Written by Dr. Vincent Gramoli (Data61-CSIRO, University of Sydney)
Consensus is a fundamental problem of distributed computing. While this problem has been known to be unsolvable, existing protocols were designed to solve consensus under various assumptions. Today, with the recent advent of blockchains, various consensus implementations were proposed to make replicas reach an agreement on the order of transactions that update the distributed ledger. However, very little work has been devoted to assessing their security level. As a result, existing protocols are sometimes misunderstood and it is often unclear whether the problems arising during their executions are due to implementation bugs or more fundamental design issues.
The proof-of-work blockchains, like Bitcoin and Ethereum, have been shown both theoretically and empirically vulnerable to double spending attacks. In one my research papers “From Blockchain Consensus Back to Byzantine Consensus” I already discussed the mainstream blockchain consensus algorithms and warned about the dangers of using these blockchains without understanding precisely the guarantees their consensus algorithm offers.
Ethereum is one of the most popular open blockchain systems thanks to the large ecosystem of distributed applications that it executes. But unfortunately, the default Ethereum protocol, called proof-of-work (PoW), is forkable because it allows distinct blocks to be appended at the same index of the chain. A fork can lead to security vulnerabilities, like double spending, when growing without being noticed.
As a result, the trend seems to reuse Byzantine fault tolerance in a new class of protocols called proof-of-authority (PoA), that aims at avoiding double spending , that has recently been integrated into the most deployed Ethereum clients, parity and geth, and is used by industries.
These Ethereum consensus algorithms, called Aura and Clique, are said to implement PoA because they restrict the creation of a block to a fixed set of authority nodes, called sealers. They aim at solving the well-known Byzantine consensus problem, where a fixed set of nodes agree on a unique block despite the presence of Byzantine nodes. PoA gives the sealers the authority to seal a block, which consists of signing cryptographically the block. This set of sealers can possibly change over time if a subset of the participants allows it, similarly to what is known as community blockchains. This PoA is an appealing alternative to PoW for industries that are not interested in spending a large amount of CPU resources in exchange of a reward expressed in a cryptocurrency but are more interested in avoiding forks to increase security.
For these reasons, PoA recently got traction in the industry. Amazon Web Services offers PoA through the Clique protocol built in geth to its customers. Industrials, like Lavaa, propose a tracking service to prevent fraud counterfeiting, that was experimented on Ethereum/Aura. They implemented a service that aims at maintaining data privacy and integrity in a multi-tenant scenario. Microsoft describes how to deploy Ethereum/Aura “in production”. They suggest Azure customers to deploy the Aura protocol across different regions to improve the availability of the service.
However, the level of security offered by PoA protocols has not been assessed yet and it has been unclear whether an attacker could violate data integrity. As the industry is building upon these protocols to use Ethereum in a consortium of institutions, it has become crucial to assess their vulnerability.
In a new paper “The Attack of the Clones Against Proof-of-Authority”, written in collaboration with colleague researchers from University of Sydney and CSIRO, we explored vulnerabilities and countermeasures of the PoA consensus protocol.
In the paper, we showed that, under specific conditions, PoA is not secure. We designed, implemented and experimented an attack, called the Cloning Attack, against both Ethereum/Aura and the Ethereum/Clique protocols that allowed to steal digital assets and proposed ways to alleviate the vulnerability.
We deployed both versions of PoA Ethereum on our private testnet and performed the Cloning Attack on both protocols. On the one hand, we found that Aura required lesser topological knowledge for a malicious sealer to achieve double spending with 100% success rate when compared to Clique. On the other hand, the attack against Clique is about twice faster but its success rate ranges from 60% to 100% depending on the topology knowledge of malicious sealers. As, a result it appears that, despite its recently introduced Byzantine fault tolerance, Ethereum remains highly vulnerable to networking attacks when used in a consortium.
In order to remedy this vulnerability, we proposed to modify these two consensus algorithms and preserve their safety guarantees. However, as a drawback, our counter-measures introduce some potential limitation to the liveness of the Clique algorithm.
As a counter-measure we propose a particularly promising protocol — the Red Belly Blockchain. It relies on the Democratic BFT that solves the Blockchain Byzantine Consensus problem. Because it does not rely on an off-the-shelf classic Byzantine consensus algorithm, the Red Belly Blockchain already scales to more than 100 consensus participants and handles a workload of more than 600 thousand transactions per second, hence tolerating a potentially much larger number of blockchain participants issuing transactions and requesting balances than other blockchains. In contrast with other large-scale blockchains, the Red Belly Blockchain achieves fast settlement (typically within 3 seconds) because it does not need any proof-of-work.
The paper “The Attack of the Clones Against Proof-of-Authority” was written by Dr. Vincent Gramoli (University of Sydney), Parinya Ekparinya (University of Sydney) and Guillaume Jourjon (Data61-CSIRO) and can be found under the following link: https://www.researchgate.net/publication/331370565_The_Attack_of_the_Clones_Against_Proof-of-Authority
Dr. Vincent Gramoli is an Associate Professor at the University of Sydney where he leads the Concurrent Systems Research Group. He is also a senior researcher at Data61-CSIRO. Prior to this, he was affiliated with INRIA, Cornell and EPFL. Vincent is the Chair of the Blockchain Technical Committee at the Australian Computer Society and a Future Fellow of the Australian Research Council.