Security Properties of Light Clients on the Ethereum Blockchain

被引:19
作者
Paavolainen, Santeri [1 ]
Carr, Christopher [2 ,3 ]
机构
[1] Aalto Univ, Sch Elect Engn, Dept Commun & Networking, Aalto 00076, Finland
[2] Norwegian Univ Sci & Technol, Dept Informat Secur & Commun Technol, N-7491 Trondheim, Norway
[3] Univ West England, Dept Accounting Econ & Finance, Bristol BS16 1ZG, Avon, England
来源
IEEE ACCESS | 2020年 / 8卷
基金
欧盟地平线“2020”;
关键词
Blockchain; ethereum; light client; light ethereum subprotocol; security;
D O I
10.1109/ACCESS.2020.3006113
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Ethereum is a decentralized blockchain, known as being the second most popular public blockchain after Bitcoin. Since Ethereum is decentralised the canonical state is determined by the Ethereum network participants via a consensus mechanism without a centralized coordinator. The network participants are required to evaluate every transaction starting from the genesis block, which requires a large amount of network, computing, and storage resources. This is impractical for many devices with either limited computing resources or intermittent network connectivity. To overcome this drawback Ethereum defines a light client protocol where the light client fetches the blockchain state from a node operating as a light protocol server. Light clients are unable to maintain blockchain state internally, and as a consequence can only perform partial validation on blocks. Thus they rely on the light server for full block validation and to provide the updated blockchain state. Light clients connect to multiple light servers to mitigate the risk of relying on a single potentially dishonest server. Ethereum light clients are known to suffer from a probabilistic security model, but they are widely assumed to be secure under normal operating conditions. In fact, the implicit security assumptions of light clients have not been formally characterised in the literature. We present and analyse the probabilistic security guarantees under three different adversarial scenarios. The results show that for any adversary that is able to manipulate the network, the security assurances provided by the light protocol are severely impacted, and in some cases entirely lost. These results clearly demonstrate that the assumption of normal operating conditions is insufficient to justify the security assumptions of light clients. Our work also provides insight to the security of light clients under different security parameters, allowing light client implementers to more accurately understand the potential security trade-offs.
引用
收藏
页码:124339 / 124358
页数:20
相关论文
共 42 条
[11]   Delay and Communication Tradeoffs for Blockchain Systems With Lightweight IoT Clients [J].
Danzi, Pietro ;
Kalor, Anders E. ;
Stefanovic, Cedomir ;
Popovski, Petar .
IEEE INTERNET OF THINGS JOURNAL, 2019, 6 (02) :2354-2365
[12]  
Ethereum, 2019, LIGHT ETH SUBPR LES
[13]   Majority Is Not Enough: Bitcoin Mining Is Vulnerable [J].
Eyal, Ittay ;
Sirer, Emin Guen .
FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2014, 2014, 8437 :436-454
[14]  
Gervais A., 2016, P ACM SIGSAC C COMP, P3, DOI [DOI 10.1145/2976749, DOI 10.1145/2976749.2978341]
[15]   From blockchain consensus back to Byzantine consensus [J].
Gramoli, Vincent .
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2020, 107 :760-769
[16]  
Gruber D., 2018, P WORKSH DEC IOT SEC, P1, DOI [10.14722/diss.2018.23010, DOI 10.14722/DISS.2018.23010]
[17]  
Harchol-Balter Mor, 2013, Performance Modeling and Design of Computer Systems: Queueing Theory in Action, DOI [DOI 10.1017/CBO9781139226424, 10.1017/cbo9781139226424]
[18]  
Heilman E., 2018, IACR Cryptology ePrint Archive, V2018, P236
[19]  
Heilman E, 2015, PROCEEDINGS OF THE 24TH USENIX SECURITY SYMPOSIUM, P129
[20]  
Hildenbrandt E., 2017, Kevm: A complete semantics of the ethereum virtual machine
12345