Conference:The 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
CCF level:CCF B
Categories:Network and Information Security
Year:2024
Conference time:June 24-27, 2024
1
Title:
Byzantine Attacks Exploiting Penalties in Ethereum PoS
利用以太坊 PoS 中的惩罚机制进行拜占庭攻击
Authors:
Key words:
Ethereum, Inactivity Leak, Safety, Liveness, Blockchain
以太坊、消极惩罚、安全性、活跃度、区块链
Abstract:
In May 2023, the Ethereum blockchain experienced its first inactivity leak, a mechanism designed to reinstate chain finalization amid persistent network disruptions. This mechanism aims to reduce the voting power of validators who are unreachable within the network, reallocating this power to active validators. This paper investigates the implications of the inactivity leak on safety within the Ethereum blockchain. Our theoretical analysis reveals scenarios where actions by Byzantine validators expedite the finalization of two conflicting branches, and instances where Byzantine validators reach a voting power exceeding the critical safety threshold of one-third. Additionally, we revisit the probabilistic bouncing attack, illustrating how the inactivity leak can result in a probabilistic breach of safety, potentially allowing Byzantine validators to exceed the one-third safety threshold. Our findings uncover how penalizing inactive nodes can compromise blockchain properties, particularly in the presence of Byzantine validators capable of coordinating actions.
2023 年 5 月,以太坊区块链经历了第一次消极惩罚,这是一种旨在在持续的网络中断期间恢复链最终确定的机制。该机制旨在减少网络中无法联系的验证者的投票权,并将这种权力重新分配给活跃的验证者。本文探讨了消极惩罚对以太坊区块链内安全性的影响。我们的理论分析揭示了拜占庭验证者的行为加速两个冲突分支的最终确定的场景,以及拜占庭验证者的投票权超过三分之一关键安全阈值的情况。此外,我们重新审视了概率反弹攻击,说明了消极惩罚如何导致概率安全漏洞,可能允许拜占庭验证者超过三分之一的安全阈值。我们的研究结果揭示了惩罚不活跃节点如何损害区块链属性,特别是在存在能够协调行动的拜占庭验证者的情况下。
以太坊 PoS 区块链致力于实现最终链的持续增长。因此,协议激励验证者积极地完成区块。如果没有完成,验证者将受到惩罚。V. Buterin and V. Griffith的“Casper the friendly finality gadget”中引入的不活跃泄漏是一种重新获得最终性的机制。具体来说,如果一条链连续四个时期都没有完成最终确定,就会启动不活跃泄露惩罚。在不活跃泄漏期间,不活跃验证者的权益将被耗尽,直到活跃验证者的权益达到权益的三分之二。如果验证者未能发送证明或发送了错误的目标检查点,则在特定时期被标记为不活跃。在不活跃泄漏期间,不再向证明者提供奖励(实际上,唯一剩下的奖励是区块生产者和同步委员会),并且对不活跃的验证者施加额外的惩罚。
不活动分数是一个动态变量,它会根据验证者的活动进行调整。
被视为不活跃的验证者将受到处罚
然后,验证者可分为三类
(a)活跃验证者:他们始终处于活跃状态。
(b)半活跃验证者:他们每两个时期活跃一次。
(c)不活跃验证者:他们始终处于不活跃状态。
Pdf link:
https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a053/410500a053.pdf
2
Title:
PAROLE: Profitable Arbitrage in Optimistic Rollup with ERC-721 Token Transactions
PAROLE:利用 ERC-721 代币交易在 Optimistic Rollup 中实现套利
Authors:
Key words:
Blockchain, optimistic rollups, profitable arbitrage, mempool, non-fungible tokens
区块链、乐观rollups、有利可图的套利、内存池、非同质化代币
Abstract:
Optimistic rollup has emerged as a promising Layer 2 (L2) scaling solution for blockchain; however, its existing protocols are vulnerable to front/back-running activities, where an opportunistic rollup operator can strategically alter the transactions’ order to create an arbitrage opportunity. Specifically, in the limited edition ERC-721 standardized non-fungible tokens (NFTs), the re-ordering of transactions introduces a lucrative threat landscape due to its scarcity-driven pricing and market volatility. In this work, we introduce PAROLE, a novel attack technique on optimistic rollup systems, where an adversarial aggregator re-orders the NFT transactions in an optimal way, leveraging model-free deep reinforcement learning (DRL) to maximize the balance of a target account. We create our own NFT called the “PAROLE Token”(PT) and deploy it in the OpenSea marketplace via Optimism Goerli to validate the attack impact. Furthermore, we collect NFT snapshots from rollup mainchains to analyze the impact in real-world NFT marketplaces.
