Abstract
In recent years, permisionless blockchains have received a lot of attention both from industry and academia, where substantial effort has been spent to develop consensus protocols that are secure under the assumption that less than half (or a third) of a given resource (e.g., stake or computing power) is controlled by corrupted parties. The security proofs of these consensus protocols usually assume the availability of a network functionality guaranteeing that a block sent by an honest party is received by all honest parties within some bounded time. To obtain an overall protocol that is secure under the same corruption assumption, it is therefore necessary to combine the consensus protocol with a network protocol that achieves this property under that assumption. In practice, however, the underlying network is typically implemented by flooding protocols that are not proven to be secure in the setting where a fraction of the considered total weight can be corrupted. This has led to many so-called eclipse attacks on existing protocols and tailor-made fixes against specific attacks.
To close this apparent gap, we present the first practical flooding protocol that provably delivers sent messages to all honest parties after a logarithmic number of steps. We prove security in the setting where all parties are publicly assigned a positive weight and the adversary can corrupt parties accumulating up to a constant fraction of the total weight. This can directly be used in the proof-of-stake setting, but is not limited to it. To prove the security of our protocol, we combine known results about the diameter of Erdős–Rényi graphs with reductions between different types of random graphs. We further show that the efficiency of our protocol is asymptotically optimal.
The practicality of our protocol is supported by extensive simulations for different numbers of parties, weight distributions, and corruption strategies. The simulations confirm our theoretical results and show that messages are delivered quickly regardless of the weight distribution, whereas protocols that are oblivious of the parties’ weights completely fail if the weights are unevenly distributed. Furthermore, the average message complexity per party of our protocol is within a small constant factor of such a protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The probability to choose the unordered neighborhood set \(N = \{q_1 ,\dots , q_K\}\) is the sum over the probabilities of all permuted tuples.
- 2.
An attack where an adversary tricks an honest party into talking only with adversarial parties. It is thereby possible for the adversary to manipulate the honest node in various ways.
- 3.
- 4.
Note that for protocols with no secrecy (each event is leaked to the adversary), and for functionalities that give the adversary full control while respecting these properties a simulation-based security notion is directly implied by the property-based definition. For flooding networks, this technique is used in the proofs in [30].
- 5.
For a function to be an emulation function, we require that all parties should emulate at least 1 node, which is why the codomain of the function is defined to be \(\mathbb {N}{\setminus }\left\{ { 0 }\right\} \).
- 6.
This property was used in the proof of Lemma 2.
- 7.
This set may be different from the actual set of nodes that will be emulated in an execution of the protocol as dishonest parties might choose to deviate from the protocol. However, it is still useful to define the set in order to define honest behavior.
- 8.
All simulations were performed on the ETH Zurich Euler cluster, but there are no hindrances to running them on less powerful computers.
- 9.
The maximum latency observed in any of our simulations is \(9\cdot \delta _\text {Channel}\) for any succeeding run.
- 10.
The protocol \(\textsf {WOF} {:}{=}\pi _\text {Flood}(\textsf {WFS} (\texttt{E},k))\) for \(\texttt{E} (p) {:}{=}1\) corresponds to the protocol where each party simply selects \(k\) parties uniformly at random as their neighbors without taking weight into account.
References
Bitnodes.io (2022). https://bitnodes.io/. Accessed 16 Sept 2022
ethernodes.org (2022). https://ethernodes.org/. Accessed 16 Sept 2022
Abraham, I., Malkhi, D., Nayak, K., Ren, L., Yin, M.: Sync HotStuff: simple and practical synchronous state machine replication. In: IEEE Symposium on Security and Privacy, pp. 106–118. IEEE (2020)
Alangot, B., Reijsbergen, D., Venugopalan, S., Szalachowski, P., Yeo, K.S.: Decentralized and lightweight approach to detect eclipse attacks on proof of work blockchains. IEEE Trans. Netw. Serv. Manag. 18(2), 1659–1672 (2021)
Apostolaki, M., Zohar, A., Vanbever, L.: Hijacking bitcoin: Routing attacks on cryptocurrencies. In: IEEE Symposium on Security and Privacy, pp. 375–392. IEEE (2017)
Badertscher, C., Gaži, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 913–930. ACM (2018). https://doi.org/10.1145/3243734.3243848
Ben-Hamou, A., Peres, Y., Salez, J.: Weighted sampling without replacement. Braz. J. Probab. Stat. 32(3), 657–669 (2018). https://www.jstor.org/stable/26496522
Bollobás, B.: Random Graphs. Cambridge Studies in Advanced Mathematics, 2nd edn. Cambridge University Press (2001). https://doi.org/10.1017/CBO9780511814068
Chandran, N., Chongchitmate, W., Garay, J.A., Goldwasser, S., Ostrovsky, R., Zikas, V.: The hidden graph model: communication locality and optimal resiliency with adaptive faults. In: ITCS, pp. 153–162. ACM (2015)
Chandran, N., Garay, J., Ostrovsky, R.: Improved fault tolerance and secure computation on sparse networks. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 249–260. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14162-1_21
Chandran, N., Garay, J.A., Ostrovsky, R.: Almost-everywhere secure computation with edge corruptions. J. Cryptol. 28(4), 745–768 (2015)
Chen, J., Micali, S.: Algorand: a secure and efficient distributed ledger. Theor. Comput. Sci. 777, 155–183 (2019)
