuming random tip selection- by simulation, for other tip selection
The Tangle Unconfirmed Transactions Parasite Chain Attack
22
Theoretical analysis, assuming random tip selection
Discrete time model. At each round: Poisson(𝝀) new sites
The Tangle Unconfirmed Transactions Parasite Chain Attack
23
Discrete time model. At each round: Poisson(𝝀) new sites
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Parasite Chain Attack
24
Discrete time model. At each round: Poisson(𝝀) new sites
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
25
Theoretical analysis, assuming random tip selection
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
26
The Tangle Unconfirmed Transactions Necessary Security Assumption
27
The Tangle Unconfirmed Transactions Necessary Security Assumption
28
The Tangle Unconfirmed Transactions Necessary Security Assumption
29
The Tangle Unconfirmed Transactions Necessary Security Assumption
30
The Tangle Unconfirmed Transactions Necessary Security Assumption
31
The Tangle Unconfirmed Transactions Necessary Security Assumption
32
The Tangle Unconfirmed Transactions Parasite Chain Attack
33
By simulation, for other tip selection
The Tangle Unconfirmed Transactions Parasite Chain Attack
33
By simulation, for other tip selection
The Tangle Unconfirmed Transactions Parasite Chain Attack
34
By simulation, for other tip selection
number of tips
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Double Spending Attack
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Double Spending Attack Alice send 10 IOTA to Bob for a sandwich
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Double Spending Attack Alice send 10 IOTA to Bob for a sandwichBob waits to see the transaction in the Tangle
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Double Spending Attack Alice send 10 IOTA to Bob for a sandwichBob waits to see the transaction in the TangleBob gives Alice the sandwich
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Double Spending Attack Alice send 10 IOTA to Bob for a sandwichBob waits to see the transaction in the TangleBob gives Alice the sandwichAlice generates a lots of transactions so that her first transaction is discarded
Unconfirmed Transactions Parasite Chain Attack Conclusion
35
Double Spending Attack Alice send 10 IOTA to Bob for a sandwichBob waits to see the transaction in the TangleBob gives Alice the sandwichAlice generates a lots of transactions so that her first transaction is discardedAlice eats the sandwich
Unconfirmed Transactions Parasite Chain Attack Conclusion
36
The parasite chain attack
Unconfirmed Transactions Parasite Chain Attack Conclusion
37
The parasite chain attack
Unconfirmed Transactions Parasite Chain Attack Conclusion
38
The parasite chain attack
Unconfirmed Transactions Parasite Chain Attack Conclusion
39
The parasite chain attack
Unconfirmed Transactions Parasite Chain Attack Conclusion
40
Unconfirmed Transactions Parasite Chain Attack Conclusion
40
Theoretical analysis
Unconfirmed Transactions Parasite Chain Attack Conclusion
40
Theoretical analysisSimulations
Unconfirmed Transactions Parasite Chain Attack Conclusion
41
Theoretical analysis
Unconfirmed Transactions Parasite Chain Attack Conclusion
42
Theoretical analysis
Unconfirmed Transactions Parasite Chain Attack Conclusion
43
Theoretical analysis
Unconfirmed Transactions Parasite Chain Attack Conclusion
44
An attack is possible if hashing power of the adversary hashing power used by the all nodes.
An attack is possible if hashing power of the adversary hashing power of the all nodes
if all the honest nodes constantly generates new sites
Theorem
Corollary
Theoretical analysis
Unconfirmed Transactions Parasite Chain Attack Conclusion
45
How many red site so that:
By simulation
Unconfirmed Transactions Parasite Chain Attack Conclusion
46
Parasite Chain Attack Conclusion
47
Conclusion
Parasite Chain Attack Conclusion
47
Conclusion
The Tangle (Theoretical Protocol) : Security based on PoW IOTA (Current Implementation) : Central coordinator
Parasite Chain Attack Conclusion
47
Conclusion
How to attach the parasite chain?
The Tangle (Theoretical Protocol) : Security based on PoW IOTA (Current Implementation) : Central coordinator
Parasite Chain Attack Conclusion
47
Conclusion
Number of tips Resistance to parasite chain attack
How to attach the parasite chain?
The Tangle (Theoretical Protocol) : Security based on PoW IOTA (Current Implementation) : Central coordinator