From 004f8b03f5c2aac547cc9fb98010ac0fc35bda60 Mon Sep 17 00:00:00 2001 From: Maltesius Date: Mon, 2 Jun 2025 13:48:18 +0200 Subject: [PATCH 01/10] added Ethereum attack defense source --- report/src/bib/main.bib | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/report/src/bib/main.bib b/report/src/bib/main.bib index dcdbc4f..c55f7e4 100644 --- a/report/src/bib/main.bib +++ b/report/src/bib/main.bib @@ -223,4 +223,12 @@ @inproceedings{10.1007/978-3-030-03332-3_15 numpages = {33}, keywords = {Post-quantum cryptography, Class-group action, Isogeny-based cryptography, Non-interactive key exchange, Key confirmation}, location = {Brisbane, QLD, Australia} +} + +@article{EthereumAttackDefense2024, + title = {Ethereum proof-of-stake attack and defense}, + author = {ethereum.org}, + year = {2024}, + note = {Accessed: 22-10-2024}, + url = {https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/attack-and-defense/} } \ No newline at end of file From d35917e677f1bc8b834973db4ac7b89f4ff22bee Mon Sep 17 00:00:00 2001 From: Maltesius Date: Mon, 2 Jun 2025 13:48:40 +0200 Subject: [PATCH 02/10] Typos --- report/src/sections/07-discussion.tex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/report/src/sections/07-discussion.tex b/report/src/sections/07-discussion.tex index 8dcfabf..b006f12 100644 --- a/report/src/sections/07-discussion.tex +++ b/report/src/sections/07-discussion.tex @@ -47,9 +47,9 @@ \subsection{Shuffle Security}\label{subsec:Discution-Shuffle-security} Only 72.33\% of the currently calculated size for Curdleproofs. This would result in saving $\sim 12.11GB$ of space on the blockchain each year. Some other things to keep in mind when deciding on how many honest shuffles should be necessary to make the shuffle secure is that there are other factors that can affect the security of the blockchain. -One of such factors is some of the know attacks that takes advantage of controlling a large number of validators. -Attacks like the $>-50\%$ stake attack and the $33\%$ finality attack~\cite{EthereumAttackDefense2024} takes advantage of controlling a large number of validators in order to negatively effect the blockchain system. -Because of attacks like these, which rely on controlling a large number of validators, we would recommend that when evaluating how many honest shuffles should be necessary to make the shuffle secure, one should also take into account how many honest validators are necessary to make the blockchain secure. +One of such factors is some of the known attacks that takes advantage of controlling a large number of validators. +Attacks like the $\geq50\%$ stake attack and the $33\%$ finality attack~\cite{EthereumAttackDefense2024} takes advantage of controlling a large number of validators in order to negatively effect the blockchain system. +Because of attacks like these, which rely on controlling a large number of validators, we would recommend, when evaluating how many honest shuffles are necessary to make the shuffle secure; one should also take into account how many honest validators are necessary to make the blockchain secure. Another thing to keep in mind is that within the Ethereum system not every validator is owned by a different person. Some nodes contain multiple validators, and this means that during the shuffling phase, when selecting the 16384 possible proposers, there is a chance that a single node controls multiple of the chosen validators. From 2256a72cef49ef6de29f3934a04118f6224ac2c4 Mon Sep 17 00:00:00 2001 From: Maltesius Date: Mon, 2 Jun 2025 13:48:50 +0200 Subject: [PATCH 03/10] Wrote the introduction --- report/src/sections/01-introduction.tex | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/report/src/sections/01-introduction.tex b/report/src/sections/01-introduction.tex index d57eb34..61580f2 100644 --- a/report/src/sections/01-introduction.tex +++ b/report/src/sections/01-introduction.tex @@ -3,5 +3,33 @@ \section{Introduction}\label{sec:introduction} Ethereum is a decentralized blockchain platform that enables developers to build and deploy smart contracts and decentralized applications. It is the second-largest blockchain platform by market capitalization and has a large and active developer community. +Currently working as a Proof-of-Stake protocol, it allocates block proposal opportunities to the ones in the community willing to stake their ether; also called validators. +Though, previous work from Heimbach et al., confirmed by ourselves, shows that adversaries are able to gather validator IP