tl;dr: Sybil attacks at the p2p layer are possible on ethv2/sharding. There are multiple ways to mitigate their effects. This post is just there to raise awareness on this subject as a part of the p2p discussions/choices.
On ethereum v1, it's not very interesting for an attacker to add a lot of nodes on the p2p network:
- supposing 20000 nodes, add 4000 Sybil nodes you control only 17% of the network
- there are not so many attacks possible, even if you control more nodes. And miners can spend a lot of time/money on their defense.
It's a little bit different with sharding:
- If we have 200 nodes + 300 validators per shard, with 4000 nodes you control ~90% of the p2p network on a chosen shard.
- slowing down the communications between the block producers and the attesters is enough to have an impact on the shard, preventing some of the block producers to receive transactions or to have their blocks accepted.
Some of the possible reasons for such attacks:
- a war a la bsv/bch with a party trying to sabotage the other (i.e. preventing it to create blocks)
- a byzantine block producer who wants to get more transactions for himself to get more fees
I ran a simulation (see here: https://github.com/ConsenSys/wittgenstein/blob/master/src/main/java/net/consensys/wittgenstein/protocol/P2PFlood.java) with 500 real nodes, 4000 byzantine nodes and 13 peers: on average the bloc producers will reach ~280 of the honest nodes out of the 500:
The easy workaround is to have more peers. With a minimum of 50 peers we reach nearly all honest nodes:
The impact on the timing is more complicated to estimate. If we consider (it's highly speculative) that we need 500ms to validate a block and we contact the peers one after another, with 300ms per peer we have the graph below. After 8 seconds you reach only 60 honest nodes out of 500. (this with 50 peers min. If you have only 13 peers per node you reach ~15 honest nodes in 8 seconds.)
On the workaround list:
- Another option for the block producer is to contact all nodes it can once it has generated the block (eg. there is no reason to contact only 13 peers: the block producer should send its block to as many nodes it can during slot_time /2).
- Having multiple block producers (a la dfinity) could also make this attack less interesting for an external attacker.
- Lastly, obviously this attack is easy to detect, so client-side configuration (like hardcoding some of peers known as honest) helps a lot (but it's less a trustless system in this case).
tl;dr: Sybil attacks at the p2p layer are possible on ethv2/sharding. There are multiple ways to mitigate their effects. This post is just there to raise awareness on this subject as a part of the p2p discussions/choices.
On ethereum v1, it's not very interesting for an attacker to add a lot of nodes on the p2p network:
It's a little bit different with sharding:
Some of the possible reasons for such attacks:
I ran a simulation (see here: https://github.com/ConsenSys/wittgenstein/blob/master/src/main/java/net/consensys/wittgenstein/protocol/P2PFlood.java) with 500 real nodes, 4000 byzantine nodes and 13 peers: on average the bloc producers will reach ~280 of the honest nodes out of the 500:
The easy workaround is to have more peers. With a minimum of 50 peers we reach nearly all honest nodes:
The impact on the timing is more complicated to estimate. If we consider (it's highly speculative) that we need 500ms to validate a block and we contact the peers one after another, with 300ms per peer we have the graph below. After 8 seconds you reach only 60 honest nodes out of 500. (this with 50 peers min. If you have only 13 peers per node you reach ~15 honest nodes in 8 seconds.)
On the workaround list: