What is an eclipse attack?
An eclipse attack is a method of attacking a decentralized network by which an attacker attempts to isolate and attack one or more specific users, rather than attacking the entire network.
In this article will explain how some of the features of Ethernet, including its uncle block mechanism, make it more vulnerable to such attacks.
Data structure in the blockchain
A blockchain is a decentralized protocol that distributes databases across multiple nodes in its network to create consensus mechanisms for past, current and future transactions. The data structure in a blockchain is represented as blocks.
In a decentralized blockchain network, participants agree on what is correct, rather than a central authority. The blockchain is also transparent and immutable, all network participants can see what is happening on the network, and transaction dates cannot be changed except through an agreed upon mechanism.
Types of blocks in the Bitcoin blockchain
A Genesis block is the first block of any blockchain that is the basic starting point of the system and is linked to all future transactions. The world’s first creation block was created by Satoshi Nakamoto, and in the process, he created Bitcoin.
The existence of a Genesis block allows the blockchain to generate its transaction history by allowing a newly created block to be associated with previous blocks. In addition, Genesis blocks have an important function in synchronizing network nodes – they must all have the same Genesis blocks in their databases. This ensures that the blockchain’s distributed transaction book is the same for everyone, thus providing security.
Main Chain Blocks
Masterchain blocks are all blocks that are verified and contained in the blockchain. In order to achieve this, blocks must be agreed upon by the network through the nodes solving their assigned cryptographic puzzles. Once the network reaches consensus, the block is contained in the blockchain and propagated by all nodes. In this way, each node of the network has a new block and serves as a validation point for it.
Each valid block internally contains a series of transactions that are verified with that block. For example, in Bitcoin, each valid block carries an average of 2100 transactions. Each transaction in a valid block is validated.
All valid blocks continue to validate previous transactions, fully protecting all blocks and transactions on the network. Of course, each valid block contains a data structure that allows validation. This structure includes the block’s hash, its timestamp, its nunco and its block transaction data. The process of searching for candidate solutions is called mining, and the nodes involved are called miners. Each miner that generates a valid solution to the block’s cryptographic puzzle becomes the leader and is allowed to identify the set of unconfirmed transactions. They are then appended to the block chain.
Orphan or stale blocks are valid blocks that are not part of the blockchain. They can be created when two miners verify blocks almost simultaneously, or when an attacker with sufficient hashing power tries to reverse a transaction. In these cases, the network consensus protocol will come into play to determine which blocks will be included in the chain and which will be isolated.
In effect, a blockchain network is programmed to always favor the longest blockchain. That is, it will choose the blocks that contain more information or processed transactions. In the Bitcoin blockchain, orphaned blocks are discarded and the work performed by miners is useless.
Furthermore, it is due to this type of block that most exchanges and some wallets will automatically wait for additional confirmations before making funds available. They do this by counting how many blocks have been mined between the transaction the user is receiving and the current block.
eth.syncing.highestBlock -eth.getTransaction(” “).blockNumber
How are blocks validated?
Blockchain systems use the Merkle tree data structure, which makes them (in theory) immutable.Merkle trees were patented by Ralph Merkle in 1979 and are widely used in cryptography.Merkle trees are a basic method for verifying that shared data has not been changed, corrupted or altered, and are well suited for blockchains because they are lightweight. For example, due to Bitcoin’s Merkle tree structure, a user’s mobile wallet does not need to download all Bitcoin transactions to verify them.
Each transaction in a given block corresponds to a leaf in the Merkle tree, and the Merkle root is constructed by hashing individual transactions recursively.
The transactions (leaves) are hashed to create additional leaf nodes that may correspond to transactions in the blockchain network. Although Merkle trees can be created from a large number of transactions, the Merkle root always corresponds to a 32-byte or 256-bit string (e.g., the SHA256 hashing algorithm always outputs a fixed length of 32 bytes, regardless of the size of the input). In this way, we can use data as small as 32 bytes to verify up to thousands of transactions.
Depending on the case, any change, no matter how small, would prevent the verification of the Merkle root and invalidate part or all of the blockchain’s history.
Block types in the Ether blockchain
One difference between Ether and Bitcoin is that it has a faster block creation mechanism that is designed to speed up the transaction process. However, when the time interval between block generation is very short (about 15 seconds), a large number of orphan blocks are created because it is inefficient to include all these blocks in the blockchain.
