UPDATE attack

altcoin/ethereum/readme.md

@@ -7,6 +7,9 @@
 
 ## ERC20, ERC721
 
-## Raiden Network
+## Raiden Network 雷电网络 ?
++ 多对一
++ 每个通道都需要部署一个新合约
 
-## The DAO
+
+## The DAO

bitcoin/readme.md

@@ -158,14 +158,51 @@ __注意__:
 
 ## Lightning Network
 
+浏览器: 
++ https://1ml.com/
++ https://github.com/altangent/lnd-explorer
+
 + [硬核科普闪电网络](https://s1.rylink.com/info_detail/239)
 + [闪电网络很难懂？你需要看看这篇文章 | 硬核科普](https://mp.weixin.qq.com/s?__biz=MzI5MTQ5NDU3NQ==&mid=2247486659&idx=1&sn=94db69d14664c220ca191d5b035e2163&chksm=ec0e8303db790a15f74d30a1d6543ec1304d493ca27d5fbdfd8e28a1c11388426739b4b5780d&mpshare=1&scene=1&srcid=0219PRXw1NHaFPc1NUTUMnut&pass_ticket=ZXFSXlAoCmg3o1yqnjc%2Fh8k6L%2Fsjw9vfkYkGOa095ZweYpoUSlvB2Cqdd4UBkp%2FV#rd)
-+ [闪电网络原理通俗解释 | 闪电HSL](https://mp.weixin.qq.com/s?__biz=MzIxNTA0NDQzMA==&mid=2651799232&idx=1&sn=fa9c747790525cb94c2d667903ae631e&chksm=8c65c6e1bb124ff77c39125236e6b513ca7451895cc95139b87a89117374c723596ca1d27472&mpshare=1&scene=1&srcid=0321ZDJTdLw0mHFJtnuJ5pVy&pass_ticket=ZXFSXlAoCmg3o1yqnjc%2Fh8k6L%2Fsjw9vfkYkGOa095ZweYpoUSlvB2Cqdd4UBkp%2FV#rd)
-* [Lo and Behold ! 已来的比特币闪电网络](https://bbs.chainon.io/d/3082)
 
+Relative Lock Time
+Allows a transaction to be time-locked, preventing its use in a new transaction until a relative time change is confirmed.
+
+
+Breach Remedy Transaction:[1] the transaction Alice creates when Mallory attempts to steal her money by having an old version of the channel state committed to the blockchain. Alice's breach remedy transaction spends all the money that Mallory received but which Mallory can't spend yet because his unilateral spend is still locked by a relative locktime using OP_CSV. This is the third of the maximum of three on-chain transactions needed to maintain a Lightning channel; it only needs to be used in the case of attempted fraud (contract breach).
+
+
+Relative locktime:[7] the ability to specify when a transaction output may be spent relative to the block that included that transaction output. Enabled by BIP68 and made scriptable by BIP112. Lightning uses relative locktime to ensure breach remedy transactions may be broadcast within a time period starting from when an old commitment transaction is added to the blockchain; by making this a relative locktime (instead of an absolute date or block height), Lightning channels don't have a hard deadline for when they need to close and so can stay open indefinitely as long as the participants continue to cooperate.
+
+Revocable Sequence Maturity Contract (RSMC):[1] a contract used in Lightning to revoke the previous commitment transaction. This is allowed through mutual consent in Lightning by both parties signing a new commitment transaction and releasing the data necessary to create breach remedy transactions for the previous commitment transaction. This property allows Lightning to support bi-directional payment channels, recover from failed HTLC routing attempts without needing to commit to the blockchain, as well as provide advanced features such as PILPPs.
 