Optimistic Rollup 已成为区块链的一种有前途的 Layer 2 (L2) 扩展解决方案;然而,其现有协议容易受到前端/后端交易活动的攻击,投机取巧的 Rollup 运营商可以策略性地更改交易顺序以创造套利机会。具体来说,在限量版 ERC-721 标准化非同质化代币 (NFT) 中,由于其稀缺性驱动的定价和市场波动,交易的重新排序带来了有利可图的威胁环境。在这项工作中,我们引入了 PAROLE,一种针对 Optimistic Rollup 系统的新型攻击技术,其中对抗性聚合器以最佳方式重新排序 NFT 交易,利用无模型深度强化学习 (DRL) 来最大化目标账户的余额。我们创建了自己的 NFT,称为“PAROLE 代币”(PT),并通过 Optimism Goerli 将其部署在 OpenSea 市场中以验证攻击影响。此外,我们还从汇总主链收集 NFT 快照,以分析其对现实世界 NFT 市场的影响。
Pdf link:
https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a129/410500a129.pdf
3
Title:
ZLB: A Blockchain to Tolerate Colluding Majorities
ZLB:容忍多数人串通的区块链
Authors:
Key words:
Byzantine, State Machine Replication
拜占庭,状态机复制
Abstract:
In the general setting, consensus cannot be solved if an adversary controls a third of the system. Yet, blockchain participants typically reach consensus "eventually" despite an adversary controlling a minority of the system. Exceeding this 1/3 cap is made possible by tolerating transient disagreements, where distinct participants select distinct blocks for the same index, before eventually agreeing to select the same block. Until now, no blockchain could tolerate an attacker controlling a majority of the system. In this paper, we present Zero-Loss Blockchain (ZLB), the first blockchain that tolerates an adversary controlling more than half of the system. ZLB is an open blockchain that combines recent theoretical advances in accountable Byzantine agreement to exclude undeniably deceitful replicas. progressively reduces the portion of deceitful replicas below 1/3, and reaches consensus. Geo-distributed experiments show that ZLB outperforms HotStuff and is almost as fast as the scalable Red Belly Blockchain that cannot tolerate n/3 faults.
在一般情况下,如果对手控制了系统的三分之一,共识就无法解决。然而,尽管对手只控制了系统的少数部分,区块链参与者通常“最终”会达成共识。超过这个 1/3 上限是通过容忍短暂的分歧来实现的,即不同的参与者为同一索引选择不同的区块,然后最终同意选择同一个区块。到目前为止,没有区块链可以容忍攻击者控制系统的大多数。在本文中,我们提出了零损失区块链 (ZLB),这是第一个容忍对手控制超过一半系统的区块链。ZLB 是一个开放的区块链,它结合了可追溯拜占庭协议的最新理论进展,以排除无可否认的欺骗性副本。逐步将欺骗性副本的比例减少到 1/3 以下,并达成共识。地理分布式实验表明,ZLB 优于 HotStuff,并且几乎与无法容忍 n/3 故障的可扩展 Red Belly 区块链一样快。
Pdf link:
https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a209/410500a209.pdf
4
Title:
AOAB: Optimal and Fair Ordering of Financial Transactions
AOAB:金融交易的最优和公平排序
Authors:
Key words:
order-fairness, asynchronous atomic broadcast, optimal communication complexity, MEV
顺序公平性、异步原子广播、最优通信复杂度、MEV
Abstract:
In recent years, opportunistic traders have extracted hundreds of millions of dollars from blockchains by reordering financial transactions. The problem stems from the fact that blockchains implement a state machine replication that orders transactions in any consistent order, regardless of the order in which these transactions were received. Existing attempts at enforcing the order perceived by honest participants suffer from cyclic dependencies or message delays. In this paper, we propose the Asynchronous Ordered Atomic Broadcast (AOAB) protocol. It does not suffer from cyclic dependencies or message delays because (i) it assigns an absolute timestamp to transactions, and (ii) it tolerates unbounded message delays. Besides being the first protocol to solve this problem, AOAB is communication-optimal and resilience-optimal. In particular, AOAB makes use of threshold signatures and information dissemination to reach a communication complexity of O (nℓ+ λn2), where n is the number of processes, ℓ is the input (transaction) size and λ is the security parameter. This is optimal when ℓ≥ λn.
近年来,投机交易者通过重新排序金融交易从区块链中攫取了数亿美元。问题源于区块链实现的状态机复制,无论这些交易的接收顺序如何,它都会以任何一致的顺序对交易进行排序。现有的强制诚实参与者感知的顺序的尝试都存在周期性依赖或消息延迟的问题。在本文中,我们提出了异步有序原子广播 (AOAB) 协议。它不会受到周期性依赖或消息延迟的影响,因为 (i) 它为交易分配了绝对时间戳,并且 (ii) 它容忍无限的消息延迟。除了是第一个解决此问题的协议之外,AOAB 还是通信最佳和弹性最佳的协议。具体而言,AOAB 利用阈值签名和信息传播来达到 O (nℓ+ λn2) 的通信复杂度,其中 n 是进程数,ℓ 是输入(交易)大小,λ 是安全参数。当 ℓ≥ λn 时,这是最佳的。
Pdf link:
https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a377/410500a377.pdf
篇幅有限,下篇文章将继续分享剩余论文
关注我们,持续接收区块链最新论文
洞察区块链技术发展趋势
Follow us to keep receiving the latest blockchain papers
Insight into Blockchain Technology Trends
