You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/threat-model.md
+32-32Lines changed: 32 additions & 32 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -135,12 +135,12 @@ In Leios, successful grinding would allow attackers to increase their probabilit
135
135
- Amplify costs of VRF grinding Ouroboros Phalanx ([CIP-0161](https://github.com/nhenin/CIPs/tree/CIP-Ouroboros-Phalanx/CIP-0161)), which introduces computational cost amplification to make grinding attacks economically infeasible by increasing grinding costs by approximately 10^10 while maintaining lightweight computation for honest participants.
136
136
- Standard key management practices protect against VRF key compromise.
| 1 | Any threat to Praos | Leios is only as secure as Praos | - | Dependency on Praos |
141
+
| 2 | VRF grinding on EB eligibility | Increased probability of EB creation | CPU, stake (>20%) | Ouroboros Phalanx R&D |
142
+
| 3 | VRF grinding on voting eligibility | Increased probability of voting selection | CPU, stake (>20%) | Ouroboros Phalanx R&D |
143
+
| 4 | VRF key compromise | Unfair advantage in eligibility | Very high cryptographic attack | Strong key management |
144
144
145
145
### Equivocation
146
146
@@ -154,12 +154,12 @@ A particularly interesting case involves BLS key compromise for voting. When a B
154
154
155
155
**Mitigation**: The Leios protocol specification includes explicit equivocation detection mechanisms that identify misbehaving nodes and equivocation proofs are forwarded through the network. For BLS key compromise, key rotation procedures enable recovery while defensive equivocation provides interim protection. Double voting has limited safety impact since multiple certificates can exist but only RB inclusion determines chain progression.
| 13 | Reference invalid transactions in EB | Lower throughput, resource waste | Stake for block production | Reduced rewards, validate before forward |
187
187
| 14 | Include invalid certificate in RB | Lower throughput, resource waste | Stake for block production | Certificate verification |
188
-
| 15 | Forge certificate without quorum | Manipulate transaction inclusion | Cryptographic attack | Strong BLS cryptography |
188
+
| 15 | Forge certificate without quorum | Manipulate transaction inclusion | Cryptographic attack | Strong BLS cryptography |
189
189
190
190
### Omission and Manipulation
191
191
@@ -201,12 +201,12 @@ SPOs concerned about front-running competition may choose to bypass the EB mecha
201
201
202
202
**Mitigation**: The primary defense is the memory pool design - omitted transactions remain available for inclusion in subsequent honest blocks, limiting censorship effectiveness. The distributed nature of block production means no single actor can permanently censor transactions. Detection of MEV extraction is challenging since legitimate transaction selection and ordering can appear similar to value extraction. Mitigation options are limited since EB opportunities are coupled to RB opportunities and cannot be parameterized separately.
| 16 | Omit transactions from EB |Reduces throughput, temporary censorship| Stake for block production | Memory pool persistence |
207
-
| 17 | Reorder transactions in EB | MEV, market manipulation | Stake for block production | Limited detection capability |
208
-
| 18 | Insert or replace transactions in EB | MEV, market manipulation | Stake for block production | Limited detection capability |
209
-
| 19 | Ignore certificates, include txs in RB only |Reduces EB throughput, avoids front-running | Stake for block production | Reduced rewards, Self-limiting when load exceeds RB capacity |
| 16 | Omit transactions from EB |Lower throughput, temporary censorship | Stake for block production | Memory pool persistence |
207
+
| 17 | Reorder transactions in EB | MEV, market manipulation | Stake for block production | Limited detection capability |
208
+
| 18 | Insert or replace transactions in EB | MEV, market manipulation | Stake for block production | Limited detection capability |
209
+
| 19 | Ignore certificates, include txs in RB only |Lower throughput, avoid front-running | Stake for block production | Reduced rewards, self-limiting when load exceeds RB capacity |
210
210
211
211
### Data withholding
212
212
@@ -231,11 +231,11 @@ A particularly dangerous and sophisticated variant targets blockchain safety its
| 20 | Withhold announced EB or endorsed transactions |Lower throughput | Stake for block production | Connection timeouts, peer pruning |
237
+
| 21 | Selectively withhold data from voting committee | Prevent honest EB certification, reduce throughput | Network position control | Redundant peer connections, diffusion monitoring |
238
+
| 22 | Selectively withhold data from honest nodes | Allow certification, delay block propagation | Network position control, modest stake | L_diff parameter sizing, worst-case diffusion validation |
239
239
240
240
### Protocol bursts
241
241
@@ -252,9 +252,9 @@ The attack magnitude depends on the adversary's stake proportion and EB size par
252
252
253
253
**Mitigation**: The primary defense is traffic prioritization implementing freshest-first delivery semantics - Praos traffic must be preferred over Leios traffic, and fresh Leios traffic over stale traffic. However, some infrastructural resources cannot be prioritized perfectly, including CPU, memory, disk bandwidth, and network router buffers. The attack's magnitude is bounded by the adversary's stake proportion, but ultimately requires engineering solutions for effective prioritization during burst conditions.
0 commit comments