An eclipse attack is a network-level attack on a blockchain, whereby an attacker takes control of the peer-to-peer network and thus obscuring a node’s view of the blockchain.
In a new research paper titled “Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network” they describe a way to initiate an eclipse attack on the Ethereum network.
They disclosed their findings to Ethereum on January 8th, 2018 and Ethereum devs quickly issued a patch — Geth v1.8.1 — to fix the problem.
Splitting the Ethereum Network
Similar to Bitcoin, a node on the Ethereum network relies mostly on connections to its peers to get a broad scope of the network.
In an eclipse attack an attacker gains control of all the connections going from and to a targeted victim’s node. In this way an attacker prevents that victim from obtaining full information about other parts of the particular network.
Folks often think of an eclipse attack as a way to co-opt mining power of the network around consensus however an eclipse attack is more useful in a double-spend attack. A payee can send coins for a transaction and then use the eclipse attack to prevent the receiver from even learning that those coins were used in another transaction in another part of the network.
Researchers published the first paper on eclipse attacks on the Bitcoin network 3 years ago.
Just like the earlier work on the Bitcoin network, in working on Ethereum, these researchers had to reverse engineer the protocol based on the code and then write their own parsers from packets, so everything was done from square one.
At first sight, Ethereum seems to be more resilient to these eclipse attacks. Whereas bitcoin nodes make only 8 outgoing TCP connections to form the gossip network that propagates transactions and blocks Ethereum nodes make thirteen. And while Ethereum’s p2p network uses a secure encrypted channel, Bitcoin’s network doesnt.
As it happens, Ethereum was in fact easier to attack mostly because whereas Bitcoin relies on an unstructured network where nodes form random connections with each other, Ethereum rather relies on a structured network based on a protocol called Kademlia, which is basically designed to allow nodes to connect to other nodes much more efficiently.
Nodes in Ethereum’s p2p network are identified by their public key. Notably, Ethereum versions before Geth v1.8.1 allowed a user to run an infinite number of nodes, each with a different public key, from the same machine with the very same IP address.
By using a key generation algorithm, an attacker could hypothetically create an infinite number of node IDs extremely quickly. Worse off, a potential attacker could create node IDs in such a way that made them more attractive to the victim then perhaps a random node ID, essentially drawing the victim to them, instead.