Blockchain Security from the Bottom Up

Chapter 1 Introduction to Blockchain Security 1 The Goals of Blockchain Technology 2 Anonymity 2 Decentralization 2 Fault Tolerance 2 Immutability 3 Transparency 3 Trustless 3 Structure of the Blockchain 3 The Blockchain Network 5 The Blockchain Node 5 A Blockchain Block 6 A Blockchain Transaction 7 Inside the Blockchain Ecosystem 8 Fundamentals 8 Primitives 9 Data Structures 9 Protocols 9 Consensus 9 Block Creation 10 Infrastructure 10 Nodes 10 Network 11 Advanced 11 Smart Contracts 11 Extensions 11 Threat Modeling for the Blockchain 12 Threat Modeling with STRIDE 12 Spoofing 12 Tampering 12 Repudiation 13 Information Disclosure 13 Denial of Service 13 Elevation of Privilege 13 Applying STRIDE to Blockchain 14 Conclusion 14 Chapter 2 Fundamentals 15 Cryptographic Primitives 15 Public Key Cryptography 16 Introducing “Hard” Mathematical Problems 16 Building Cryptography with “Hard” Problems 18 How the Blockchain Uses Public Key Cryptography 19 Security Assumptions of Public Key Cryptography 20 Attacking Public Key Cryptography 20 Hash Functions 25 Security Assumptions of Hash Functions 25 Additional Security Requirements 27 How the Blockchain Uses Hash Functions 28 Attacking Hash Functions 31 Threat Modeling for Cryptographic Algorithms 32 Data Structures 33 Transactions 33 What’s In a Transaction? 33 Inside the Life Cycle of a Transaction 34 Attacking Transactions 34 Blocks 37 Inside a Block 37 Attacking Blockchain Blocks 38 Threat Modeling for Data Structures 39 Conclusion 39 Chapter 3 Protocols 43 Consensus 43 Key Concepts in Blockchain Consensus 44 Byzantine Generals Problem 44 Security via Scarcity 45 The Longest Chain Rule 46 Proof of Work 46 Introduction to Proof of Work 47 Security of Proof of Work 48 Proof of Stake 53 Introduction to Proof of Stake 53 Variants of Proof of Stake 54 Security of Proof of Stake 54 Threat Modeling for Consensus 59 Block Creation 59 Stages of Block Creation 60 Transaction Transmission 60 Block Creator Selection (Consensus) 60 Block Building 61 Block Transmission 61 Block Validation 61 Attacking Block Creation 62 Denial of Service 62 Frontrunning 63 SPV Mining 65 Threat Modeling for Block Creation 65 Conclusion 65 Chapter 4 Infrastructure 67 Nodes 67 Inside a Blockchain Node 68 Attacking Blockchain Nodes 68 Blockchain- Specific Malware 69 Denial-of-Service Attacks 70 Failure to Update 71 Malicious Inputs 72 Software Misconfigurations 73 Threat Modeling for Blockchain Nodes 74 Networks 74 Attacking the Blockchain Network 75 Denial-of-service Attacks 75 Eclipse/Routing Attacks 76 Sybil Attacks 78 Threat Modeling for Blockchain Networks 80 Conclusion 80 Chapter 5 Advanced 83 Smart Contracts 83 Smart Contract Vulnerabilities 84 General Programming Vulnerabilities 85 Blockchain- Specific Vulnerabilities 94 Platform-Specific Vulnerabilities 103 Application- Specific Vulnerabilities 119 Threat Modeling for Smart Contracts 128 Blockchain Extensions 128 State Channels 129 State Channel Security Considerations 129 Sidechains 130 Sidechain Security Considerations 131 Threat Modeling for Blockchain Extensions 132 Conclusion 133 Chapter 6 Considerations for Secure Blockchain Design 137 Blockchain Type 137 Public vs. Private 138 Benefits of Public vs. Private Blockchains 138 Open vs. Permissioned 139 Benefits of Open vs. Permissioned Blockchains 139 Choosing a Blockchain Architecture 140 Privacy and Security Enhancements 140 Zero-Knowledge Proofs 140 Stealth Addresses 141 Ring Signatures 141 Legal and Regulatory Compliance 142 Designing Secure Blockchains for the Future 143 Index 145