Public Blockchains Proof-of-Work Consortium & Private - - PowerPoint PPT Presentation

Ekparinya et al, "The Attack of the Clones against PoA" Page 1

The Attack of the Clones against Proof-of-Authority

Parinya Ekparinya Vincent Gramoli Guillaume Jourjon

1200 × 700

Ekparinya et al, "The Attack of the Clones against PoA" Page 2

Public Blockchains Proof-of-Work Consortium & Private Blockchains

Ekparinya et al, "The Attack of the Clones against PoA" Page 3

Public Blockchains Proof-of-Work Consortium & Private Blockchains Proof-of-Authority

Ekparinya et al, "The Attack of the Clones against PoA" Page 4

Ekparinya et al, "The Attack of the Clones against PoA" Page 5

Ekparinya et al, "The Attack of the Clones against PoA" Page 6

Why Proof-of-Authority (PoA)?

Ekparinya et al, "The Attack of the Clones against PoA" Page 7

Why Proof-of-Authority (PoA)?

Ekparinya et al, "The Attack of the Clones against PoA" Page 8

Why Proof-of-Authority (PoA)?

Ekparinya et al, "The Attack of the Clones against PoA" Page 9

Why Proof-of-Authority (PoA)? BFT

Ekparinya et al, "The Attack of the Clones against PoA" Page 10

Why Proof-of-Authority (PoA)? BFT

Ekparinya et al, "The Attack of the Clones against PoA" Page 11

The Cloning Attack => Double-spending

$ 10 $ 10

Ekparinya et al, "The Attack of the Clones against PoA" Page 12

The Cloning Attack => Double-spending

$ 10 $ 10

SAME TOKENS!!

Ekparinya et al, "The Attack of the Clones against PoA" Page 13

Q: How is it possible to double spend on PoA/Ethereum?

Ekparinya et al, "The Attack of the Clones against PoA" Page 14

N1 N2 N3 N4 N5 Sealers

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 15

N1 N2 N3 N4 N5 Sealers

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 16

1

N1 N2 N3 N4 N5 Sealers Blocks

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 17

1 2

N1 N2 N3 N4 N5 Sealers Blocks

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 18

1 2

N1 N2 N3 N4 N5 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 19

1 2 3

N1 N2 N3 N4 N5 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 20

1 2 3

N1 N2 N3 N4 N5 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40 Decided

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 21

1 2 3 4

N1 N2 N3 N4 N5 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 22

1 2 3 4 5

N1 N2 N3 N4 N5 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 23

1 2 3 4 5 6

N2 N3 N4 N5 N1 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 24

1 2 3 4 5 6

N3 N4 N5 N1 N2 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

ZZz

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 25

1 2 3 4 5 6 7

N4 N5 N1

…

N2 N3 Sealers Blocks Time (s) 5 10 15 20 25 30 35 40

ZZz

Decided

The Modus Operandi of AuRa

Ekparinya et al, "The Attack of the Clones against PoA" Page 26

7

N3

…

Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 27

N5 N2 Group B Sealers Group B Blocks

7

N4 N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 28

N5 N2 Group B Sealers Group B Blocks

7 8

N4 N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 29

8

N5 N2 Group B Sealers Group B Blocks

7 8

N4 N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 30

8

N5 N2 Group B Sealers Group B Blocks

7 8 9

N4 N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 31

8 9

N5 N2 Group B Sealers Group B Blocks

7 8 9

N4 N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 32

8 9

N5 N2 Group B Sealers Group B Blocks

7 8 9 10

N4 N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75

Ekparinya et al, "The Attack of the Clones against PoA" Page 33

8 9

N5 N2 Group B Sealers Group B Blocks

7 8 9 10 11

N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75 N4

Ekparinya et al, "The Attack of the Clones against PoA" Page 34

8 9 10

N2 Group B Sealers Group B Blocks

7 8 9 10 11

N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75 N4 N5

Ekparinya et al, "The Attack of the Clones against PoA" Page 35

8 9 10

N2 Group B Sealers Group B Blocks

7 8 9 10 11

N1

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75 N4 N5

Ekparinya et al, "The Attack of the Clones against PoA" Page 36

N2 Group B Sealers Group B Blocks

7 8 9 10 11

…

N3 Group A Sealers Group A Blocks Time (s) 40 45 50 55 60 65 70 75 N4 N5

12

N1

Ekparinya et al, "The Attack of the Clones against PoA" Page 37

Block decision duration network partition

– Since decision requires strictly more than half, only one partition may decide blocks Can decide a block

Ekparinya et al, "The Attack of the Clones against PoA" Page 38

Block decision duration network partition

– Since decision requires strictly more than half, only one partition may decide blocks Can decide a block

Ekparinya et al, "The Attack of the Clones against PoA" Page 39

Ekparinya et al, "The Attack of the Clones against PoA" Page 40

If one sealer become malicious

– A malicious sealer creates a clone to participate in both partitions!! – If n = 9, both partitions contain 5 sealers, therefore both may decide a block!! Can decide a block Can decide a block Malicious sealer Clone sealer

Ekparinya et al, "The Attack of the Clones against PoA" Page 41

The Cloning Attack

Ekparinya et al, "The Attack of the Clones against PoA" Page 42

The Cloning Attack

Ekparinya et al, "The Attack of the Clones against PoA" Page 43

The Cloning Attack

Ekparinya et al, "The Attack of the Clones against PoA" Page 44

The Cloning Attack

Ekparinya et al, "The Attack of the Clones against PoA" Page 45

The Cloning Attack

Ekparinya et al, "The Attack of the Clones against PoA" Page 46

Ekparinya et al, "The Attack of the Clones against PoA" Page 47

Ekparinya et al, "The Attack of the Clones against PoA" Page 48

Ekparinya et al, "The Attack of the Clones against PoA" Page 49

Ekparinya et al, "The Attack of the Clones against PoA" Page 50

Ekparinya et al, "The Attack of the Clones against PoA" Page 51

Ekparinya et al, "The Attack of the Clones against PoA" Page 52

Countermeasure

– The algorithm will be more resistant to the attack if it requires strictly more than two- thirds to decide a block as shown in the illustration below with n = 9 sealers. Cannot decide a block Cannot decide a block

Ekparinya et al, "The Attack of the Clones against PoA" Page 53

Key takeaways

– With the attack of the Clones, it is possible to double spend in PoA/Ethereum. – Provided sufficient network partition duration, the attacker can double spend with 100% success rate. – To promote safety property in PoA/Ethereum: the higher number of required sealers, the higher resistance against the attack. – The attack applies as well to Clique. The details can be found in paper. – We exchanged with the security experts of geth and parity. The developers of xDai have already took this attack into account in their POSDAO consensus algorithm.