How Ethereum’s Uncle Block Mechanism Could Raise the Chance of an Eclipse Attack
What is an eclipse attack?
An eclipse attack is a means of attacking a decentralized network through which an attacker seeks to isolate and attack a specific user or users rather than attack the whole network.
In this article, I will explain how some features of Ethereum, including its uncle block mechanism, could make it more vulnerable to this kind of attack.
Data structure in Blockchain
A blockchain is a decentralized protocol that distributes a database across a number of nodes in its network, establishing a consensus mechanism for past, current and future transactions. The data structure in a blockchain is represented as blocks.
In a decentralized blockchain networks, participants agree on what is true instead of a central authority. Blockchains are also transparent and immutable, all network participants can see what is happening on the network, and transaction dates cannot be altered unless by an agreed-upon mechanism.
Types of blocks in the Bitcoin blockchain
The genesis block is the first block of any blockchain, the block is the fundamental starting point of the system and is linked to all future transactions. The world’s first genesis block was created by Satoshi Nakamoto, and in doing so he created Bitcoin.
The presence of a genesis block enables a blockchain to generate its transaction history by allowing newly created blocks to be associated with previous blocks. In addition, the genesis block has an important function in synchronizing the nodes of the network — they must all have the same genesis block in their databases. This ensures that the blockchain’s distributed transaction book is the same for everyone, providing security.
Main chain blocks
Main chain blocks are all those blocks that have been verified and included in a blockchain. To achieve this, a block must achieve consent from the network by having its assigned cryptographic puzzle solved by a node. Once the network has reached consensus, the block is included in the blockchain and propagated by all nodes. In this way, each node of the network has the new block and serves as a verification point for it.
Each valid block carries within it a series of transactions that are validated together with that block. For example, in Bitcoin, each valid block carries an average of 2100 transactions. Each transaction in a valid block is confirmed.
All valid blocks continue to confirm previous transactions, fully securing all blocks and transaction on the network. Of course, each valid block comprises a data structure allowing verification. The structure includes the block’s hash, its timestamp, its nuncio, and its block transaction data. The process of searching for solution candidates is called mining, with participating nodes being referred to as miners. Each miner that generates a valid solution to a block’s cryptographic puzzle becomes the leader and is allowed to determine the set of unconfirmed transactions. These are then appended to the blockchain
Orphan — or stale — blocks are valid blocks that are not part of a blockchain. These can be created when two miners authenticate blocks at almost the same time, or when an attacker with sufficient hash power tries to reverse a transaction. In these cases, the network consensus protocol comes into play to decide which block will be included in the chain and which will be orphaned.
In reality, a blockchain network is programmed to always favor the longest blockchain. That is, it will choose the block that contains more information or processed transactions. In the Bitcoin blockchain, the orphan block is discarded, and work performed by the miner is useless.
Additionally, it is because of this type of block that most exchanges and some wallets will automatically wait for additional confirmations before making funds available. They do this by calculating how many blocks were mined between the transaction you are receiving and the current block.
>eth.syncing.highestBlock −eth.getTransaction(“ “).blockNumber
How are blocks verified?
Blockchain systems function with a Merkle tree data structure, which makes them immutable (in theory). Merkle trees were patented by Ralph Merkle in 1979, the year I was born, and are widely used in cryptography. A Merkle tree is a basic way to verify that shared data was not changed, damaged or altered, and is well-suited to blockchains because it is lightweight. For example, thanks to the Merkle tree structure of Bitcoin, a user’s mobile wallet doesn’t need to download all Bitcoin transactions to validate them.
Each transaction in a given block corresponds to a leaf in the Merkle tree, and the Merkle root is built recursively from these by hashing individual transactions.
Pairs of transactions (leaves) are hashed to create additional leaf nodes that may correspond to transactions in the blockchain network. Although a Merkle tree can be created from a large number of transactions, the Merkle root always corresponds to a 32-byte or 256-bit string (the SHA256 hashing algorithm, for instance, always outputs a fixed length of 32-bytes, regardless of the size in the input). In this way, we can use something as small as 32-bytes to verify as many as thousands of transactions.
Any alteration, no matter how minimal, prevents the verification of the Merkle root, and invalidates part of or all history of the blockchain, according to the case.
Types of blocks in the Ethereum Blockchain
One of the ways that Ethereum differs to Bitcoin is that it has a faster block creation mechanism, designed to speed up the transaction process. However, when the time interval between block generation is very short (about 15 seconds), an enormous number of orphan blocks can be created, because it is inefficient to include all of these blocks in the blockchain.
This caused an issue of miners wasting time working on blocks for no reward. To solve this, Ethereum’s developers launched the GHOST protocol.