addresses~\cite{heimbach2024deanonymizingethereumvalidatorsp2p,ouroldpaper}. +These can be used to perform a Denial-of-Service (DoS) attack on the validators, threatening the liveness of the blockchain~\cite{EthereumAttackDefense2024,ouroldpaper}. + +In response to the potential threat, Ethereum has proposed a protocol, Whisk, which hides validators' identities making the DoS attack harder to perform~\cite{Whisk2024}. +Whisk is a Single Secret Leader Election protocol~\cite{10.1145/3419614.3423258}, where validators each publish a private tracker, which is used for proposer selection instead. +When proposing a block, the validator will then prove the ownership of the tracker. +To ensure that adversaries are unable to trace the tracker to specific validators, each block proposer shuffles the list of validator trackers while adding randomness to the trackers. + +Making sure that this has been done correctly is essential to the protocol. +Hence, Whisk uses a proof protocol, called Curdleproofs, which is a Zero-Knowledge proof of shuffle~\cite{Curdleproofs}. +Therefore, the block proposer constructs such a proof, adds it to the block, after which other validators can verify the proof. + +This introduces block size overhead to the blockchain. +Also, additional work is required for both provers and verifiers. + +In this paper, we dive into the structure of Curdleproofs to understand, where the protocol can be optimized. +Specifically, we work with the concept of Inner Product Arguments and how they generally only work vector sizes that are powers of two. + +Our protocol, CAAUrdleproofs, aims to improve on the rigid nature of Curdleproofs. +Following this, we also provide argumentation of when CAAUrdleproofs is still secure. + +Working with this led to the following contributions: +\begin{itemize} + \item We have successfully modified Curdleproofs, using the Springproofs framework~\cite{zhang2024springproofs}, to allow flexibility when choosing the shuffle size. + \item We have implemented CAAUrdleproofs and run experiments on both protocols, showing that CAAUrdleproofs has potential to be faster and smaller in size compared to Curdleproofs. + \item We have experimentally provided argumentation that CAAUrdleproofs is still secure when lowering the size of shuffled elements. +\end{itemize} From edbca823cec47c3b820c228f9d39f858210acd75 Mon Sep 17 00:00:00 2001 From: Anders Malta <74375517+Maltesius@users.noreply.github.com> Date: Mon, 2 Jun 2025 13:53:00 +0200 Subject: [PATCH 04/10] Update report/src/sections/07-discussion.tex Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- report/src/sections/07-discussion.tex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/report/src/sections/07-discussion.tex b/report/src/sections/07-discussion.tex index b006f12..9b9fe3f 100644 --- a/report/src/sections/07-discussion.tex +++ b/report/src/sections/07-discussion.tex @@ -47,8 +47,8 @@ \subsection{Shuffle Security}\label{subsec:Discution-Shuffle-security} Only 72.33\% of the currently calculated size for Curdleproofs. This would result in saving $\sim 12.11GB$ of space on the blockchain each year. Some other things to keep in mind when deciding on how many honest shuffles should be necessary to make the shuffle secure is that there are other factors that can affect the security of the blockchain. -One of such factors is some of the known attacks that takes advantage of controlling a large number of validators. -Attacks like the $\geq50\%$ stake attack and the $33\%$ finality attack~\cite{EthereumAttackDefense2024} takes advantage of controlling a large number of validators in order to negatively effect the blockchain system. +One of such factors is some of the known attacks that take advantage of controlling a large number of validators. +Attacks like the $\geq50\%$ stake attack and the $33\%$ finality attack~\cite{EthereumAttackDefense2024} take advantage of controlling a large number of validators in order to negatively effect the blockchain system. Because of attacks like these, which rely on controlling a large number of validators, we would recommend, when evaluating how many honest shuffles are necessary to make the shuffle secure; one should also take into account how many honest validators are necessary to make the blockchain secure. Another thing to keep in mind is that within the Ethereum system not every validator is owned by a different person. From 299a69216706e49e28817210543883387f6d7db7 Mon Sep 17 00:00:00 2001 From: Anders Malta <74375517+Maltesius@users.noreply.github.com> Date: Mon, 2 Jun 2025 13:53:19 +0200 Subject: [PATCH 05/10] Update report/src/sections/01-introduction.tex Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- report/src/sections/01-introduction.