spacemeshos / pm

Project management. Meta-tasks related to research, dev, and specs for the Spacemesh protocol and infrastructure.
http://spacemesh.io/
Creative Commons Zero v1.0 Universal
2 stars 0 forks source link

PoET proofs spam attack mitigation #173

Open moshababo opened 2 years ago

moshababo commented 2 years ago

The problem

Current network gossip protocol allows an easy-to-launch spam attack whereby an adversary can publish an unlimited amount of PoET proofs which are not associated by any ATX.

Creating valid PoET proofs is permissionless and cheapest-as-possible by design, in addition to not having gurantees on having a higher cost for creating multiple proofs in parallel or slightly different variations thereof. So from security perspective, the cost of creating a valid PoET proof should be thought of as zero, and cannot be considered as means to prevent such an attack.

In addition, every PoET proof contains a list of members associated with it, as an arbitrary-size byte array, which also not necessarily associated with actual ATXs.

The mitigation

Don’t allow the propagation of PoET proofs which don’t have an associated ATX costs. This means that PoET proofs cannot be gossiped prior to their associated ATXs, like they currently do.

ATX-publishing nodes would be responsible for obtaining these proofs from the PoET service (in an off-chain fashion). Assuming one proof will be associated with many ATXs, they should only contain a reference to it, like currently. The actual proof should be retained locally and published upon demand, when a node receiving the ATX learns about it for the first time and is missing the full object in order to complete the ATX validation.

In addition, ATX-publishing nodes should obtain their distinct Merkle path from the PoET service, for proving their challenge's membership in the shared proof. The path should be included in the ATX.

Implementation

https://github.com/spacemeshos/poet

https://github.com/spacemeshos/go-spacemesh

[^1]: A future potential local optimization could be to construct a sparse tree out of the distinct Merkle proofs for a given PoET proof, in order to avoid having to store duplicated tree nodes data.

noamnelke commented 2 years ago

LGTM 👍🏻