GHOST stands for Greedy Heaviest Observed Subtree,and the concept is simple. It rewards miners that validate orphan blocks, although the reward is lower than for standard ones. In order to release a reward, the block must be referenced by a block from the main chain — or an uncle block.
An additional advantage of this mechanism is to resolve the problem of network centralization. When blocks are created quickly, it is easy for a large mining pool to monopolize block validation, causing smaller competitors to create an endless amount of useless orphan blocks.
Types of Blocks in Ethereum Blockchain
There are two types of blocks in Ethereum blockchain:
A main chain block is a block that included in the Ethereum blockchain. A miner that finds it is rewarded.
An uncle block is a block that is authenticated but does not get included in the main blockchain. The miner gets a lower reward for this than a valid block.
Imagine that two miners in different part of the world mine the same block at the same time. They then propagate their blocks across the network. This creates a possible divergence in the chain, so one must be chosen — and the larger block will always win. The unselected block becomes an orphan (in Bitcoin) or an uncle (in Ethereum). Unlike with Bitcoin, an Ethereum miner will receive 1/8 of a full block reward for mining an uncle block.
How uncle block rewards work
Miners of main chain blocks can reference uncle blocks, and when they do, an additional reward is distributed to both the miner of the main chain block and the miner of the uncle block. Each block included in the main chain can reference up to two uncle blocks and give 1/32 of a full block reward per referenced uncle. However, the reward paid to the miner of the uncle block diminishes over time.
By guaranteeing reimbursement for what would otherwise be wasted computational effort, and by making that reward diminish over time, miners on competing chains are motivated to rejoin the main chain. These uncle blocks contribute to chain security and also reduce the probability of 51% attacks.
In Ethereum mining pools, can be distributed in a number of ways:
Proportional Payout Scheme
In this simple scheme, a miner is rewarded proportionally to the number of shares submitted in the time interval between two blocks found by the pool. Consequently, a block reward B is split between the N miners in the pool based on their respective number of shares submitted.
The (PPLNS) scheme distributes a reward proportional to the last N shares that have been submitted.
Queue-based Payout Scheme
Ethpool3 was the first Ethereum mining pool to introduce a queue-based reward scheme. Under this scheme, miners accumulate credits for each share submitted to the pool operator. Each time a full block is mined by the pool, the block reward is allocated to the miner in the pool with the highest accumulated credit balance. The top miner then has their credit balance reset to the difference between their own and the second highest credit balance in the pool.
The referenced relationship creates an extra mint reward, 1/32 of a full block reward for the regular block owner and (8 − i)/8 for the uncle. The variable i ranges from 1 to 6 according to the block-height of the reference.
Besides refining the structure of blockchain, Ethereum has another two security improvements. One is the random tie- breaking rule. Instead of accepting the first chain received , a node randomly selects one chain within all received chains of the same length. The number γ is not fixed anymore and equals the inverse of the competing chains number. The other one aims to remit the uncle mining strategy .
Uncle blocks and eclipse attacks
How do eclipse attacks work?
An eclipse attack requires the attacker to control a botnet of host nodes (each with their own IP address) and work out the neighboring nodes of a victim, essentially by trial and error. The effort required to achieve this depends on the size and nature of a network, but when successful, the attacker will be in control of all the victim’s connecting nodes after the victim logs off and rejoins the network.
In this scenario, there are three actors-the attacker, the victim, and an honest node. If the victim finds a block, an attacker does not propagate this block to the network. If the attacker finds a block, they share it with the victim. In this way, the attacker creates a private blockchain for themselves and the eclipsed node.
By doing this, the attacker can obtain up to 96.4% more than with honest mining. Eclipse attacks are possible because in a decentralized network, a node cannot simultaneously connect to all other nodes on the network. Instead, for efficiency, a given node will connect to a select group of others, who in turn are connected to a select group of their own. So, it is possible to launch an eclipse attacks with only two machines with unique IP addresses.
Ethereum relies on a structured network based on a protocol called Kademlia, which is designed to allow nodes to connect to other nodes more efficiently. By using a key generation algorithm, an attacker could create an unlimited number of node IDs (identifiers on the peer-to-peer network) very quickly. Worse, an attacker could even create node IDs in a way that made them more attractive to the victim than a random node ID, basically drawing the victim to them.
Ethereum has three characteristics that could make it susceptible to eclipse attacks. Firstly, fast block creation creates endless loose blocks, indirectly infringing upon honest miners’ interests by inflating the supply of Ether. Secondly, the uncle block mechanism means that nodes can profit from these blocks. And thirdly, Ethereum’s enhanced node connectivity supplies a motivation to attackers.