拜占庭容錯協議之同步器的攻擊與防禦

Abstract

許多拜占庭容錯協議仰賴於一個誠實的領導者指揮其他節點以達成共識。為了選舉出目前的領導者，HotStuff提出一個使用pacemaker的架構，並以此確保在有限時間內節點們一定會達成共識。這篇論文檢視了HotStuff的實作並找出其無法讓節點完成同步的安全性漏洞。針對這個漏洞，我們提出了兩個攻擊使得HotStuff在攻擊成功後無法達成任何共識。除此之外，其中一個攻擊方法不但能在固定的時間內完成，也只需要一個惡意節點就能達成攻擊，而這個特性是在任意節點數量下的系統都能符合。對此，我們也提出了一個有效的防禦方式來補足HotStuff的不足。

Leader-based Byzantine Fault-Tolerant (BFT) protocols heavily rely on an honest leader to guide other nodes to reach a consensus. To elect the current leader, the HotStuff BFT protocol proposed to use a pacemaker, which also ensures the liveness of the BFT protocol. In this paper, we carefully inspected HotStuff BFT and discovered that their pacemaker implementation contains a serious vulnerability that prevents the honest nodes to synchronize to the same leader. This allows us to construct two liveness attacks, Freezer attack and Constant-time Freezer attack, that stop HotStuff BFT from reaching any consensus. Notably, the Constant-time Freezer attack can be carried out in constant time, disregarding the number of honest nodes, and one single Byzantine node can launch this attack. In correspond to this security vulnerability, we design a secure and efficient view doubling synchronizer that provides protections to HotStuff's pacemaker and has comparable efficiency as other existing view synchronizers.