Confirmation number 31 | Ethereum Foundation Blog

This issue Confirmed It is devoted to recent contextualization. published paper We describe three possible attacks against Ethereum’s proof-of-stake algorithm.

tl;dr

This is a serious attack that has been formally analyzed and has technically simple mitigations. Fixes will be released before the merge won’t Delay the merge timeline.

Forkchoice attacks, mitigations and timeline

There has been quite a bit of talk around the new recently. published paper It was co-authored by the Stanford team and some EF researchers. The paper revealed three active and reconfiguration attacks on the consensus mechanism of a beacon chain. without It provides some relief or contextualization of what this means for Ethereum’s upcoming Merge upgrade. This white paper was released in an effort to make review and collaboration easier before introducing modifications to the mainnet. However, it fails to provide context for impacts and mitigation. This created uncertainty in subsequent discussions.

Let’s take a closer look at it.

Yes, this is a serious attack ⚔️

First of all, the points we need to make clear are as follows. Serious This is a problem that threatens the stability of the beacon chain if not alleviated. To achieve this, it is important to apply modifications at merge time and before the beacon chain takes over the security of the Ethereum execution layer.

But with a simple fix 🛡

The good news is that two simple fixes to fork selection have been proposed: “Proposer Boosting” and “Proposer View Synchronization”. Proposer boosting has been formally analyzed by Stanford researchers (with a follow-up article coming soon). Specification from AprilIt even did. avatar On at least one client. Proposer view synchronization It also looks promising, but formal analysis is in the early stages. Currently, researchers expect proposer boosting to be included in the specification due to the simplicity and maturity of the analysis.

At a high level, attacks on the paper arise from an overreliance on signals in the proof. This especially happens when a small number of adversarial proofs tilt honest views in one direction or the other. There is good reason for this reliance. That is, it is almost completely eliminated by proof. after death Blocks reconfiguration of the beacon chain. However, these attacks prove to be costly. From the past Reorg and other active attacks. Intuitively, the solutions mentioned above balance the power between proofs and block proposals rather than living at one end or the other.

Caspar did a great job of succinctly explaining the attack and the proposed fixes. Please confirm this twitter thread For the best tl;dr you can find.

So what about merging? ⛓

Check for modifications before the merge is complete. Absolutely essential. However, there is a fix and it is simple to implement.

This fix targets forkchoice only, so it is consistent with the merge spec written today. Under normal conditions the fork choice will be exactly the same as it is now, but the frozen version will help provide chain stability in case of an attack scenario. This means that if you deploy a fix, ~ no Introducing major changes or requiring a “hard fork”.

Researchers and developers expect proposer boosting to be officially integrated into the consensus specification by the end of November and applied to the Merge testnet by mid-January.

Finally, I would like to express my great gratitude to members Joachim Neu, Nusret Taş, and David Tse. sieve laboratory At Stanford — just like before precious In not only identifying but also solving the critical issues discussed above. 🚀