A Formal Modeling and Verification Method for Bitcoin Payment Protocol

Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (4): 311-.

Previous Articles Next Articles

A Formal Modeling and Verification Method for Bitcoin Payment Protocol

Wang Jionghan, Huang Wenchao, Wang Wansen, and Xiong Yan#br#

#br#

(College of Computer Science and Technology, University of Science and Technology of China, Hefei 230026)

Online:2024-04-20 Published:2024-04-21

一种比特币支付协议的形式化建模验证方法

王炯涵黄文超汪万森熊焰

(中国科学技术大学计算机科学与技术学院合肥230026)

通讯作者: 黄文超博士，副教授，博士生导师.主要研究方向为信息安全、人工智能、移动计算、网络与系统安全自动化验证技术、Android系统安全. huangwc@ustc.edu.cn
作者简介:王炯涵硕士研究生.主要研究方向为区块链、网络协议形式化验证. wangjh1@mail.ustc.edu.cn 黄文超博士，副教授，博士生导师.主要研究方向为信息安全、人工智能、移动计算、网络与系统安全自动化验证技术、Android系统安全. huangwc@ustc.edu.cn 汪万森博士研究生.主要研究方向为网络协议形式化验证、区块链. wangws@mail.ustc.edu.cn 熊焰博士，教授，博士生导师.主要研究方向为计算机网络与信息安全、移动计算与移动网络、分布式处理. yxiong@ustc.edu.cn

Abstract

Abstract: As a mainstream digital Cryptocurrency, the security of Bitcoin had received widespread attention, with significant research conducted around it. However, there is currently a lack of analysis on the Bitcoin payment process, along with a deficiency in relevant security standards and detailed modeling analysis, making it challenging to ensure the security of relevant protocols. Addressing this issue, this study began with the concept of consensus and established a symbolic model of the Bitcoin payment protocol based on the Bitcoin community specification and Bitcoin’s digital currency attributes. Corresponding adversary models and security attributes were proposed. Finally the relevant models underwent formal validation using the automatic verification tool Tamarin, completing the verification process of the Bitcoin payment protocol. Consequently, a security vulnerability in the Bitcoin payment protocol was discovered. The potential impact of this vulnerability were discussed.

Key words: bitcoin, formal verification, network protocol security, payment process, symbolic model

摘要： 作为主流的数字加密货币，比特币的安全性受到广泛关注，并且围绕其展开大量的研究工作.然而目前针对比特币支付过程的分析还比较欠缺，缺乏相关的安全标准和精细的建模分析，难以确保相关协议的安全.针对这一问题，基于比特币社区规范与比特币的数字货币功能属性，为比特币支付协议建立了形式化的符号模型与对应的安全属性,并使用自动验证工具Tamarin对相关模型及属性进行了形式化验证，完成了对比特币支付协议的验证工作，并且发现一种未被讨论过的比特币支付协议中的安全威胁，对该问题可能产生的影响进行了分析.

关键词: 比特币, 形式化验证, 网络协议安全, 支付过程, 符号模型

CLC Number:

TP309

王炯涵, 黄文超, 汪万森, 熊焰, . 一种比特币支付协议的形式化建模验证方法[J]. 信息安全研究, 2024, 10(4): 311-.

