Is Stellar As Secure As You Think?

Stellar is one of the top ten cryptocurrencies in terms of market capitalization. It adopts a variant of Byzantine fault tolerance (BFT), named federated Byzantine agreement (FBA), which generalizes the traditional BFT algorithm to make it more suitable for open-membership blockchains. To this end, FBA introduces a quorum slice concept, which consists of a set of nodes. In FBA, a node can complete one consensus round when it receives specific messages from nodes in a quorum slice appointed by the node. In this study, we analyze FBA, whose security is highly dependent on the structure of quorum slices, and demonstrate that it is not superior to the traditional BFT algorithm in terms of safety and liveness. Then, to analyze the security of the Stellar consensus protocol (SCP), which is a construction for FBA, we investigate the current quorum slices in Stellar. We analyze the structure of quorum slices and measure the influence of each node quantitatively using two metrics, PageRank (PR) and the newly proposed NodeRank (NR). The results show that the Stellar system is significantly centralized. Thereafter, to determine how the centralized structure can have a negative impact on the Stellar system, we study the cascading failure caused by deleting only a few nodes (i.e., validators) in Stellar. We show that all of the nodes in Stellar cannot run SCP if only two nodes fail. To make matters worse, these two nodes are run and controlled by a single organization, the Stellar foundation.

[1]  David K. Gifford,et al.  Weighted voting for replicated data , 1979, SOSP '79.

[2]  M. Herlihy A quorum-consensus replication method for abstract data types , 1986, TOCS.

[3]  Divyakant Agrawal,et al.  Efficient solution to the distributed mutual exclusion problem , 1989, PODC '89.

[4]  Avishai Wool,et al.  The load and availability of Byzantine quorum systems , 1997, PODC '97.

[5]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[6]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[7]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[8]  Michael K. Reiter,et al.  Dynamic byzantine quorum systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[9]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[10]  Yu-Chee Tseng,et al.  Quorum-Based Asynchronous Power-Saving Protocols for IEEE 802.11 Ad Hoc Networks , 2005, Mob. Networks Appl..

[11]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[12]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[13]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[14]  David Mazières The Stellar Consensus Protocol: A Federated Model for Internet-level Consensus , 2015 .

[15]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[16]  Ghassan O. Karame,et al.  Ripple: Overview and Outlook , 2015, TRUST.

[17]  Andrew Miller,et al.  Discovering Bitcoin ’ s Public Topology and Influential Nodes , 2015 .

[18]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[19]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[20]  Christian Cachin,et al.  Architecture of the Hyperledger Blockchain Fabric , 2016 .

[21]  Kevin Lee,et al.  An Empirical Analysis of Linkability in the Monero Blockchain , 2017, ArXiv.

[22]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[23]  Yongdae Kim,et al.  Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin , 2017, CCS.

[24]  Emin Gün Sirer,et al.  Decentralization in Bitcoin and Ethereum Networks , 2018, Financial Cryptography.

[25]  Andrew Miller,et al.  Measuring Ethereum Network Peers , 2018, Internet Measurement Conference.

[26]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[27]  Alexey Gotsman,et al.  Federated Byzantine Quorum Systems (Extended Version) , 2018, ArXiv.

[28]  Violeta Damjanovic-Behrendt,et al.  Federated Byzantine Agreement to Ensure Trustworthiness of Digital Manufacturing Platforms , 2018, CRYBLOCK@MobiSys.

[29]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..