No More Attacks on Proof-of-Stake Ethereum?

  title={No More Attacks on Proof-of-Stake Ethereum?},
  author={Francesco D'Amato and Joachim Neu and Ertem Nusret Tas and DavidN C. Tse},
  journal={IACR Cryptol. ePrint Arch.},
  • Francesco D'AmatoJoachim Neu DavidN C. Tse
  • Published 7 September 2022
  • Computer Science
  • IACR Cryptol. ePrint Arch.
The latest message driven (LMD) greedy heaviest observed sub-tree (GHOST) consensus protocol is a critical component of future proof-of-stake (PoS) Ethereum. In its current form, the protocol is brittle and intricate to reason about, as evidenced by recent attacks, patching attempts, and G¨orli testnet reorgs. We present Goldfish , which can be seen as a considerably simplified variant of the current protocol, and prove that it is secure and reorg resilient in synchronous networks with dynamic… 

Figures from this paper

Two More Attacks on Proof-of-Stake GHOST/Ethereum

This work presents two new attack strategies targeting the PoS Ethereum consensus protocol, suggesting a fundamental conceptual incompatibility between PoS and the Greedy Heaviest-Observed Sub-Tree (GHOST) fork choice paradigm employed by PoSthereum.

Byzantine Consensus under Fully Fluctuating Participation

This work addresses the problem of Bitcoin’s notoriously large latency by presenting a protocol that has 3 round latency, tolerates one-third malicious nodes, and allows fully dynamic participation of both honest and malicious nodes.



Snow White: Provably Secure Proofs of Stake

It is argued that any consensus protocol satisfying functionalities and robustness requirements can be used for proofs-of-stake, as long as money does not switch hands too quickly, and this work is the first to formally articulate a set of requirements for consensus candidates for proofs ofstake.

Three Attacks on Proof-of-Stake Ethereum

A third attack is obtained which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations.

Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma

A new class of flexible consensus protocols, ebb-and-flow protocols, are formulated, which support a full dynamically available ledger in conjunction with a finalized prefix ledger, to resolve the availability-finality dilemma.

The Availability-Accountability Dilemma and its Resolution via Accountability Gadgets

This work constructs a provably secure optimally-resilient accountability gadget to checkpoint a longest chain protocol, such that the full ledger is live under dynamic participation and the checkpointed prefix ledger is accountable.

The Sleepy Model of Consensus

This work begins a study of distributed protocols in a “sleepy” model of computation where players can be either online (awake) or offline (asleep), and their online status may change at any point during the protocol.

Longest Chain Consensus Under Bandwidth Constraint

A PoS consensus protocol that achieves a constant fraction of the network’s throughput limit even under worst-case adversarial strategies is obtained by composing multiple instances of a PoS LC protocol with a suitable download rule in parallel.

Resource Pools and the CAP Theorem

This paper presents a parsimonious abstraction sufficient for capturing and comparing properties of many well-known permissionless blockchain protocols, simultaneously capturing essential properties of both proof-of-work and proof- of-stake protocols, and of both longest-chain-type and BFT-type protocols.

Streamlet: Textbook Streamlined Blockchains

An extremely simple and natural paradigm called Streamlet for constructing consensus protocols that is inspired by the core techniques that have been uncovered in the past five years of work on consensus partly driven by the cryptocurrency community and how remarkably simple the new generation of consensus protocols has become in comparison with classical mainstream approaches such as PBFT and Paxos.

Incentivizing Blockchain Forks via Whale Transactions

The results show that double-spend attacks, conventionally thought to be impractical for minority attackers, can actually be financially feasible and worthwhile under the whale attack, and demonstrates that rationality should not underestimated when evaluating the security of cryptocurrencies.

Highway: Efficient Consensus with Flexible Finality

Highway is proposed, a new consensus protocol that is safe and live in the classical partially synchronous BFT model, while at the same time offering practical improvements over existing solutions.