The Ticking Privacy Time-bomb at the Heart of the ETH2 Merge

The Ethereum Merge is fast approaching. After years of development (and delays), Ethereum’s long-awaited switch from proof of work to proof of stake is almost upon us. In a recent development call, the date for the Merge was tentatively set for 15th or 16th September 2022.

It’s hard to overstate the importance of this transition. Proof of work consensus – which the Ethereum chain adopted from Bitcoin and has been using since its inception in 2015 – is frequently criticized as inefficient and environmentally damaging. Proof of stake is estimated to use over 90% less energy than proof of work. So this is great news, right? Unfortunately, Swiss privacy project HOPR has identified a potential privacy flaw which could cause chaos once the Merge happens.

The Problem: Validator Sniping

To understand the problem, we need to take a brief detour into how Ethereum’s proof-of-stake consensus will be implemented. Unlike in proof of work, where everyone is competing simultaneously to complete blocks, under proof of stake, participants with sufficient stake – known as validators — are assigned a particular slot in which only they will be allowed to propose a block. This block will be validated by other members of the network and, if accepted, added to the chain.

The issue arises in how this plays out in practice. Validators are assigned slots randomly, but this schedule is known to everyone in the network in advance. This advanced notice gives potential attackers time to gather data for a disruptive and lucrative exploit.

Although validators are identified in the network only by a pseudonymous public key, communication with other peers in the network also leaks validators’ IP addresses, with enough time, it’s possible to link public keys with IP addresses, breaking the veil of pseudonymity. With this link in place, it’s possible to conduct a denial of service attack, bombarding the target device with requests and taking it temporarily offline. Once removed from the network, the validator will be unable to propose a block and their brief slot window will expire unfilled.

This attack, taking out a validator to prevent them from completing their blockchain duties, has been dubbed ‘validator sniping’.

Why does this matter? This issue has been known about for years – even being mentioned in several Ethereum security audits – but previously dismissed as “low severity” because there seemed little reason to disrupt the chain in this way.

But something important has happened since those audits were first published: the rise in the importance of MEV, where miners or validators extract value from the blockchain by deliberately ordering and inserting transactions in profitable ways. A little-known phenomenon a few years ago, with the DeFi boom MEV has blossomed into a billion-dollar cash cow. It’s hard to assess the true extent of MEV, but a look into any block explorer will quickly show that it affects the majority of blocks in the blockchain.This is crucial for proof of stake, because these lucrative MEV opportunities turn validator sniping from an esoteric exploit to a deeply tempting attack. If a validator sees juicy MEV opportunities in the mempool, but their assigned block slot isn’t quite soon enough, they have a strong incentive to knock out the previous validators in the schedule and poach their rewards.

Blockchains rely strongly on incentives being aligned for everyone to reach consensus. With perverse incentives in place, it’s possible the post-Merge Ethereum chain will suffer frequent outages and validators snipe each other.

But how likely is this? The HOPR team conducted research on the functionally equivalent Gnosis Beacon Chain and were able to use a modified validator node to identify the link between public keys and IP addresses with over 90% confidence. In doing so, the team analyzed over a billion data points gathered over months of validating. After consultation from teams at the Ethereum Foundation and Gnosis Chain, it seems that by optimizing the data harvesting setup the crucial link can be established in as little as fifteen minutes.

The Solution: IP Protection

So what can be done? One option is to use a VPN, but in the long run it’s unlikely that this will offer sufficient protection. Upgrades to the consensus algorithm itself could help, but these are likely to take years to research and implement.

As part of their research, HOPR suggest that a privacy mixnet like the one they’re developing could be a solution, as the process of relaying data through different paths has the same effect as regularly cycling IP addresses.

It’s important to note that this problem isn’t an immediate concern because no MEV exploits are possible while the proof-of-stake setup is being tested. But once the Merge happens and real transactions are being processed, all bets are off.

If the Merge is going to be a success, it seems essential for projects throughout the ecosystem to come together to plug this privacy loophole.  

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Leave a Reply

Your email address will not be published. Required fields are marked *