Secure Scheme Against Compromised Hash in Proof-of-Work Blockchain

  • Fengjun Chen
  • Zhiqiang LiuEmail author
  • Yu LongEmail author
  • Zhen LiuEmail author
  • Ning DingEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)


Blockchain is built on the basis of peer-to-peer network, cryptography and consensus mechanism over a distributed environment. The underlying cryptography in blockchain, such as hash algorithm and digital signature scheme, is used to guarantee the security of blockchain. However, past experience showed that cryptographic primitives do not last forever along with increasing computational power and advanced cryptanalysis. Therefore, it is crucial to investigate the issue that the underlying cryptography in blockchain is compromised.

This paper aims at the challenge that the underlying hash algorithm is compromised in blockchain. In 2017, M. Sato et al. firstly addressed the issue by proposing a framework of transition approach from the compromised hash algorithm to a secure one. Nevertheless, this approach is actually a hardfork if it is applied to proof-of-work blockchain, which is much likely to cause disagreement of the blockchain community and should be avoided accordingly. To fill this gap, we propose a softfork transition scheme to deal with the challenge that compromised hash brings into proof-of-work blockchain. Our scheme provides a secure transition in the case of compromised hash, keeping the validity of past data in the blockchain as well. We also show that a proof-of-work blockchain with our scheme is much more secure than the original one (i.e. without our scheme).


Blockchain Compromised hash Softfork transition scheme Proof of work 



We would like to thank the anonymous reviewers for their helpful feedback. The authors are supported by the National Natural Science Foundation of China (Grant No. 61672347, 61572318, 61672339).


  1. 1.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. In: Consulted (2008)Google Scholar
  2. 2.
    Bitcoin Wiki: Contingency plans - SHA-256 is broken (2015).
  3. 3.
    Bitcoin Wiki: Hardfork (2017).
  4. 4.
    Sato, M., Matsuo, S.: Long-term public blockchain: resilience against compromise of underlying cryptography. In: IEEE European Symposium on Security and Privacy Workshops, pp. 1–8 (2017)Google Scholar
  5. 5.
    Okupski, K.: Bitcoin Developer Reference Working Paper, 30 June 2016.
  6. 6.
  7. 7.
    Stevens, M., et al.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009). Scholar
  8. 8.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005). Scholar
  9. 9.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005). Scholar
  10. 10.
    Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017). Scholar
  11. 11.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of ACM Symposium on the Theory of Computing, pp. 212–219 (1996)Google Scholar
  12. 12.
    Giechaskiel, I., Cremers, C., Rasmussen, K.B.: On bitcoin security in the presence of broken cryptographic primitives. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 201–222. Springer, Cham (2016). Scholar
  13. 13.
    Bitcoin Wiki: Coinbase (2018).
  14. 14.
    Wood, G.: Ethereum: a secure decentralized generalised transaction ledger.
  15. 15.
    European Telecommunications Standards Institute (ETSI): Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures. EN 319 122-1 V1.1.1 (2016)Google Scholar
  16. 16.
    International Organization for Standardization (ISO): Processes, data elements and documents in commerce, industry and administration - Long term signature profiles - Part 1: Long term signature profiles for CMS Advanced Electronic Signatures (CAdES). ISO 14533-1:2014 (2014)Google Scholar
  17. 17.
  18. 18.
    Buterin, V.: Critical update re: DAO vulnerability, 17 June 2016.
  19. 19.
    Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.The Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina

Personalised recommendations