 [比特币白皮书](https://bitcoin.org/bitcoin.pdf) 发表于 2009 年，[闪电网络白皮书](https://lightning.network/lightning-network-paper.pdf) 发表于 2016 年。闪电网络起源于比特币的扩容问题。闪电网络是基于微支付通道演进而来，创造性的设计出了两种类型的交易合约：序列到期可撤销合约 RSMC（Revocable Sequence Maturity Contract，哈希时间锁定合约 HTLC（Hashed Timelock Contract）。RSMC 解决了通道中币单向流动问题，HTLC 解决了币跨节点传递的问题。这两个类型的交易组合构成了闪电网络。
 
+
+### 优点
++ 小微支付成为可能
+    * 交易金额低至一聪
++ 小额甚至无需手续费
++ 付款实时结算
++ 更好的隐私性：并非每笔交易都会被存在链上
+    * 默认使用洋葱路由器进行分享
+        - Oninion Routing (with the help of the SPHINX paper) in BOLT 04 is that you as the payer of a network hide who is receiving the money. Also you hide that you are the sender (though every node can send back error messages to you). 
+            + If you pay a person with these oninion payments and this person is NOT using TOR for their lightning node you will know who the payee is (at least you know the IP address and to some degree where the computer stands) Others on the way do not know this (only the channel partner knows that the payee is involved in the payment process but it is not clear that it is the receipient to the channel partner).
+    * 可以配置 tor 代理
+        - Tor network is to hide your IP address
++ Securely cross blockchains: payments can be routed across more than one blockchain (including altcoins and sidechains) as long as all the chains support the same hash function to use for the hash lock, as well as the ability the ability to create time locks.
+    * 实现原子交换，在通道内能将比特币交换为 Litecoin，Groestl 或 Dogecoin
++ 由于 P2P 网络的特性，所以闪电网络上的交易是不可阻止的。
+
+### 缺点
++ 节点故障：如果其中一个节点没有响应，用户可能需要等待数小时才能关闭支付通道并再次通过另一条路径重新发送资金
++ 不可离线支付：用户无法向不在线的人进行支付
++ 不适用于大额支付：即使通过不同支付通道的路径可能存在，不同节点的多重签名钱包中的资金也可能不足以转移大额资金
++ 可能会造成支付中继站的中心化
+    * 解决办法是多建闪电网络节点
++ 可能存在的攻击
+    * 女巫攻击把中继站的资金池掳走，耗时很久才返还
+
 ## ECDSA Failures
 
 ## Colored Coin
@@ -247,4 +284,10 @@ Core一看被排挤, 在纽约共识约定的隔离见证部署前，提出UASF
 更偏向原始的比特币方案, 不用二层网络方案
 
 + 扩容，恢复曾经有但被 core 删掉了的操作码，去掉各种限制（比如一个交易内可以使用操作码的数量限制等）
-+ tokenized方案，完全利用 OP_RETURN , 在原有网络上增加 token 协议
++ tokenized方案，完全利用 OP_RETURN , 在原有网络上增加 token 协议
+
+
+## nodes
++ https://bitnodes.earn.com/
+    * https://bitnodes.earn.com/nodes/live-map/
+    * https://bitnodes.earn.com/nodes/?q=China

blockchain/attack.md

@@ -9,11 +9,63 @@
 
 比特币运用了经济学原理，来防止双花发生，攻击者的第二次交易要被更快确认，要控制强大的算力来追赶分块增长，成为最长链。从经济的角度考虑，拥有如此强大算力的人做这个事是不划算的，这个过程中浪费的资源用来正经挖矿得到的收益更高。
 
-### 51% Attack
+### 51% Attack (Majority attack)
+The attacker controls more than half of the network hashrate.
 
