This edition of Finalized focuses on the contextualization of a recently released paper outlining three potential assaults on Ethereum’s proof-of-stake protocol.
tl;dr
These represent critical attacks that have a formally-assessed, technically straightforward remedy. A resolution will be implemented before the Merge and will not postpone Merge schedules.
Forkchoice attacks, remedies, and timelines
Lately, there has been considerable discussion regarding a newly published paper co-written by a group from Stanford and several EF researchers. This document unveiled three liveness and reorganization attacks directed at the beacon chain’s consensus framework without offering any solutions or contextualization regarding what this implies for Ethereum’s forthcoming Merge upgrade. The paper was shared to aid in review and collaboration prior to implementing corrections on the mainnet. However, it fell short in providing context on ramifications and remedies, leaving uncertainty in the subsequent dialogues.
Let’s clarify everything.
Indeed, these are significant attacks ⚔️
First and foremost, we must emphasize, these are serious matters that, if not addressed, jeopardize the integrity of the beacon chain. Hence, it is imperative that solutions are established before the beacon chain assumes the security of Ethereum’s execution layer at the time of the Merge.
However, there is a straightforward solution 🛡
The encouraging news is that two straightforward remedies to the forkchoice have been suggested — “proposer boosting” and “proposer view synchronization”. Proposer boosting has been formally examined by Stanford researchers (detailed write-up coming soon), has been specified since April, and has even been applied in at least one client. Proposer view synchronization also exhibits promise but is still early in its formal analysis. As of now, researchers anticipate that proposer boosting will be integrated into the specifications due to its simplicity and depth in analysis.
On a broader scale, the assaults outlined in the paper arise from an excessive dependence on the signals from attestations—specifically for a limited quantity of adversarial attestations to sway an honest perspective in one direction or another. This reliance is justifiable—attestations nearly completely prevent ex post block reorganizations in the beacon chain—but these assaults illustrate that this dependence incurs a significant price—ex ante reorganizations and other liveness threats. Intuitively, the solutions proposed above adjust the balance of authority between attestations and block proposals rather than existing at one extreme or the other.
Caspar provided a commendable summary elucidating both the attacks and suggested remedies. Refer to this twitter thread for the most concise tl;dr available.
And what is the situation with the Merge? ⛓
Ensuring a remedy is established before the Merge is an absolute necessity. However, there is a solution, and it is straightforward to implement.
This remedy focuses solely on the forkchoice and is thus compatible with the Merge specifications as they stand today. Under ordinary circumstances, the forkchoice remains identical to its current form, but in the case of attack scenarios, the modified version aids in maintaining chain stability. Consequently, deploying a remedy does not introduce disruptive changes or necessitate a “hard fork”.
Researchers and developers project that by the end of November, proposer boosting will be formally incorporated into the consensus specifications, and it will be operational on the Merge testnets by mid-January.
Finally, I want to express my profound gratitude to Joachim Neu, Nusret Taş, and David Tse—members of the Tse Lab at Stanford—as they have been irreplaceable in not only diagnosing but addressing the critical issues outlined above 🚀
