Keep Network
  • Indeks
  • Keep - Blog
    • Bagaimana Token KEEP Bekerja
    • Transparansi Keep
    • Keep sekarang sepenuhnya Open Source/Bersumber terbuka
    • Partisipasi Aktif Keep
    • Keep dan tBTC diluncurkan, didukung oleh lebih dari 40 mitra industri
  • tBTC - Blog
    • tBTC, Cara Mudah Untuk Menggunakan Bitcoin dalam DeFi, Berlangsung di tbtc.network
    • Langkah-langkah untuk melakukan minting tBTC - Testnet
    • Langkah — Langkah Panduan Untuk Menebus TBTC - Testnet
    • tBTC, Cara Yang Aman Untuk Menggunakan Bitcoin di DeFi, Hadir di tbtc.network
    • Bitcoin di dalam Ethereum, tBTC vs wBTC
    • Langkah menginstall node ECDSA & Beacon Keep Network (menggunakan voucher Vultr $100)
    • Cara Mempertaruhkan/Stake ETH pada tBTC
    • Berbagai Ukuran Lot Membuat tBTC Andal dan Dapat Diakses oleh Semua Orang
    • Menjalankan Node KEEP Menggunakan Kubernetes dan Pantau Dengan Prometheus & Grafana
    • Yield Farming tBTC di Curve.fi
    • Fase Lanjutan Liquidity Reward
  • [Event] Play For Keep
    • Oktober - Arjun Balaji Sebagai Juri PFK
    • September - Apa Yang James Prestwich Cari Untuk Playing For Keep(PFK) September Ini
    • Agustus - Playing For Keep(PFK) telah melewati setengah target PFK dengan total hadiah 7 Juta KEEP
    • November - Desember - Amanda Cassatt Sebagai Juri PFK
  • [Event] Stakedrop
    • Resiko Keep Stakedrop dan Strategi Mitigasi
  • Whitepaper
    • KEEP Whitepaper
    • tBTC Whitepaper
      • tBTC Token ERC-20 Terdesentralisasi Yang di Dukung Dan Dapat Ditukar Ke - BTC
      • Daftar Isi
      • Ikhtisar, Kesepakatan, Catatan Penamaan
      • Upaya Sebelumnya, Tujuan Desain
      • Pengembangan Intuisi, Arsitektur Sistem
      • Bonding
      • Price Feed
      • Minting
      • Biaya Signer
      • Signing
      • Menangani Permasalahan
      • Redemption (Penukaran/Penebusan)
      • Tata Kelola
      • Appendix
      • Kosakata
Powered by GitBook
On this page
  • Handling Failure
  • Aborts / Liveness

Was this helpful?

  1. Whitepaper
  2. tBTC Whitepaper

Menangani Permasalahan

Handling Failure

Aborts / Liveness

The system requires that critical actions like funding and redemption occur within a fixed time after request. Failure to do so is treated as an "abort." Where fraud indicates proof positive of forbidden behavior, an abort typically represents a liveness failure from some participant. As such, while aborts are still punished, and may still result in liquidation, they are not punished as severely as fraud. For example, should the signers fail to produce a redemption signature in a timely manner, their bonds are liquidated to protect the supply peg, but any remainder is returned to them once the liquidation initiator is rewarded.

Fraud

The system recognizes one type of fraud proof, ECDSA fraud proofs, in which the signing group produces a signature on a message which was not explicitly requested. When fraud is detected, the system penalizes the signers by seizing their bonds and starting the liquidation process.

ECDSA Fraud Proofs

The signers collectively control an ECDSA keypair. By cooperating, they can produce signatures under the public key. Signers are charged with producing certain signatures (e.g. on a redemption transaction during the redemption process). Any valid signature under the signers' public key, but not specifically requested by the system is considered fraud.

An ECDSA fraud proof is simply a signature under the signers' public key, the signed message digest, and the preimage of that digest. From there we perform regular ECDSA verification. If the preimage matches the digest and the signature on the digest is valid but the digest was not explicitly requested by the system, then we can be sure that the signer set is no longer reliable. It is worth noting here, that verification of the preimage-digest relationship may not be skipped. Given any public key, it is possible to construct a signature under that public key and select a digest that matches it. Which is to say, anyone can produce an apparently valid signature on any unknown message. Only direct verification of the preimage’s existence (via checking its relationship to the signed digest) prevents this attack as the attacker would have to invert the hash function to forge this relationship.

Notionally, the system can verify any signature the signers produce. However, the capabilities of the host chain set practical limitations. For instance, on Ethereum, only certain digest functions are available, so we cannot verify signatures on digests produced by unsupported hash functions. As a practical example, this precludes verification of Decred signatures, which use blake256. Signers in an Ethereum-hosted system can produce signatures on Decred transactions with no possibility of punishment.

All host chains impose costs on argument size, therefore cost of verification scales with the length of the preimage. This means that it may not be economically feasible to verify signatures on very long preimages, or that attempting to do so will exceed resource-use limitations (e.g. Ethereum’s block gas limit). Fortunately, Bitcoin’s signature hash algorithm uses double-sha256, which makes the preimage of a signature the result of the first sha256. This means that the preimage to the signed digest is always 32 bytes, meaning verification costs never scale with transaction size, and even very large transactions cannot evade ECDSA fraud verification.

PreviousSigningNextRedemption (Penukaran/Penebusan)

Last updated 4 years ago

Was this helpful?