-### 芬妮攻击
-### 竞争攻击
-### Vector76攻击
+No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could potentially make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in. 
+
+### Finney attack 芬妮攻击
+芬妮攻击，是由Hal Finney 命名的，他也是描扣块攻击的第一人。这种攻击是一种双花攻击的变化，与0确认交易相关。
+
+攻击者生成一个有效的块但是不会广播这个块，但是会广播交易A，交易A是指购买一个物件或者服务。商家会看到没有任何冲突的交易A并接受0确认交易。之后攻击者会广播已生成的有效块和与交易A有冲突的交易B，这时比特币网络会接受有效块并使交易A无效。
+
+攻击的代价是非常大的，因为在攻击者生成块和完成交易A之间存在时间间隙，在此期间网络上的其他人也可以生成有效块并广播它，从而使攻击者生成的有效块变的无效。因此，只有在成功购买到商品后并且立即释放扣押的区块时，这个攻击才是有效的。
+
+这种攻击的一般形式，Satoshi Nakamoto 在《白皮书》的第11章有提到。理论上，攻击者可以预先生成任一数量的区块，例如，商家在释放产品前需要一次确认，攻击者将在网络前预先生成两个块，并且使用双倍手续费去广播它。但是每个区块的成本呈指数上升，而且在发布购买前需要接受6次确认的验证使这种攻击只有在攻击者接近网络哈希率50%或者更高的情况下有可能发生。
+
+### Race attack 竞争攻击
+
+和 芬妮攻击 的区别是，芬妮攻击是 0确认交易 vs 冲突块，竞争攻击是 0确认交易 vs 冲突交易.
+
+The attacker supplies an unconfirmed transaction to the victim that pays the victim. Meanwhile, they broadcast a conflicting transaction to the network. As the merchant saw their own transaction first, they are under the illusion of getting paid, while the rest of the network predominantly saw the doublespend first and thus it's likely the merchant will in fact not get paid.
+
+It requires the recipient to accept unconfirmed transactions as payment.
+
+This attack is much easier to pull off, when the attacker has a direct connection to the victim's node, and perhaps deposits the conflicting transaction directly to miners.
+
+It is therefore recommended to turn off incoming connections to nodes used to receive payments, so that your node will seek their own peers, and not to allow the payer to directly submit the payment to the payee.
+
+precautions (to lessen the risk of a race attack but the risk cannot be eliminated):
+
++ disable incoming connections
++ choose specific outgoing connections, only connect to well connected nodes
+
+The Sybil attack takes this information asymmetry even further as the attacker isolates the victim from the network and restricts their access to information while doublespending them. Other doublespend attacks rely on having premined a transaction to yourself in a block kept secret before paying a victim with a conflicting transaction (Finney attack), or on having overwhelming hashrate (majority attack).
+
+
+### Vector76 attack Vector76攻击
+也被称为一次确认攻击，是 race attack 和 fenny attack 的组合，使得甚至具有一次确认的交易仍然可以被逆转。 对于 race attack（没有传入连接，与连接良好的节点的显式传出连接）相同的保护方式显着降低了发生这种情况的风险。
+
+It is worth noting that a successful attack costs the attacker one block - they need to 'sacrifice' a block by not broadcasting it, and instead relaying it only to the attacked node.
+
+参阅:
+
++ http://bitcointalk.org/index.php?topic=36788.msg463391#msg463391
++ http://www.reddit.com/r/Bitcoin/comments/2e7bfa/vector76_double_spend_attack/cjwya6x
+
+### Alternative history attack 替代历史攻击
+
+可以理解为 需要多次确认的场景下的芬妮攻击
+
+If the attacker controls more than half of the network hashrate, the Alternative history attack has a probability of 100% to succeed. 
+
+This attack has a chance to work even if the merchant waits for some confirmations, but requires relatively high hashrate and risk of significant expense in wasted electricity to the attacking miner.
+
+The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining an alternative blockchain fork in which a fraudulent double-spending transaction is included instead. After waiting for n confirmations, the merchant sends the product. If the attacker happened to find more than n blocks at this point, he releases his fork and regains his coins; __otherwise__, he can try to continue extending his fork with the hope of being able to catch up with the network. If he never manages to do this then the attack fails, the attacker has wasted a significant amount of electricity and the payment to the merchant will go through.
+
+The probability of success is a function of the attacker's hashrate (as a proportion of the total network hashrate) and the number of confirmations the merchant waits for. 
+
+For example, if the attacker controls 10% of the network hashrate but the merchant waits for 6 confirmations, the success probability is on the order of 0.1%[3]. Because of the opportunity cost of this attack, it is only game-theory possible if the bitcoin amount traded is comparable to the block reward (but note that an attacking miner can attempt a brute force attack against several counterparties at once).
 
