PoET proofs spam attack mitigation #173
Comments
|
LGTM 👍🏻 |
Closed
selfdual-brain
moved this to Spec available (on-going review)
in Research+Sandwich work pipeline
selfdual-brain
moved this from Spec available (on-going review)
to Green light from dev
in Research+Sandwich work pipeline
This was referenced Dec 7, 2022
5 tasks
bors bot
pushed a commit
to spacemeshos/go-spacemesh
that referenced
this issue
Dec 27, 2022
## Motivation Part of spacemeshos/pm#173 Closes #3746 Closes #3814 ## Changes - removed broadcasting method from `GatewayService` - removed p2p listeners for broadcasted poet proofs - changed `NIPostBuilder` to query poets for proofs after the rounds end ## Test Plan - added a system test in which nodes use different poets to verify if poet proofs are properly propagated between nodes ## TODO - [ ] Bump poet to a released version in go.mod after spacemeshos/poet#187 is merged ## DevOps Notes - [x] This PR does not require configuration changes (e.g., environment variables, GitHub secrets, VM resources) - [ ] ~This PR does not affect public APIs~ Proof broadcasting was removed - [ ] ~This PR does not rely on a new version of external services (PoET, elasticsearch, etc.)~ - It relies on a new Poet version - [ ] ~This PR does not make changes to log messages (which monitoring infrastructure may rely on)~ Co-authored-by: moshababo <[email protected]>
bors bot
pushed a commit
to spacemeshos/go-spacemesh
that referenced
this issue
Dec 27, 2022
## Motivation Part of spacemeshos/pm#173 Closes #3746 Closes #3814 ## Changes - removed broadcasting method from `GatewayService` - removed p2p listeners for broadcasted poet proofs - changed `NIPostBuilder` to query poets for proofs after the rounds end ## Test Plan - added a system test in which nodes use different poets to verify if poet proofs are properly propagated between nodes ## TODO - [ ] Bump poet to a released version in go.mod after spacemeshos/poet#187 is merged ## DevOps Notes - [x] This PR does not require configuration changes (e.g., environment variables, GitHub secrets, VM resources) - [ ] ~This PR does not affect public APIs~ Proof broadcasting was removed - [ ] ~This PR does not rely on a new version of external services (PoET, elasticsearch, etc.)~ - It relies on a new Poet version - [ ] ~This PR does not make changes to log messages (which monitoring infrastructure may rely on)~ Co-authored-by: moshababo <[email protected]>
bors bot
pushed a commit
to spacemeshos/go-spacemesh
that referenced
this issue
Dec 28, 2022
## Motivation Part of spacemeshos/pm#173 Closes #3746 Closes #3814 ## Changes - removed broadcasting method from `GatewayService` - removed p2p listeners for broadcasted poet proofs - changed `NIPostBuilder` to query poets for proofs after the rounds end ## Test Plan - added a system test in which nodes use different poets to verify if poet proofs are properly propagated between nodes ## TODO - [ ] Bump poet to a released version in go.mod after spacemeshos/poet#187 is merged ## DevOps Notes - [x] This PR does not require configuration changes (e.g., environment variables, GitHub secrets, VM resources) - [ ] ~This PR does not affect public APIs~ Proof broadcasting was removed - [ ] ~This PR does not rely on a new version of external services (PoET, elasticsearch, etc.)~ - It relies on a new Poet version - [ ] ~This PR does not make changes to log messages (which monitoring infrastructure may rely on)~ Co-authored-by: moshababo <[email protected]>
bors bot
pushed a commit
to spacemeshos/go-spacemesh
that referenced
this issue
Dec 28, 2022
## Motivation Part of spacemeshos/pm#173 Closes #3746 Closes #3814 ## Changes - removed broadcasting method from `GatewayService` - removed p2p listeners for broadcasted poet proofs - changed `NIPostBuilder` to query poets for proofs after the rounds end ## Test Plan - added a system test in which nodes use different poets to verify if poet proofs are properly propagated between nodes ## TODO - [ ] Bump poet to a released version in go.mod after spacemeshos/poet#187 is merged ## DevOps Notes - [x] This PR does not require configuration changes (e.g., environment variables, GitHub secrets, VM resources) - [ ] ~This PR does not affect public APIs~ Proof broadcasting was removed - [ ] ~This PR does not rely on a new version of external services (PoET, elasticsearch, etc.)~ - It relies on a new Poet version - [ ] ~This PR does not make changes to log messages (which monitoring infrastructure may rely on)~ Co-authored-by: moshababo <[email protected]>
bors bot
