-
The Attack of the Clones Against Proof-of-Authority
Authors:
Parinya Ekparinya,
Vincent Gramoli,
Guillaume Jourjon
Abstract:
In this paper, we explore vulnerabilities and countermeasures of the recently proposed blockchain consensus based on proof-of-authority. The proof-of-work blockchains, like Bitcoin and Ethereum, have been shown both theoretically and empirically vulnerable to double spending attacks. This is why Byzantine fault tolerant consensus algorithms have gained popularity in the blockchain context for thei…
▽ More
In this paper, we explore vulnerabilities and countermeasures of the recently proposed blockchain consensus based on proof-of-authority. The proof-of-work blockchains, like Bitcoin and Ethereum, have been shown both theoretically and empirically vulnerable to double spending attacks. This is why Byzantine fault tolerant consensus algorithms have gained popularity in the blockchain context for their ability to tolerate a limited number t of attackers among n participants. We formalize the recently proposed proof-of-authority consensus algorithms that are Byzantine fault tolerant by describing the Aura and Clique protocols present in the two mainstream implementations of Ethereum. We then introduce the Cloning Attack and show how to apply it to double spend in each of these protocols with a single malicious node. Our results show that the Cloning Attack against Aura is always successful while the same attack against Clique is about twice as fast and succeeds in most cases.
△ Less
Submitted 24 September, 2019; v1 submitted 26 February, 2019;
originally announced February 2019.
-
Double-Spending Risk Quantification in Private, Consortium and Public Ethereum Blockchains
Authors:
Parinya Ekparinya,
Vincent Gramoli,
Guillaume Jourjon
Abstract:
Recently, several works conjectured the vulnerabilities of mainstream blockchains under several network attacks. All these attacks translate into showing that the assumptions of these blockchains can be violated in theory or under simulation at best. Unfortunately, previous results typically omit both the nature of the network under which the blockchain code runs and whether blockchains are privat…
▽ More
Recently, several works conjectured the vulnerabilities of mainstream blockchains under several network attacks. All these attacks translate into showing that the assumptions of these blockchains can be violated in theory or under simulation at best. Unfortunately, previous results typically omit both the nature of the network under which the blockchain code runs and whether blockchains are private, consortium or public. In this paper, we study the public Ethereum blockchain as well as a consortium and private blockchains and quantify the feasibility of man-in-the-middle and double spending attacks against them. To this end, we list important properties of the Ethereum public blockchain topology, we deploy VMs with constrained CPU quantum to mimic the top-10 mining pools of Ethereum and we develop full-fledged attacks, that first partition the network through BGP hijacking or ARP spoofing before issuing a Balance Attack to steal coins. Our results demonstrate that attacking Ethereum is remarkably devastating in a consortium or private context as the adversary can multiply her digital assets by 200, 000x in 10 hours through BGP hijacking whereas it would be almost impossible in a public context.
△ Less
Submitted 13 May, 2018;
originally announced May 2018.
-
A Delay-Tolerant Payment Scheme Based on the Ethereum Blockchain
Authors:
Yining Hu,
Ahsan Manzoor,
Parinya Ekparinya,
Madhusanka Liyanage,
Kanchana Thilakarathna,
Guillaume Jourjon,
Aruna Seneviratne,
Mika E Ylianttila
Abstract:
Banking as an essential service can be hard to access in remote, rural regions where the network connectivity is intermittent. Although micro-banking has been made possible by SMS or USSD messages in some places, their security flaws and session-based nature prevent them from a wider adoption. Global level cryptocurrencies enable low-cost, secure and pervasive money transferring among distributed…
▽ More
Banking as an essential service can be hard to access in remote, rural regions where the network connectivity is intermittent. Although micro-banking has been made possible by SMS or USSD messages in some places, their security flaws and session-based nature prevent them from a wider adoption. Global level cryptocurrencies enable low-cost, secure and pervasive money transferring among distributed peers, but are still limited in their ability to reach more people in remote communities.
We proposed to take advantage of the delay-tolerant nature of blockchains to deliver banking services to remote communities that only connect to the broader Internet intermittently. Using a base station that offers connectivity within the local area, regular transaction processing is solely handled by blockchain miners. The bank only joins to process currency exchange requests, reward miners and track user balances when the connection is available. By distributing the verification and storage tasks among peers, our system design saves on the overall deployment and operational costs without sacrificing the reliability and trustwor- thiness. Through theoretical and empirical analysis, we provided insights to system design, tested its robustness against network disturbances, and demonstrated the feasibility of implementation on off-the-shelf computers and mobile devices.
△ Less
Submitted 30 January, 2018;
originally announced January 2018.