Skip to content

Commit ce582b1

Browse files
bwbushbwbush
committed
Drafted section on threat vectors
1 parent 1c6a9a8 commit ce582b1

File tree

1 file changed

+33
-0
lines changed

1 file changed

+33
-0
lines changed

docs/technical-report-1.md

+33
Original file line numberDiff line numberDiff line change
@@ -557,4 +557,37 @@ The stake distribution has an important influence on the number of unique SPOs i
557557
![Curve fit to stakepool distribution at epoch 500](../images/stake-fit.png)
558558

559559

560+
## Threat model
561+
562+
Below is a comprehensive tabulation of *hypothetical* threats to the Leios. Many of these are already mitigated by the protocol design or the cost of the resources needed to execute the threat. All are listed here for completeness and consideration.
563+
564+
| # | Actor | Method | Effect | Resources | Mitigation | Notes |
565+
| --: | -------- | ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ----------- | ------------------------------------ | -------------------------------- |
566+
| 1 | Varies | Threat to Praos | Leios is only as secure as Praos | - | Varies | Already mitigated in Praos |
567+
| 2 | Producer | Grinding VRF on voting eligibility | Increased probability of voting | CPU & stake | Epoch nonce resistance to grinding | R&D underway |
568+
| 3 | Producer | Grinding VRF on IB eligibility | Increased probability of IB | CPU & stake | Epoch nonce resistance to grinding | R&D underway |
569+
| 4 | Producer | Grinding VRF on EB eligibility | Increased probability of EB | CPU & stake | Epoch nonce resistance to grinding | R&D underway |
570+
| 5 | Producer | Equivocated IB (i.e., produce more than one IB when only one is allowed) | Resource burden on nodes | stake | See Leios paper | Already mitigated |
571+
| 6 | Producer | Equivocated EB | Resource burden on nodes | stake | See Leios paper | Already mitigated |
572+
| 7 | Producer | Equivocated vote | Interferes with certificate creation | stake | See Leios paper | Already mitigated |
573+
| 8 | Producer | Decline to create IB | Lowers throughput | stake | Include txs in multiple IBs? | |
574+
| 9 | Producer | Decline to create EB | Lowers throughput | stake | Produce multiple EBs per pipeline? | |
575+
| 10 | Producer | Decline to vote | Lowers throughput | stake | | |
576+
| 11 | Producer | Omit txs when creating IB | Lowers throughput; increases propagation speed of malicious IB; manipulate Dapps; manipulate oracles | stake | Include txs in multiple IBs? | |
577+
| 12 | Producer | Omit IBs when creating EB | Lowers throughput; increases propagation speed of malicious EB; manipulate dapps; manipulate oracles | stake | Producer multiple EBs per pipeline? | |
578+
| 13 | Producer | Reorder IBs when creating EB | Manipulate dapps | stake | Impose canonical order of IBs in EB | Already mitigated in Leios paper |
579+
| 14 | Producer | Create invalid IB | Resource burden on nodes; lowers throughput | stake | See Leios paper | Already partially mitigated |
580+
| 15 | Producer | Create invalid EB | Resource burden on nodes; lowers throughput | stake | See Leios paper | Already partially mitigated |
581+
| 16 | Producer | Create invalid vote | Resource burden on nodes; lowers throughput | stake | See Leios paper | Already partially mitigated |
582+
| 17 | Producer | Include invalid txs in IB | Resource burden on nodes; lowers throughput | stake | Tx verification | Already partially mitigated |
583+
| 18 | Producer | Include invalid IBs in EB | Resource burden on nodes; lowers throughput | stake | IB verification | Already partially mitigated |
584+
| 19 | Producer | Include invalid certificate in RB | Lowers throughput; resource burden on nodes | stake | Certificate verification | Already partially mitigated |
585+
| 20 | Producer | Create valid certificate without sufficient votes | Manipulates inclusion of txs and hence dapps and oracles | CPU & stake | Strong cryptography for certificates | |
586+
| 21 | Relay | Abuse sync protocol | Resource burden on nodes; introduces latency | - | Design of sync protocol | Mostly already mitigated |
587+
| 22 | Relay | Delay diffusion of valid IBs | Introduces latency; shifts resource usage on nodes | - | See Leios paper | Already mitigated |
588+
| 23 | Relay | Delay diffusion of valid EBs | Introduces latency; shifts resource usage on nodes | - | See Leios paper | Already mitigated |
589+
| 24 | Relay | Delay diffusion of votes | Introduces latency; shifts resource usage on nodes | - | See Leios paper | Already mitigated |
590+
| 25 | Client | Submit invalid, duplicate, or conflicting transactions (especially Plutus ones) | Fills memory pool; increases tx duplication in RBs; lowers throughput; resource burden on nodes | ada | Sharding | Research underway |
591+
592+
560593
## Findings and conclusions

0 commit comments

Comments
 (0)