拜占庭容錯協議之同步器的攻擊與防禦

Ping-Lun Wang; 王秉倫

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/86615

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君(Hsu-Chun Hsiao)
dc.contributor.author	Ping-Lun Wang	en
dc.contributor.author	王秉倫	zh_TW
dc.date.accessioned	2023-03-20T00:06:39Z	-
dc.date.copyright	2022-08-15
dc.date.issued	2022
dc.date.submitted	2022-08-08
dc.identifier.citation	[1] Manuel Bravo, Gregory Chockler, and Alexey Gotsman. Making Byzantine Consensus Live. In Hagit Attiya, editor, 34th International Symposium on Distributed Computing (DISC 2020), volume 179 of Leibniz International Proceedings in Informatics (LIPIcs), pages 23:1–23:17, Dagstuhl, Germany, 2020. Schloss Dagstuhl–Leibniz-Zentrum für Informatik. [2] Ethan Buchman. Tendermint: Byzantine fault tolerance in the age of blockchains. PhD thesis, University of Guelph, 2016. [3] Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance. In Proceedings of the Third Symposium on Operating Systems Design and Implementation, OSDI ’99, pages 173–186, Berkeley, CA, USA, 1999. USENIX Association. [4] Determinant and dahliamalkhi. hot-stuff/libhotstuff, 2021. [5] Cynthia Dwork, Nancy Lynch, and Larry Stockmeyer. Consensus in the presence of partial synchrony. J. ACM, 35(2):288– 323, apr 1988. [6] Leslie Lamport. Specifying concurrent program modules. ACM Transactions on Programming Languages and Systems (TOPLAS), 5(2):190–222, 1983. [7] Leslie Lamport, Robert E. Shostak, and Marshall C. Pease. The byzantine generals problem. ACM Trans. Program. Lang. Syst., 4(3):382–401, 1982. [8] Oded Naor, Mathieu Baudet, Dahlia Malkhi, and Alexander Spiegelman. Cogsworth: Byzantine view synchronization, 2020. [9] Jianyu Niu, Fangyu Gai, Mohammad M. Jalalzai, and Chen Feng. On the performance of pipelined hotstuff. In IEEE INFOCOM 2021 - IEEE Conference on Computer Communications, pages 1–10, 2021. [10] The LibraBFT Team. State machine replication in the libra blockchain. https://developers.libra.org/docs/assets/papers/libra-consensus-state-machine-replication-inthe-libra-blockchain/2020-05-26.pdf, 2020. Accessed: 2020-09-06. [11] Marko Vukolić. The quest for scalable blockchain fabric: Proof-of-work vs. bft replication. In Jan Camenisch and Doğan Kesdoğan, editors, Open Problems in Network Security, pages 112–125, Cham, 2016. Springer International Publishing. [12] Ping-Lun Wang, Tzu-Wei Chao, Chia-Chien Wu, and Hsu-Chun Hsiao. Tool: An efficient and flexible simulator for byzantine fault-tolerant protocols, 2021. [13] Maofan Yin, Dahlia Malkhi, Michael K. Reiter, Guy Golan Gueta, and Ittai Abraham. Hotstuff: Bft consensus with linearity and responsiveness. In Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, PODC ’19, page 347– 356, New York, NY, USA, 2019. Association for Computing Machinery.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/86615	-
dc.description.abstract	許多拜占庭容錯協議仰賴於一個誠實的領導者指揮其他節點以達成共識。為了選舉出目前的領導者，HotStuff提出一個使用pacemaker的架構，並以此確保在有限時間內節點們一定會達成共識。這篇論文檢視了HotStuff的實作並找出其無法讓節點完成同步的安全性漏洞。針對這個漏洞，我們提出了兩個攻擊使得HotStuff在攻擊成功後無法達成任何共識。除此之外，其中一個攻擊方法不但能在固定的時間內完成，也只需要一個惡意節點就能達成攻擊，而這個特性是在任意節點數量下的系統都能符合。對此，我們也提出了一個有效的防禦方式來補足HotStuff的不足。	zh_TW
dc.description.abstract	Leader-based Byzantine Fault-Tolerant (BFT) protocols heavily rely on an honest leader to guide other nodes to reach a consensus. To elect the current leader, the HotStuff BFT protocol proposed to use a pacemaker, which also ensures the liveness of the BFT protocol. In this paper, we carefully inspected HotStuff BFT and discovered that their pacemaker implementation contains a serious vulnerability that prevents the honest nodes to synchronize to the same leader. This allows us to construct two liveness attacks, Freezer attack and Constant-time Freezer attack, that stop HotStuff BFT from reaching any consensus. Notably, the Constant-time Freezer attack can be carried out in constant time, disregarding the number of honest nodes, and one single Byzantine node can launch this attack. In correspond to this security vulnerability, we design a secure and efficient view doubling synchronizer that provides protections to HotStuff's pacemaker and has comparable efficiency as other existing view synchronizers.	en
