Conference:The Network and Distributed System Security (NDSS)
CCF level:CCF A
Categories:network and information security
Year:2025
Conference time: 24 to 28 February 2025 in San Diego, California.
1
Title:
Kronos: A Secure and Generic Sharding Blockchain Consensus with Optimized Overhead
Kronos: 具有优化开销的安全通用分片区块链共识
Authors:
Yizhong Liu (Beihang University), Andi Liu (Beihang University), Yuan Lu (Institute of Software Chinese Academy of Sciences), Zhuocheng Pan (Beihang University), Yinuo Li (Xi’an Jiaotong University), Jianwei Liu (Beihang University), Song Bian (Beihang University), Mauro Conti (University of Padua)
Abstract:
Sharding enhances blockchain scalability by dividing the network into shards, each managing specific unspent transaction outputs or accounts. As an introduced new transaction type, cross-shard transactions pose a critical challenge to the security and efficiency of sharding blockchains.
Currently, there is a lack of a generic sharding blockchain consensus pattern that achieves both security and low overhead.
In this paper, we present Kronos, a secure sharding blockchain consensus achieving optimized overhead.
In particular, we propose a new textit{secure sharding blockchain consensus pattern}, based on a textit{buffer} managed jointly by shard members. Valid transactions are transferred to the payee via the buffer, while invalid ones are rejected through happy or unhappy paths.
Kronos is proved to achieve textit{security} textit{with atomicity} under malicious clients while maintaining textit{optimal intra-shard overhead}. Efficient rejection even requires no Byzantine fault tolerance (BFT) protocol execution in happy paths, and the cost in unhappy paths is still not higher than a two-phase commit.
Besides, we propose secure cross-shard certification methods. Handling $b$ transactions, Kronos is proved to achieve cross-shard communication with low textit{cross-shard overhead} $mathcal{O}(n b lambda)$ ($n$ for the shard size and $lambda$ for the security parameter).
Notably, Kronos imposes no restrictions on BFT and does not rely on timing assumptions, offering optional constructions in various modules. Kronos could serve as a universal framework for enhancing the performance and scalability of existing BFT protocols. Kronos supports generic models, including asynchronous networks, and can increase the throughput by several orders of magnitude.
We implement Kronos using two prominent BFT protocols: asynchronous Speeding Dumbo (NDSS'22) and partially synchronous Hotstuff (PODC'19). Extensive experiments (over up to 1000 AWS EC2 nodes across 4 AWS regions) demonstrate Kronos scales the consensus nodes to thousands, achieving a substantial throughput of 320 ktx/sec with 2.0 sec latency. Compared with the past solutions, Kronos outperforms, achieving up to a 12$times$ improvement in throughput and a 50% reduction in latency when cross-shard transactions dominate the workload.