Coretti, S., Kiayias, A., Moore, C., Russell, A.: The generals’ scuttlebutt: byzantine-resilient gossip protocols. Cryptology ePrint Archive, Report 2022/541 (2022). https://ia.cr/2022/541
Daian, P., Pass, R., Shi, E.: Snow White: robustly reconfigurable consensus and applications to provably secure proof of stake. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 23–41. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_2
David, B., Gaži, P., Kiayias, A., Russell, A.: Ouroboros praos: an adaptively-secure, semi-synchronous proof-of-stake blockchain. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 66–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_3
Dinsdale-Young, T., Magri, B., Matt, C., Nielsen, J.B., Tschudi, D.: Afgjort: a partially synchronous finality layer for blockchains. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 24–44. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_2
Dolev, D., Strong, H.R.: Authenticated algorithms for byzantine agreement. SIAM J. Comput. 12(4), 656–666 (1983)
Dwork, C., Peleg, D., Pippenger, N., Upfal, E.: Fault tolerance in networks of bounded degree. SIAM J. Comput. 17(5), 975–988 (1988)
Fenner, T.I., Frieze, A.M.: On the connectivity of random \(m\)-orientable graphs and digraphs. Combinatorica 2(4), 347–359 (1982). https://doi.org/10.1007/BF02579431
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Garay, J.A., Ostrovsky, R.: Almost-everywhere secure computation. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 307–323. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_18
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security Symposium, pp. 129–144. USENIX Association (2015)
Jayanti, S., Raghuraman, S., Vyas, N.: Efficient constructions for almost-everywhere secure computation. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 159–183. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_6
Kermarrec, A., Massoulié, L., Ganesh, A.J.: Probabilistic reliable dissemination in large-scale systems. IEEE Trans. Parallel Distrib. Syst. 14(3), 248–258 (2003)
King, V., Saia, J., Sanwalani, V., Vee, E.: Towards secure and scalable computation in peer-to-peer networks. In: FOCS, pp. 87–98. IEEE (2006)
Liu-Zhang, C.D., Matt, C., Maurer, U., Rito, G., Thomsen, S.E.: Practical provably secure flooding for blockchains. Cryptology ePrint Archive, Paper 2022/608 (2022). https://eprint.iacr.org/2022/608
Malkhi, D., Mansour, Y., Reiter, M.K.: On diffusing updates in a byzantine environment. In: SRDS, pp. 134–143. IEEE (1999)
Malkhi, D., Pavlov, E., Sella, Y.: Optimal unconditional information diffusion. In: Welch, J. (ed.) DISC 2001. LNCS, vol. 2180, pp. 63–77. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45414-4_5
Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on ethereum’s peer-to-peer network (2018). https://eprint.iacr.org/2018/236
Matt, C., Nielsen, J.B., Thomsen, S.E.: Formalizing delayed adaptive corruptions and the security of flooding networks. In: Advances in Cryptology - CRYPTO 2022. Springer (2022, to appear)
Minsky, Y., Schneider, F.B.: Tolerating malicious gossip. Distrib. Comput. 16(1), 49–68 (2003)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Decentralized Bus. Rev. 21260 (2008)
Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: generalizing selfish mining and combining with an eclipse attack. In: EuroS &P, pp. 305–320. IEEE (2016)
Pass, R., Shi, E.: FruitChains: a fair blockchain. In: PODC, pp. 315–324. ACM (2017)
Pass, R., Shi, E.: Hybrid consensus: efficient consensus in the permissionless model. In: DISC. LIPIcs, vol. 91, pp. 39:1–39:16. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2017)
Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 3–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_1
Rohrer, E., Tschorsch, F.: Kadcast: a structured approach to broadcast in blockchain networks. In: Proceedings of the 1st ACM Conference on Advances in Financial Technologies, AFT 2019, pp. 199–213. ACM (2019). https://doi.org/10.1145/3318041.3355469
Tran, M., Choi, I., Moon, G.J., Vu, A.V., Kang, M.S.: A stealthier partitioning attack against bitcoin peer-to-peer network. In: IEEE Symposium on Security and Privacy, pp. 894–909. IEEE (2020)
Tsimos, G., Loss, J., Papamanthou, C.: Gossiping for communication-efficient broadcast. Cryptology ePrint Archive, Report 2020/894 (2020). https://ia.cr/2020/894
Upfal, E.: Tolerating a linear number of faults in networks of bounded degree. Inf. Comput. 115(2), 312–320 (1994)
Xu, G., et al.: Am I eclipsed? A smart detector of eclipse attacks for ethereum. Comput. Secur. 88, 101604 (2020)
Yagan, O., Makowski, A.M.: On the scalability of the random pairwise key predistribution scheme: gradual deployment and key ring sizes. Perform. Eval. 70(7–8), 493–512 (2013). https://doi.org/10.1016/j.peva.2013.03.001
Zhang, S., Lee, J.: Eclipse-based stake-bleeding attacks in POS blockchain systems. In: BSCI, pp. 67–72. ACM (2019)
Zheng, H., Tran, T., Arden, O.: Total eclipse of the enclave: detecting eclipse attacks from inside tees. In: IEEE ICBC, pp. 1–5. IEEE (2021)
Acknowledgements
The work was in part done while Chen-Da Liu-Zhang was at Carnegie Mellon University and Søren Eller Thomsen was at Purdue University. Chen-Da Liu-Zhang was supported in part by the NSF award 1916939, DARPA SIEVE program, a gift from Ripple, a DoE NETL award, a JP Morgan Faculty Fellowship, a PNC center for financial services innovation award, and a Cylab seed funding award.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Liu-Zhang, CD., Matt, C., Maurer, U., Rito, G., Thomsen, S.E. (2022). Practical Provably Secure Flooding for Blockchains. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13791. Springer, Cham. https://doi.org/10.1007/978-3-031-22963-3_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-22963-3_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22962-6
Online ISBN: 978-3-031-22963-3
eBook Packages: Computer ScienceComputer Science (R0)