Cryptology ePrint Archive: Report 2019/1484

Force-Locking Attack on Sync Hotstuff

Atsuki Momose

Abstract: Blockchain which realize state machine replication (SMR) is widely studied recently as the fundamental building block of decentralized cryptocurrency and smart contract which need consensus mechanism in the global scale public trustless network. In such situation larger resiliency (e.g., minority fault)of the protocol is favorable, that motivate some research on synchronous protocol which have been studied only on the theoretical level but not for realistic use. Abraham et al. published a synchronous SMR protocol called Sync Hotstuff at ePrint (which will appear in IEEE S&P 2020) which is extremely simple and practical. It achieve $2\Delta$ latency which is near optimal in a synchronous model, and without lock-step execution its throughput is comparable to that of partially synchronous protocols. They present not only for standard synchronous model but for weaker model called mobile sluggish model which is more realistic. And it also adopts optimistic responsive mode where its latency is independent of $\Delta$. However, there is a critical security vulnerability. In this paper, we present force-locking attack on Sync Hotstuff. This attack violate safety of the protocol for standard synchronous model, and liveness of all versions of the protocol including for the mobile sluggish model and with responsive mode. This attack is not only a specific attack on Sync Hotstuff but a general form of attack scheme in the blockchain protocol we call force-locking. We then present some refinements to prevent this attack. Our modification remove its security vulnerability without any performance compromises. We also give formal proofs of security for each model.

Category / Keywords: cryptographic protocols / blockchain, consensus, SMR, attack

Date: received 25 Dec 2019, last revised 27 Dec 2019

Contact author: momose at sqlab jp

Available format(s): PDF | BibTeX Citation

Version: 20191230:192945 (All versions of this report)

Short URL: ia.cr/2019/1484


[ Cryptology ePrint archive ]