本文介绍了如何保护源代码免受区块链的篡改?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

  class Block {
constructor(timestamp,transactions,previousHash =''){
this.timestamp = timestamp;
this.transactions = transactions;
this.previousHash = previousHash;
this.hash = this.calculateHash();
this.nonce = 0;
}

calculateHash(){
返回SHA256(this.previousHash + JSON.stringify(this.transactions)
+ this.timestamp + this.nonce)。的toString();
}

mineBlock(难度){
while(this.hash.substring(0,难度)!==数组(难度+
1).join( 0)){
this.nonce ++;
this.hash = this.calculateHash();
}

console.log(Block mined:+ this.hash);
}
}

在上面的代码中,它是如何承诺的基础逻辑不会被操纵到一个人的优势?我的意思是,为了挖掘矿块,矿工必须投入巨资才能投入巨资。如果他/她能够在mineBlock()方法中打破上面的while循环,那么挖掘一个块并让它被接受可能不需要太多计算(前提是源代码可以在所有验证器/矿工中操作(证明工作和股份分别)机器)。
提前致谢。

解决方案

你不应该隐藏你的客户代码,因为它会杀死区块链的集中和分散技术本身。



只要51%的计算能力(如果是PoW consesus)来自诚实节点,比特币等技术就不会破产。



当超过51%的计算能力被破坏(恶意)时,分类账是不安全的。



尽可能多的极端主义者如果你的意图是构建自己的区块链,可能会建议你重新使用已编写并被认为是安全的代码并逐步添加你的功能。



编写DLT不仅仅是编写无错误的代码(不能用于破坏所有节点,如问题所述),还有效的共识机制无法利用的。



PoW代表工作证明。
DLT代表Distribuited Ledger Technology(包括Blockchain,Tangles等)。



还要澄清我在这里看到的一些误解。



Solidity是一种确定性语言,用于在区块链中编写智能合约(它不是用于编码区块链本身的语言,而是用于在区块链内运行的软件的代码,例如:以太坊)



以以太坊为例,它有不同的实现,geth(golang-ethereum)是最活跃的。正如我告诉你的,如果你想创建自己的区块链,你可能应该重新使用已经证明是稳固的代码。



回答:新区块链很容易发生51%的攻击(这主要是工作证明共识区块链):是的,这是绝对正确的,新出生的区块链(或低哈希率的区块链)往往会通过租用哈希力来经常受到攻击(参见最近发生的比特币私人案例)或比特币黄金)。遗憾的是,没有办法防止这种情况发生,因为它只是工作证明共识的工作方式,唯一能够控制它的是你在考虑来自交易的资产可用之前等待更多的块确认。



示例(名称是随机选择的):我有一个在线商店接受来自比特币Weak的区块链的BTW(硬币),该区块链经常受到51%攻击的困扰,我所做的就是虽然客户交易是在区号(X)中插入的,但在允许他在我的平台上花这些钱之前,我等到区号(X + 100)。



为什么我这样做?这是因为51%的攻击旨在重建两条链,然后插入较长的链,删除较短的链(我创建用于在您的平台上购买的交易的链),所以更长的确认块我等待更多的钱我强迫黑客用来保持51%的哈希值攻击。如果他的双重花费攻击包括花费100美元,但是我强迫他花费101美元用于电力(或哈希能源租金),那么我不鼓励他攻击连锁店并尝试在我的平台上花费两倍。 / p>

希望这澄清了您的疑虑。


class Block{
    constructor(timestamp, transactions, previousHash = ''){
        this.timestamp = timestamp;
        this.transactions = transactions;
        this.previousHash = previousHash;
        this.hash = this.calculateHash();
        this.nonce = 0;
    }

    calculateHash(){
        return SHA256(this.previousHash + JSON.stringify(this.transactions)
        + this.timestamp + this.nonce).toString();
    }

    mineBlock(difficulty){
        while(this.hash.substring(0, difficulty) !== Array(difficulty +
        1).join("0")){
            this.nonce++;
            this.hash = this.calculateHash();
        }

        console.log("Block mined: " + this.hash);
    }
}

In the above code, how is it promised that the underlying logic is not manipulated to one's advantage? I mean, to mine a block a miner has toinvest immense computing power. If rather s/he is able to break the while loop above in the mineBlock() method, perhaps not much computing is necessary to mine a block and get it accepted (provided the source code could be manipulated in all the validator/miner (proof of work and stake respectively) machines).Thanks in advance.

解决方案

You shouldn't hide your client code because it kills the concent of blockchain and decentralized technology itself.

Technologies such as Bitcoin are unbreakable as long as 51% of computing power (in case of PoW consesus) comes from honest nodes.

In the moment that more than 51% of computing power is corrupted (malicious) then the ledger is not safe.

As many maximalist may suggest if your intent is to build your own blockchain probably you should re-use code that is already written and considered to be safe and add your features step by step.

Writing a DLT is not only about writing bug-less code (that cannot be used to corrupt all the nodes, as you stated in the question) but also efficient consensus mechanisms that cannot be exploited.

PoW stands for Proof of Work.DLT stands for Distribuited Ledger Technology (which includes Blockchain, Tangles etc.)

Just also to clarify some misconceptions which I've seen going out here.

Solidity is a deterministic language used to write smart contracts inside the blockchain (it is not the language used to code the blockchain itself but the code used for the softwares running inside the blockchain, example: Ethereum)

Taking Ethereum as example there are different implementations of it, geth (golang-ethereum) being the most active. As I told you if you want to create your own blockchain probably you should look to reuse code that is already proven to be solid.

Answering to: "new blockchain are prone to 51% attacks" (this plagues Proof of Work-consensus blockchains mainly): yes this is absolutely true, new born blockchains (or blockchains with low hash-rates) tend to be attacked frequently by renting hashpower (see Bitcoin Private case happened recently or Bitcoin gold). Unfortunately there's no way to prevent this from happening because it's just how Proof of Work consensus work, the only thing that can be done to contain it is that you wait more block confirmations before considering the assets coming from the transaction to be spendable.

Example (names are chosen randomly): I have an online store accepting BTW (coin) coming from Bitcoin Weak's blockchain which is often plagued by 51% attacks, what I do is that although customers transaction was inserted in block number (X) I wait up until block number (X + 100) before allowing him to spend those money in my platform.

Why do I do this? It's because 51% attacks aim to recreate two chains and insert the longer chain later on which deletes the shorter chain (the one where I created the transaction used to buy on your platform) so the longer confirmation blocks I await the more money I force the hacker to spend to keep the 51% hashrate attack going. If his double spend attack consists in spending 100$ but I force him to spend 101$ in electricity (or hashpower rent) then I discourage him to attack the chain and try to double spend in my platform.

Hope this clarified your doubts.

这篇关于如何保护源代码免受区块链的篡改?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-19 11:32