This leads to the problem of miners wasting time working on blocks with no reward. To solve this problem, the developers of EtherChannel introduced the GHOST protocol.
GHOST stands for Greedy Heaviest Observed Subtree, and the concept is simple. It rewards miners who validate orphaned blocks, albeit with lower rewards than standard blocks. In order to release the reward, the block must be referenced by a block in the main chain – or an uncle block.
Another advantage of this mechanism is that it solves the problem of network centralization. When blocks are created quickly, large mining pools can easily monopolize block validation, leading smaller competitors to create countless useless orphan blocks.
Block types in the Ethernet blockchain
There are two types of blocks in the ethereum blockchain:
A main-chain block is a block contained in the Ethernet blockchain. Miners who discover it will be rewarded.
Uncle blocks are blocks that are authenticated but not contained in the main blockchain. Miners are thus paid less than valid blocks.
Imagine that two miners in different parts of the world mine the same block at the same time. They then spread their blocks throughout the network. This may create disagreements in the chain, so one must be chosen, and the larger block always wins. Blocks that are not selected will become orphans (in Bitcoin) or uncles (in Ether). Unlike Bitcoin, Ether miners will receive a 1/8th full block bonus to mine the uncle block.
How the uncle block bonus works
Miners of main chain blocks can refer to uncle blocks, and when they do so, an additional reward is distributed to miners of main chain blocks and miners of uncle blocks. Each block contained in the main chain can reference up to two uncle blocks and provide a full block bonus of 1/32 for each referenced uncle block. However, the payout to miners decreases over time.
By guaranteeing compensation for wasted computational work and by making the reward diminish over time, miners on competing chains have an incentive to rejoin the main chain. These uncle blocks contribute to chain security and also reduce the probability of attack by 51%.
In an ethereum mining pool, they can be distributed in a variety of ways :
Proportional payment scheme
In this simple scheme, miners will be rewarded according to the number of shares submitted in the time interval between two blocks discovered by the pool. Thus, a block reward B will be distributed among the N miners in the pool based on the shares they each submit.
Pay Per Last N Shares (PPLNS)
(PPLNS) plan distributes rewards in proportion to the most recently submitted N shares.
Queue-based payment plans
Ethpool3 is the first ethereum mining pool to introduce a queue-based reward mechanism. Under this mechanism, miners accrue credit for each share submitted to the pool operator. Each time a full block is mined by the pool, the block reward is distributed to the miner with the highest accumulated credit balance in the pool. The top miners then reset their credit balance to the difference between themselves and the second highest credit balance in the pool.
The referencing relationship creates an additional casting reward that is 1/32 of the full block reward for regular block owners and (8 – i)/8 for uncle blocks. The variable i ranges from 1 to 6, depending on the height of the referenced block.
In addition to optimizing the structure of the blockchain, Ether has two other security improvements. One is the random tie-breaking rule. Instead of accepting the first chain received, a node randomly chooses a chain among all the chains of the same length received. the number of γ is no longer fixed and is equal to the reciprocal of the number of competing chains. Another goal is to dispense with the uncle-block mining strategy.
Uncle blocks and eclipse attacks
How does an eclipse attack work?
Eclipse attacks require the attacker to control a botnet of host nodes (each with its own IP address) and compute the victim’s neighboring nodes, essentially through iterative trials. The effort required to achieve this goal depends on the size and nature of the network, but if successful, the attacker will take control of all connected nodes after the victim logs off and rejoins the network.
In this scenario, there are three participants – the attacker, the victim, and an honest node. If the victim discovers a block, the attacker will not propagate this block to the network. If the attacker discovers a block, they share it with the victim. In this way, the attacker creates a private block chain for himself and the obscured node.
In this way, the attacker can gain 96.4% more than honest mining. Eclipse attacks are possible because in a decentralized network, a node cannot connect to all other nodes on the network at the same time. Instead, for efficiency, a given node will connect to a selected set of other nodes that are connected to their own selected group in turn. As a result, an eclipse attack can be launched using only two computers with unique IP addresses.
