基于Merkle哈希树结构的区块链第二原像攻击

The Second-preimage Attack to Blockchain Based on the Structure of Merkle Hash Tree

区块链是一种新兴的IT技术,具有去中心化、高效、透明等优势,被广泛认为具有颠覆性的应用前景。而应用场景的广泛性和应用层面的底层性决定了区块链的安全性必须得到保障。Hash函数是保证区块链可用性和安全性的重要基础之一。文章从区块链中的Hash函数角度出发,基于密码分析原理,针对区块链的特有结构和工作流程,利用区块链中Merkle树Hash函数叶子节点的Hash值具有相同地位这一性质,构造一类对已存在区块发起的第二原像攻击。理论分析证明此类第二原像攻击的复杂度低于平凡搜索攻击,在此基础上,描述了基于Hellman原理的攻击实例构造算法。结论表明,Merkle树Hash函数本身的数学结构和区块链交易记录的数据格式是影响区块链安全性的重要因素,今后在设计区块链系统时应当考虑此类因素。

Blockchain technology is a kind of emerging information technology model. It is widely regarded as a promising concept because of its advantages such as decentralization, high efficiency, and transparency. The breadth of application scenarios and the underlying layer of application determine that the security of the blockchain must be guaranteed. Hash functions are one of the most important foundations for providing the blockchain's usability and security. Starting from Hash functions in the blockchain and based on the principle of cryptanalysis, this paper presents a type of second preimage attack on the existing blocks by employing the structure and workflow of the blockchain. Specially, the attack constructed in this paper uses the fact that the Hash values in the leaf nodes of a Merkle tree have the same status. After theoretical analysis of proving that the complexity of such an attack is lower than that of trivial brute-force, the attack's concrete steps based on Hellman's time-memory tradeoff principle are also described. The conclusion of the attack shows that both the mathematical structure of the Hash function itself and data format of blockchain transaction records are important to the security of the blockchain. This should be considered in the future when we design blockchain systems.