pushed a commit
to spacemeshos/go-spacemesh
that referenced
this issue
Dec 28, 2022
## Motivation Part of spacemeshos/pm#173 Closes #3746 Closes #3814 ## Changes - removed broadcasting method from `GatewayService` - removed p2p listeners for broadcasted poet proofs - changed `NIPostBuilder` to query poets for proofs after the rounds end ## Test Plan - added a system test in which nodes use different poets to verify if poet proofs are properly propagated between nodes ## TODO - [ ] Bump poet to a released version in go.mod after spacemeshos/poet#187 is merged ## DevOps Notes - [x] This PR does not require configuration changes (e.g., environment variables, GitHub secrets, VM resources) - [ ] ~This PR does not affect public APIs~ Proof broadcasting was removed - [ ] ~This PR does not rely on a new version of external services (PoET, elasticsearch, etc.)~ - It relies on a new Poet version - [ ] ~This PR does not make changes to log messages (which monitoring infrastructure may rely on)~ Co-authored-by: moshababo <[email protected]>
bors bot
pushed a commit
to spacemeshos/go-spacemesh
that referenced
this issue
Dec 28, 2022
## Motivation Part of spacemeshos/pm#173 Closes #3746 Closes #3814 ## Changes - removed broadcasting method from `GatewayService` - removed p2p listeners for broadcasted poet proofs - changed `NIPostBuilder` to query poets for proofs after the rounds end ## Test Plan - added a system test in which nodes use different poets to verify if poet proofs are properly propagated between nodes ## TODO - [ ] Bump poet to a released version in go.mod after spacemeshos/poet#187 is merged ## DevOps Notes - [x] This PR does not require configuration changes (e.g., environment variables, GitHub secrets, VM resources) - [ ] ~This PR does not affect public APIs~ Proof broadcasting was removed - [ ] ~This PR does not rely on a new version of external services (PoET, elasticsearch, etc.)~ - It relies on a new Poet version - [ ] ~This PR does not make changes to log messages (which monitoring infrastructure may rely on)~ Co-authored-by: moshababo <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem
Current network gossip protocol allows an easy-to-launch spam attack whereby an adversary can publish an unlimited amount of PoET proofs which are not associated by any ATX.
Creating valid PoET proofs is permissionless and cheapest-as-possible by design, in addition to not having gurantees on having a higher cost for creating multiple proofs in parallel or slightly different variations thereof. So from security perspective, the cost of creating a valid PoET proof should be thought of as zero, and cannot be considered as means to prevent such an attack.
In addition, every PoET proof contains a list of members associated with it, as an arbitrary-size byte array, which also not necessarily associated with actual ATXs.
The mitigation
Don’t allow the propagation of PoET proofs which don’t have an associated ATX costs. This means that PoET proofs cannot be gossiped prior to their associated ATXs, like they currently do.
ATX-publishing nodes would be responsible for obtaining these proofs from the PoET service (in an off-chain fashion). Assuming one proof will be associated with many ATXs, they should only contain a reference to it, like currently.
The actual proof should be retained locally and published upon demand, when a node receiving the ATX learns about it for the first time and is missing the full object in order to complete the ATX validation.
In addition, ATX-publishing nodes should obtain their distinct Merkle path from the PoET service, for proving their challenge's membership in the shared proof. The path should be included in the ATX.
Implementation
https://github.com/spacemeshos/poet
https://github.com/spacemeshos/go-spacemesh
Footnotes
A future potential local optimization could be to construct a sparse tree out of the distinct Merkle proofs for a given PoET proof, in order to avoid having to store duplicated tree nodes data. ↩
The text was updated successfully, but these errors were encountered: