An eclipse attack is a network-level attack on a blockchain, where an attacker essentially takes control of the peer-to-peer network, obscuring a node’s view of the blockchain.
In a new paper titled “Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network,” Sharon Goldberg, an associate professor at Boston University; Ethan Heilman, a Ph.D. candidate at Boston University; and Yuval Marcus, a researcher at the University of Pittsburgh, describe a way to carry out an eclipse attack on the Ethereum network.
(The researchers disclosed their attacks to Ethereum on January 9, 2018, and Ethereum developers have already issued a patch — Geth v1.8.1 — to fix the network.)
In speaking with Bitcoin Magazine, Goldberg explained the research, how it compares to Bitcoin eclipse attacks and why she thinks the work is important.
First, she emphasized that working with Ethereum developers to fix the vulnerability was a smooth process. “It was a very functional, easy disclosure,” she said.
In an email to Bitcoin Magazine, Martin Holst Swende, security lead at Ethereum Foundation — the nonprofit that oversees the development of Ethereum — explained that the recent Geth patch contains several modifications to the peer-to-peer layer and does not affect consensus-critical code. Users need not be concerned because “an eclipse-attack is a targeted attack against a specific victim,” he wrote, adding, “Nevertheless, we recommend all users to upgrade to 1.8.1.”
Splitting the Network
As in Bitcoin, a node on the Ethereum network relies on connections to its peers to get a full view of the network. In an eclipse attack, an attacker takes control of all the connections going to and from a targeted victim’s node. This way, an attacker prevents that victim from obtaining full information about other parts of the network.
People often think of an eclipse attack as a way to co-opt the mining power of the network around consensus, but an eclipse attack is particularly useful in a double-spend attack. A payee can send coins for a transaction and use the eclipse attack to prevent the receiver from learning that those same coins were used in another transaction in another part of the network.
Goldberg and Heilman, along with two other researchers, published the first paper on eclipse attacks on the Bitcoin network three years ago. Working with a new intern (Marcus), they wanted to explore the same type of attacks on Ethereum. “We were curious how it compared to Bitcoin,” Goldberg said.
Goldberg described launching an eclipse attack on Ethereum as “totally different” to launching one on Bitcoin. To pull off an eclipse attack on Bitcoin, an adversary needs to control a large number of IP addresses (machines) to monopolize the connections going to and from a victim’s node. This makes it a very costly attack in Bitcoin.
In contrast, researchers were able to launch similar attacks in Ethereum using just one or two machines, making eclipse attacks on Ethereum a lot stronger than those on Bitcoin. “That part surprised me a little bit,” she said.
So how big of a deal is this? “It is hard to know,” Goldberg said in explaining that what keeps the bar high in launching this type of attack in Ethereum is not the difficulty of the attack but rather the lack of understanding around how the Ethereum peer-to-peer network works. As Goldberg noted, the Ethereum network is “largely undocumented.”
Just as in the earlier work on the Bitcoin network, in working on Ethereum, the researchers had to reverse engineer the protocol based on the code and write their own parsers from packets, so everything was done from scratch. “It is difficult to do that work, and it takes a while,” said Goldberg.
At first glance, Ethereum appears to be more resilient to eclipse attacks. While Bitcoin nodes make only eight outgoing TCP connections to form the gossip network that propagates transactions and blocks, Ethereum nodes make 13. And while Ethereum’s peer-to-peer network uses a secure encrypted channel, Bitcoin’s network does not.
But, as it turns out, Ethereum was actually easier to attack mainly because while Bitcoin relies on an unstructured network where nodes form random connections with each other, Ethereum relies on a structured network based on a protocol called Kademlia, which is designed to allow nodes to connect to other nodes more efficiently.
Nodes in Ethereum’s peer-to-peer network are identified by their public key. Remarkably, Ethereum versions (prior to Geth v1.8.1) allowed a user to run an unlimited number of nodes, each with a different public key, from the same machine with the same IP address.
By using a key generation algorithm, an attacker could create an unlimited number of node IDs (identifiers on the peer-to-peer network) very quickly. Worse, an attacker could even create node IDs in a way that made them more attractive to the victim than a…