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/report/src/sections/01-introduction.tex b/report/src/sections/01-introduction.tex index 61580f2..e3e4fec 100644 --- a/report/src/sections/01-introduction.tex +++ b/report/src/sections/01-introduction.tex @@ -20,7 +20,7 @@ \section{Introduction}\label{sec:introduction} Also, additional work is required for both provers and verifiers. In this paper, we dive into the structure of Curdleproofs to understand, where the protocol can be optimized. -Specifically, we work with the concept of Inner Product Arguments and how they generally only work vector sizes that are powers of two. +Specifically, we work with the concept of Inner Product Arguments and how they generally only work for vector sizes that are powers of two. Our protocol, CAAUrdleproofs, aims to improve on the rigid nature of Curdleproofs. Following this, we also provide argumentation of when CAAUrdleproofs is still secure. From 6dcb3bc2876fad1b5a3c895f2eb45bee19a88805 Mon Sep 17 00:00:00 2001 From: Maltesius Date: Mon, 2 Jun 2025 13:55:27 +0200 Subject: [PATCH 06/10] Clarity rewrite --- report/src/sections/01-introduction.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/report/src/sections/01-introduction.tex b/report/src/sections/01-introduction.tex index 61580f2..a2c4252 100644 --- a/report/src/sections/01-introduction.tex +++ b/report/src/sections/01-introduction.tex @@ -3,7 +3,7 @@ \section{Introduction}\label{sec:introduction} Ethereum is a decentralized blockchain platform that enables developers to build and deploy smart contracts and decentralized applications. It is the second-largest blockchain platform by market capitalization and has a large and active developer community. -Currently working as a Proof-of-Stake protocol, it allocates block proposal opportunities to the ones in the community willing to stake their ether; also called validators. +Currently working as a Proof-of-Stake protocol, block proposal opportunities are allocated to the community members willing to stake their ether on entities called validators. Though, previous work from Heimbach et al., confirmed by ourselves, shows that adversaries are able to gather validator IP addresses~\cite{heimbach2024deanonymizingethereumvalidatorsp2p,ouroldpaper}. These can be used to perform a Denial-of-Service (DoS) attack on the validators, threatening the liveness of the blockchain~\cite{EthereumAttackDefense2024,ouroldpaper}. From c90a2be1b7bcefe4863bd42f158fd802d341fa5e Mon Sep 17 00:00:00 2001 From: Anders Malta <74375517+Maltesius@users.noreply.github.com> Date: Mon, 2 Jun 2025 13:57:55 +0200 Subject: [PATCH 07/10] Update report/src/sections/07-discussion.tex Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- report/src/sections/07-discussion.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/report/src/sections/07-discussion.tex b/report/src/sections/07-discussion.tex index 9b9fe3f..bc3b00f 100644 --- a/report/src/sections/07-discussion.tex +++ b/report/src/sections/07-discussion.tex @@ -48,7 +48,7 @@ \subsection{Shuffle Security}\label{subsec:Discution-Shuffle-security} This would result in saving $\sim 12.11GB$ of space on the blockchain each year. Some other things to keep in mind when deciding on how many honest shuffles should be necessary to make the shuffle secure is that there are other factors that can affect the security of the blockchain. One of such factors is some of the known attacks that take advantage of controlling a large number of validators. -Attacks like the $\geq50\%$ stake attack and the $33\%$ finality attack~\cite{EthereumAttackDefense2024} take advantage of controlling a large number of validators in order to negatively effect the blockchain system. +Attacks like the $\geq50\%$ stake attack and the $33\%$ finality attack~\cite{EthereumAttackDefense2024} take advantage of controlling a large number of validators in order to negatively affect the blockchain system. Because of attacks like these, which rely on controlling a large number of validators, we would recommend, when evaluating how many honest shuffles are necessary to make the shuffle secure; one should also take into account how many honest validators are necessary to make the blockchain secure. Another thing to keep in mind is that within the Ethereum system not every validator is owned by a different person. From c9442a4d79fc7d40a51ee6dde0e636fcfb2f68d7 Mon Sep 17 00:00:00 2001 From: Maltesius Date: Mon, 2 Jun 2025 13:58:12 +0200 Subject: [PATCH 08/10] Clarity rewrite --- report/src/sections/01-introduction.