Erebus attack

Today completes chapter 7 from the book Bitcoin: A Work in Progress.

What Else Can Be Done?

In addition to the many suggestions from the paper, there are other things that can be done, and some have been implemented.

You may be wondering: Why wouldn’t you just have as many connections as possible from the get-go? But the problem is that it requires a lot of data exchange — especially for the transactions in a mempool — and that’s extremely data intensive, so you can’t just add more connections without also increasing bandwidth use.

Erlay is a proposal for reducing the bandwidth needed for these mempool synchronizations. It reduces the main cost (bandwidth) per connection. A lower cost per connection allows nodes to have more connections. Having more connections makes any eclipse attack scheme more difficult.

Another way to have more connections without increasing bandwidth too much is to constrain some connections to blocks only, and to not sync the mempool with those peers. This was implemented in 2019.

Finally, there’s the Blockstream Satellite, or any other satellite or even radio broadcast. These allow anyone in the world to receive the latest blocks. This is mainly useful for people with very low bandwidth internet connections in remote areas. But it can also offer protection against an eclipse attack. This is because when your node receives the satellite signal, even if all inbound and outbound connections are taken over by an attacker, you’ll still learn about new blocks.

Note, however, that you shouldn’t blindly trust the satellite either, for it might try to eclipse you. But remember that you only need a single honest peer, and you achieve this by having as diverse a set of connections as possible.

The Bitcoin Core development wiki also contains an overview of eclipse attacks and various counter measures.

Erebus Attack

If you want to learn more about eclipse attacks, you might be interested in the Erebus attack: an eclipse attack where an attacker essentially spoofs an entire part of the internet.

How this works is the internet is made up of Autonomous Systems (AS), which are basically clusters of IP addresses owned by the same entity, like an ISP.

As it turns out, however, some Autonomous Systems can effectively act as bottlenecks when trying to reach other Autonomous Systems. This allows an attacker controlling such a bottleneck to launch a successful eclipse attack — even against nodes that connect with multiple Autonomous Systems.

As explained above, Bitcoin Core nodes already counter eclipse attacks by ensuring they’re connected to a variety of IP addresses, based on the first two digits of the IP address. This can be further improved by separating buckets by Autonomous Systems instead.

But this doesn’t thwart the Erebus attack. For that, recent versions of Bitcoin Core include an optional feature — ASMAP.

Episode 18 of Bitcoin, Explained explains how mapping the internet has allowed Bitcoin Core contributors to create a tool which ensures that Bitcoin nodes not only connect to various Autonomous Systems, but also that they avoid being trapped behind said bottlenecks.