 ## Gas Limit Attack
 以太坊中虽然有一个 STARTGAS 值来指定程序运行多少步，防止程序无限循环不结束。但仅靠这个机制还是不完美的，因为当超过了 STARTGAS 的值，交易被回滚，但挖矿费用 refund 还是要支付的，并且计算资源也被浪费了。
@@ -26,7 +78,24 @@
 
 ## Long-Range Attack
 
-## 女巫攻击
+## Sybil Attack 女巫攻击
+
+攻击者利用单个节点来伪造多个身份存在于P2P网络中，从而达到削弱网络的冗余性，降低网络健壮性，监视或干扰网络正常活动等目的。
+
+在这情况下，他们可以拒绝接收或传输区块，甚至进行覆盖51％的系统攻击。
+
+## Eclipse Attack 日蚀攻击
+
+提出此攻击的论文《Majority is not Enough: Bitcoin Mining is Vulnerable》
+
++ 可以将比特币系统的安全阈值从50%降低到33%
+    * 可以将整个比特币网络划分为两个部分，攻虽然在全网只占有40%的算力，但在左/右两侧的子网络中却分别拥有50%以上的算力，从而实现51%攻击。
++ 即使攻击者没有包含任何算力，其也可以通过日蚀实现双重花费攻击
++ 以太坊是否存在日蚀攻击？
+    * Wüst K, Gervais A. Ethereum eclipse attacks[R]. ETH Zurich, 2016.（以太坊中的日蚀攻击）
+    * Marcus Y, Heilman E, Goldberg S. Low-Resource Eclipse Attacks on Ethereum's Peer-to-Peer Network[J]. IACR Cryptology ePrint Archive, 2018, 2018: 236.（[以太坊点对点网络中的低资源日蚀攻击](http://www.cs.bu.edu/~goldbe/projects/eclipseEth.pdf)）
+        - Goldberg描述说，在以太坊网上发起一次日蚀攻击，与在比特币上发起一次攻击是“完全不同的”。为了实现对比特币的一次日蚀攻击，一个攻击者需要控制大量IP地址(机器)来垄断连接到受害者节点的连接，这使得攻击比特币的代价极高。与此相反，仅使用一两台机器就能在以太坊层发动类似的攻击
+        - 主要是因为比特币依赖于一个非结构化网络节点的随机相互连接，而以太坊则依赖于结构化的基于一个称为 __Kademlia__ 的协议的网络，其旨在更有效地允许一个节点可以连接到其它节点。以太坊的点对点网络中的节点由其公钥所标识。显然，以太坊的版本(在Geth v1.8.1之前)允许用户运行无限数量的节点，每个节点都有一个不同的公钥，从同一个IP地址的同一台机器上运行。通过使用密钥生成算法，攻击者可以非常快地创建 __无限数量__ 的节点ID(在对等网络上的标识符)。更糟糕的是，攻击者甚至可以 __DIY__ 节点ID，使其相比于随机的节点ID来说对受害者更具吸引力，这样就能基本上把受害者 __拉到__ 他们身边 。
 