References

［1］Conti M, Kumer S E, Lal C, et al. A survey on security and privacy issues of bitcoin［J］. IEEE Communications Surveys & Tutorials, 2018, 20(4): 34163452［2］Garay J, Kiayias A, Leonardos N. The bitcoin backbone protocol: Analysis and applications［C］ Proc of Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2015: 281310［3］Garay J, Kiayias A, Leonardos N. The bitcoin backbone protocol with chains of variable difficulty［C］ Proc of Annual Int Cryptology Conf. Berlin: Springer, 2017: 291323［4］Eyal I, Sirer E G. Majority is not enough: Bitcoin mining is vulnerable［C］ Proc of the 18th Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2014: 436454［5］Heilman E, Kendler A, Zohar A, et al. Eclipse attacks on bitcoin’s peertopeer network［C］ Proc of the 24th USENIX Security Symp. Berkeley, CA: USENIX Association, 2015: 129144［6］Saad M, Chen S, Mohaisen D. SyncAttack: Doublespending in bitcoin without mining power［C］ Proc of the 2021 ACM Conf on Computer and Communications Security. New York: ACM, 2021: 16681685［7］Gao Shang, Li Zecheng, Peng Zhe, et al. Power adjusting and bribery racing: Novel mining attacks in the bitcoin system［C］ Proc of the 2019 ACM Conf on Computer and Communications Security. New York: ACM, 2019: 833850［8］包象琳, 熊焰, 黄文超, 等.基于SmartVerif的比特币底层协议算力盗取漏洞发现［J］. 电子学报, 2021, 49(12): 23902398［9］Das P, Faust S, Loss J. A formal treatment of deterministic wallets［C］ Proc of the 2019 ACM Conf on Computer and Communications Security. New York: ACM, 2019: 833850［10］Dabrowski A, Pfeffer K, Reichel M, et al. Better keep cash in your bootshardware wallets are the new single point of failure［C］ Proc of the 2021 ACM CCS Workshop on Decentralized Finance and Security. New York: ACM, 2021: 18［11］Hu Yiwen, Wang Sihan, Tu Guanhua, et al. Security threats from bitcoin wallet smartphone applications: Vulnerabilities, attacks, and countermeasures［C］ Proc of the 11th ACM Conf on Data and Application Security and Privacy. New York: ACM, 2021: 89100［12］Davif A B, Jannik D, Lucca H, et al. A formal analysis of 5G authentication［C］ Proc of the 2018 ACM Conf on Computer and Communications Security. New York: ACM, 2018: 13831396［13］Vanhoef M, Piessens F. Key reinstallation attacks: Forcing nonce reuse in WPA2［C］ Proc of the 2017 ACM Conf on Computer and Communications Security. New York: ACM, 2017: 13131328［14］Cremers C, Horvat M, Scott S, et al. Automated analysis and verification of TLS 1.3: 0rtt, resumption and delayed authentication［C］ Proc of the 27th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2016: 470485［15］Blanchet B. An efficient cryptographic protocol verifier based on prolog rules［C］ Proc of the 14th IEEE Computer Security Foundations Workshop. Piscataway, NJ: IEEE, 2001: 8296［16］Armando A, David A B, Yohan B, et al. The AVISPA tool for the automated validation of internet security protocols and applications［C］ Proc of the 17th Computer Aided Verification Int Conf. Berlin: Springer, 2005: 281285［17］Meier S, Schmidt B, Cremers C, et al. The TAMARIN prover for the symbolic analysis of security protocols［C］ Proc of the 25th Int Conf on Computer Aided Verification. Berlin: Springer, 2013: 696701［18］Lowe G. A hierarchy of authentication specifications［C］ Proc of the 10th Computer Security Foundations Workshop. Piscataway, NJ: IEEE, 1997: 3143［19］Dreier J, Kassem A, Lafourcade P. Formal analysis of ecash protocols［C］ Proc of the 12th Int Joint Conf on eBusiness and Telecommunications. Piscataway, NJ: IEEE, 2015: 6575［20］Maria A, Aviv Z, Laurent V. Hijacking bitcoin: Routing attacks on cryptocurrencies［C］ Proc of the 28th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2017: 375392

[1]	. Research on Verification of Neural Network Based on Softplus Function by Reluplex Algorithm [J]. Journal of Information Security Reserach, 2022, 8(9): 917-.
[2]	. Blockchain and Quantum Computing [J]. Journal of Information Security Research, 2018, 4(6): 496-504.
[3]	. Blockchain Technology and Application [J]. Journal of Information Security Research, 2018, 4(6): 559-569.
[4]	. The Foundation and Application of Blockchain Technology [J]. Journal of Information Security Research, 2018, 4(6): 575-580.
[5]	. Review and Research for Consensus Mechanism of Block Chain [J]. Journal of Information Security Research, 2018, 4(4): 369-379.
[6]	. Blockchain Technology and Its Prospect of Industrial Application [J]. Journal of Information Security Research, 2017, 3(3): 200-210.
[7]	Xu Han. The Improvement and Instance Analysis of the Formal Verification Tool Scyther [J]. Journal of Information Security Research, 2016, 2(3): 272-279.

A Formal Modeling and Verification Method for Bitcoin Payment Protocol

一种比特币支付协议的形式化建模验证方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 7

Recommended Articles

Metrics