Ethernet relies on a structured network based on a protocol called Kademlia, which is designed to allow nodes to connect to other nodes more efficiently. By using a key generation algorithm, an attacker can very quickly create an unlimited number of node IDs (identifiers on a peer-to-peer network). Even worse, attackers can even create node IDs that make them more attractive to victims than random node IDs, essentially drawing victims to them.
There are three features of Ether that could make it vulnerable to eclipse attacks. First, rapid block creation creates an endless supply of loose blocks, indirectly violating the interests of honest miners by increasing the supply of ethereum. Second, the unclear block mechanism means that nodes can profit from these blocks. Third, Ether’s enhanced node connectivity provides an incentive for attackers.
A witch attack in computer security is an attempt by a person to take over a network by creating multiple identities/accounts/nodes on the same network that appear to be different unique identities to other participants in that network. The motivation behind a witch attack is to undermine authority/power in a reputation system. To understand this in simpler terms – the goal is to get the majority of the network to perform processes in the network according to the needs of the individual causing this attack (inconsistent with the rule set within the network). Let’s understand this better through a real-world situation that has caused a lot of tension, but that will help make the concept easier, unlike the situation it was created for.
Now, before delving into how blockchain relates to witch attacks and how to stop them, a brief overview of how the name witch was chosen. the book “The Witch” was published in 1973. It was about a woman named Sybil Dorsett, who was being treated by psychoanalyst Cornelia B. Wilbur for dissociative identity disorder, also known as multiple personality disorder. Because of the similarity of the concept, Brian Zill of Microsoft Research suggested the name Sybil Attack.
The blockchain network is a system that is very vulnerable to attack. A blockchain network consists of different nodes that use consensus algorithms such as Proof of Work (PoW) to reach a conclusion as to whether the block to be added is correct or not. Since consensus requires that a majority of people agree on the authenticity of a block, it is required that these nodes are not controlled by a single entity, which prevents the addition of faulty nodes. This is where the Sybil attack comes in: if an attacker creates enough false identities, the attacker can defeat honest nodes from the network. In this case, it is even possible to change the order of transactions; but managing such a large amount of computing power is considered almost impossible.
To prevent witch attacks on blockchain networks, different consensus algorithms are used, such as Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS). While they do not directly stop witch attacks, they make it almost impossible for an attacker to carry out a witch attack. The common concept behind these consensus algorithms is the cost attached to creating an identity in the network. For example, in a proof-of-work (PoW) consensus algorithm, users must perform a series of difficult calculations before only they can add blocks. An attacker trying to flood the network with a large number of fake identities would have to solve a corresponding number of calculations, spending money in the computational cycle and making the attack more difficult and inefficient. This is what limits attackers from flooding and taking over the network.
The first step in a vampire attack is to encourage a liquidity provider on another platform to pledge their LP tokens (representing the liquidity provided) to a new platform.
In the case of Sushi, Uniswap’s liquidity providers were incentivized to place their LP tokens on SushiSwap so that they could receive additional rewards paid in SUSHI tokens. sushiSwap started with a rather aggressive issuance plan for SUSHI tokens – -The idea of involving multiple DeFi communities has been successfully adopted by Yam and reused by SushiSwap reused.
Once the protocol has attracted enough liquidity, the next step in the vampire attack is to migrate the pledged LP tokens to a new platform. This allows a new platform to use the migrated liquidity for its own automated market maker, stealing not only liquidity, but also trading volume and users from the first platform.
Liquidity is essentially siphoned off from the first platform and transferred to the second, hence the name “vampire attack”.
Speaking of Sushi, this is where Sushi’s MasterChef contract comes into play. once triggered, the MasterChef contract is able to migrate LP tokens from Uniswap to Sushiswap, essentially stealing the liquidity from Uniswap. Once the liquidity is transferred, it can be immediately used for transactions on SushiSwap.
To encourage liquidity providers to participate in the migration, so some additional incentives are planned. First, the SUSHI liquidity mining program will continue after the migration, but with reduced emissions (100 SUSHI per block). Most importantly, those who decide to hold SUSHI tokens instead of selling them will receive a large transaction fee from SushiSwap.
At the end of a successful vampire attack, a new protocol should theoretically be able to capture a significant amount of liquidity, users and trading volume from the original project.
This is essentially the plan for a vampire attack.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/what-are-the-eclipse-attacks-witch-attacks-and-vampire-attacks/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.