 ## 重放攻击
 + 2016 年 7 月以太坊进行硬分叉的过程中发生
@@ -54,4 +123,30 @@ Partition Attack 分区攻击阻止比特网络的两/多部分连接起来，
 
 ## Tor
 
-[Bitcoin over Tor isn’t a good idea](https://arxiv.org/pdf/1410.6079.pdf)
+[Bitcoin over Tor isn’t a good idea](https://arxiv.org/pdf/1410.6079.pdf):
+
++ 中间人攻击
+    * control which Bitcoin blocks and transactions are relayed to the user and can delay or discard user’s transactions and blocks
++ an attacker can fingerprint users and then recognize them and learn their IP address when they decide to connect to the Bitcoin network directly.
+
+## Block Withholding Attack 扣块攻击
+
+自己计算出正确的  hash  后，没有回传给矿池, 可能的目的:
+
++ 降低矿池的收益
++ 私自广播出去, 区块奖励自己独吞
+    * 要 blocktemplate 才能实现？
+
+
+### 芬妮攻击
+扣块攻击最简单的形式也叫作芬妮攻击
+
+### Selfish-Mining Attack 自私挖矿攻击
+
+攻击者挖到新区块后藏起来不公布，其他诚实矿工因为不知道新区块的存在，还是继续在旧区块基础上挖矿。等到攻击者挖到第二枚区块后便会同时公布手中藏着的两枚区块，这时，区块链分叉就出现了。只要攻击者比诚实矿工多挖一枚区块，攻击者所在的分叉就是最长链：根据比特币的共识机制，矿工只在最长链后面挖矿。因此，原本诚实矿工们所在的那条链，因为比攻击者的分叉短，便作废了。此时此刻，攻击者因为挖到了两枚新区块而获得相应收益；而诚实矿工的分叉被废弃，他们什么也得不到。
+
+Block Withholding Attack 扣块攻击的一种, 进行自私挖矿的攻击者只需要拥有全网 25%? 33%? 的算力，就可以保证自己获得更多的收益了。[如果你能在竞争中和别人五五开，你只要有25%的算力，自私挖矿就是更有利的选择。就算你在竞争中总是会输，如果你有33%的算力，自私挖矿也是严格有利的。](https://www.zhihu.com/question/21976182)
+
+解决办法: 新的难度调整公式, 用于更新挖矿难度的参数，应该是衡量网络的实际算力。一种想法是在难度调整公式中加入孤块数量的因素。这可通过矿工们来实现，即指示他们挖到的区块中存在“uncle”（通过包含它们的区块头，及对等节点中继这些数据. 或者一个简单的解决方案, 矿工收到两个竞争区块的时候, 随机抽取其中一个进行挖矿.
+
+许多针对“自私挖矿”策略优化及扩展的工作相继展开。2016年，Nayak等作者在文献(K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining:Generalizing selfish mining and combining with an eclipse attack,”in 2016 IEEE European Symposium on Security and Privacy (EuroSP), Saarbr ¨ucken, Germany, Mar. 2016, pp. 305–320.)中提出了一种新的挖矿策略“stubborn”，该策略对“自私挖矿”策略进行了扩展。基于该策略，恶意矿池的收益相较于使用“自私挖矿”策略将提高13.94%。不仅如此，在文中作者还进一步对“stubborn”策略进行了优化，并提出了两个新的策略，即“the EqualFork Stubborn”与“Trail Stubborn”。这两个策略进一步提高了恶意矿池的挖矿收益。

blockchain/readme.md

@@ -74,6 +74,8 @@ target 目标值 = 最大目标值（恒定值） / 难度值
 将导致 __算力集中__，计算资源大的有优势
 
 
+### ProgPow
+
 ### PoS, Proof of Stake,权益证明
 为了使每个 Block 更快被生成，PoS 机制 __去掉了穷举 nonce__，一个账户的 __余额__ 越多，在同等算力下，就越容易发现下一个区块。将导致 __大户集中__ 。
 
@@ -239,7 +241,9 @@ Cosmos 的底层是由 Cosmos SDK 构建，Cosmos SDK 可以理解为一个更
 
 ### Interledger
 
-## SegWit 隔离见证
+## Segregated Witness (SegWit) 隔离见证
+
+Reduces the space required for transactions in a block and eliminates transaction malleability, which allows for significant blockchain pruning optimizations.
 
 ## Projects