dc.description.provenance	Made available in DSpace on 2023-03-20T00:06:39Z (GMT). No. of bitstreams: 1 U0001-0308202213285500.pdf: 1941156 bytes, checksum: 0dbe6ae3cb452bb2f240a4b9d74f5750 (MD5) Previous issue date: 2022	en
dc.description.tableofcontents	口試委員會審定書 i 誌謝 ii 摘要 iii Abstract iv Contents v List of Figures viii List of Tables ix 1 Introduction 1 2 Background 5 2.1 The HotStuff BFT Protocol . . . . . . . . . . . . . . . . . . . . . . 5 2.2 View Synchronization in HotStuff . . . . . . . . . . . . . . . . . . . 6 3 Vulnerability of HotStuff 11 3.1 Freezer Attack with Four Nodes . . . . . . . . . . . . . . . . . . . . 12 3.1.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.1.2 Setup Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.1.3 Reset Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.4 Stop Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2 Generalized Freezer Attack . . . . . . . . . . . . . . . . . . . . . . . 14 3.2.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.2 Setup Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.3 Reset Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.4 Stop Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.3 Constant-time Freezer Attack . . . . . . . . . . . . . . . . . . . . . 17 3.3.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3.2 Setup Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3.3 Reset Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.4 Stop Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4 Improved View Doubling Synchronizer 21 4.1 Modifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.1.1 Securely Reset Timeout . . . . . . . . . . . . . . . . . . . . 22 4.1.2 Timeout Adjustment . . . . . . . . . . . . . . . . . . . . . . 22 4.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.2.1 Initial State . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.2.2 After Consensus . . . . . . . . . . . . . . . . . . . . . . . . 26 4.3 Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5 Comparison With Other Synchronizers 29 5.1 Experiment Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.2 Underestimated Network Latency . . . . . . . . . . . . . . . . . . . 30 5.3 Various Network Stability . . . . . . . . . . . . . . . . . . . . . . . 31 5.4 Fail-Stop Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 vidoi:10.6342/NTU202202006 5.5 Under Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6 Related Work 35 6.1 Attacks on HotStuff . . . . . . . . . . . . . . . . . . . . . . . . . . 35 6.2 View Synchronizers . . . . . . . . . . . . . . . . . . . . . . . . . . 36 7 Conclusion and Future Work 38 Bibliography 40
dc.language.iso	en
dc.title	拜占庭容錯協議之同步器的攻擊與防禦	zh_TW
dc.title	Attacking and Protecting View Synchronizers of Byzantine Fault-Tolerant Protocols	en
dc.type	Thesis
dc.date.schoolyear	110-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	廖世偉(Shih-Wei Liao),郭博鈞(Po-Chun Kuo)
dc.subject.keyword	拜占庭容錯協議,同步器,	zh_TW
dc.subject.keyword	BFT Protocol,View Synchronizer,	en
dc.relation.page	41
dc.identifier.doi	10.6342/NTU202202006
dc.rights.note	同意授權(全球公開)
dc.date.accepted	2022-08-08
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
dc.date.embargo-lift	2026-08-08	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
U0001-0308202213285500.pdf 此日期後於網路公開 2026-08-08	1.9 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。