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/report/src/sections/01-introduction.tex b/report/src/sections/01-introduction.tex index 5db724d..f29b2ae 100644 --- a/report/src/sections/01-introduction.tex +++ b/report/src/sections/01-introduction.tex @@ -4,7 +4,7 @@ \section{Introduction}\label{sec:introduction} Ethereum is a decentralized blockchain platform that enables developers to build and deploy smart contracts and decentralized applications. It is the second-largest blockchain platform by market capitalization and has a large and active developer community. Currently working as a Proof-of-Stake protocol, block proposal opportunities are allocated to the community members willing to stake their ether on entities called validators. -Though, previous work from Heimbach et al., confirmed by ourselves, shows that adversaries are able to gather validator IP addresses~\cite{heimbach2024deanonymizingethereumvalidatorsp2p,ouroldpaper}. +Though, previous work from Heimbach et al., confirmed also by our study, shows that adversaries are able to gather validator IP addresses~\cite{heimbach2024deanonymizingethereumvalidatorsp2p,ouroldpaper}. These can be used to perform a Denial-of-Service (DoS) attack on the validators, threatening the liveness of the blockchain~\cite{EthereumAttackDefense2024,ouroldpaper}. In response to the potential threat, Ethereum has proposed a protocol, Whisk, which hides validators' identities making the DoS attack harder to perform~\cite{Whisk2024}. From 3c3dc5ad2b10787abf450fc910ed5c6b37216016 Mon Sep 17 00:00:00 2001 From: oliver holmgaard <74530153+ironmand123@users.noreply.github.com> Date: Mon, 2 Jun 2025 14:42:23 +0200 Subject: [PATCH 09/10] Update report/src/sections/01-introduction.tex --- report/src/sections/01-introduction.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/report/src/sections/01-introduction.tex b/report/src/sections/01-introduction.tex index f29b2ae..dc3d826 100644 --- a/report/src/sections/01-introduction.tex +++ b/report/src/sections/01-introduction.tex @@ -20,7 +20,7 @@ \section{Introduction}\label{sec:introduction} Also, additional work is required for both provers and verifiers. In this paper, we dive into the structure of Curdleproofs to understand, where the protocol can be optimized. -Specifically, we work with the concept of Inner Product Arguments and how they generally only work for vector sizes that are powers of two. +Specifically, we work with the concept of Inner Product Arguments (IPA) and how they generally only work for vector sizes that are powers of two. Our protocol, CAAUrdleproofs, aims to improve on the rigid nature of Curdleproofs. Following this, we also provide argumentation of when CAAUrdleproofs is still secure. From 188e075e6dab17f1909c4ca3b3a7ac7f75d43e52 Mon Sep 17 00:00:00 2001 From: oliver holmgaard <74530153+ironmand123@users.noreply.github.com> Date: Mon, 2 Jun 2025 14:42:30 +0200 Subject: [PATCH 10/10] Update report/src/sections/01-introduction.tex --- report/src/sections/01-introduction.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/report/src/sections/01-introduction.tex b/report/src/sections/01-introduction.tex index dc3d826..be9db66 100644 --- a/report/src/sections/01-introduction.tex +++ b/report/src/sections/01-introduction.tex @@ -8,7 +8,7 @@ \section{Introduction}\label{sec:introduction} These can be used to perform a Denial-of-Service (DoS) attack on the validators, threatening the liveness of the blockchain~\cite{EthereumAttackDefense2024,ouroldpaper}. In response to the potential threat, Ethereum has proposed a protocol, Whisk, which hides validators' identities making the DoS attack harder to perform~\cite{Whisk2024}. -Whisk is a Single Secret Leader Election protocol~\cite{10.1145/3419614.3423258}, where validators each publish a private tracker, which is used for proposer selection instead. +Whisk is a Single Secret Leader Election (SSLE) protocol~\cite{10.1145/3419614.3423258}, where validators each publish a private tracker, which is used for proposer selection instead. When proposing a block, the validator will then prove the ownership of the tracker. To ensure that adversaries are unable to trace the tracker to specific validators, each block proposer shuffles the list of validator trackers while adding randomness to the trackers.