分片通过将网络划分为分片来增强区块链的可扩展性,每个分片管理特定的未使用交易输出或账户。作为一种新的交易类型,跨分片交易对分片区块链的安全性和效率构成了严峻挑战。
目前,缺乏一种通用的分片区块链共识模式来实现安全性和低开销。
在本文中,我们提出了Kronos,一种实现优化开销的安全分片区块链共识。特别是,我们提出了一种新的textit{安全分片区块链共识模式},该模式基于分片成员共同管理的textit{buffer}。有效的交易通过缓冲区转移到收款人,而无效的交易则通过高兴或不高兴的路径被拒绝。
Kronos被证明可以在恶意客户端下实现textit{安全性}textit{原子性},同时保持textit{最佳分片内开销}。有效的拒绝甚至不需要在快乐路径中执行拜占庭容错(BFT)协议,在不快乐路径中的成本仍然不高于两阶段提交。
此外,我们提出了安全的跨分片认证方法。在处理$b$事务时,Kronos被证明可以实现跨分片通信,具有低textit{跨分片开销}$mathcal{O}(n b lambda)$($n$表示分片大小,$lambda$表示安全参数)。值得注意的是,Kronos对BFT没有限制,也不依赖于时间假设,在各种模块中提供可选结构。Kronos可以作为一个通用框架,用于提高现有BFT协议的性能和可扩展性。Kronos支持通用模型,包括异步网络,可以将吞吐量提高几个数量级。
我们使用两种著名的BFT协议来实现Kronos:异步加速小飞象(NDSS'22)和部分同步的Hotstuff(PODC'19)。广泛的实验(在4个AWS区域中多达1000个AWS EC2节点)表明,Kronos将共识节点扩展到数千个,实现了320 ktx/sec的吞吐量和2.0秒的延迟。与过去的解决方案相比,Kronos表现优异,当跨分片事务主导工作负载时,吞吐量提高了12美元乘以1美元,延迟降低了50%。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-472-paper.pdf
2
Title:
Manifoldchain: Maximizing Blockchain Throughput via Bandwidth-Clustered Sharding
Manifoldchain: 通过带宽集群分片最大化区块链吞吐量
Authors:
Chunjiang Che (The Hong Kong University of Science and Technology (Guangzhou)), Songze Li (Southeast University), Xuechao Wang (The Hong Kong University of Science and Technology (Guangzhou))
Abstract:
Bandwidth limitation is the major bottleneck that hinders scaling throughput of proof-of-work blockchains. To guarantee security, the mining rate of the blockchain is determined by the miners with the lowest bandwidth, resulting in an inefficient bandwidth utilization among fast miners. We propose Manifoldchain, an innovative blockchain sharding protocol that alleviates the impact of slow miners to maximize blockchain throughput. Manifoldchain utilizes a bandwidth-clustered shard formation mechanism that groups miners with similar bandwidths into the same shard. Consequently, this approach enables us to set an optimal mining rate for each shard based on its bandwidth, effectively reducing the waiting time caused by slow miners. Nevertheless, the adversary could corrupt miners with similar bandwidths, thereby concentrating hashing power and potentially creating an adversarial majority within a single shard. To counter this adversarial strategy, we introduce textit{sharing mining}, allowing the honest mining power of the entire network to participate in the secure ledger formation of each shard, thereby achieving the same level of security as an unsharded blockchain. Additionally, we introduce an asynchronous atomic commitment mechanism to ensure transaction atomicity across shards with various mining rates. Our theoretical analysis demonstrates that Manifoldchain scales linearly in throughput with the increase in shard numbers and inversely with network delay in each shard. We implement a full system prototype of Manifoldchain, comprehensively evaluated on both simulated and real-world testbeds. These experiments validate its vertical scalability with network bandwidth and horizontal scalability with network size, achieving a substantial improvement of 186% in throughput over baseline sharding protocols, for scenarios where bandwidths of miners range from 5Mbps to 60Mbps.
带宽限制是阻碍工作量证明区块链扩展吞吐量的主要瓶颈。为了保证安全性,区块链的挖掘速率由带宽最低的矿工决定,导致快速矿工的带宽利用效率低下。我们提出了Manifestchain,这是一种创新的区块链分片协议,可以减轻慢速矿工的影响,最大限度地提高区块链吞吐量。Manifestchain利用带宽集群分片形成机制,将具有相似带宽的矿工分组到同一分片中。因此,这种方法使我们能够根据每个分片的带宽为其设置最佳挖掘速率,有效地减少了慢速矿工造成的等待时间。然而,对手可能会破坏带宽相似的矿工,从而集中哈希能力,并可能在单个分片内产生对抗性多数。为了应对这种对抗策略,我们引入了textit{共享挖掘},允许整个网络的诚实挖掘能力参与每个分片的安全分类账形成,从而实现与未分片区块链相同的安全级别。此外,我们引入了一种异步原子承诺机制,以确保不同挖掘速率的分片之间的事务原子性。我们的理论分析表明,Manifestchain的吞吐量随着分片数量的增加呈线性扩展,与每个分片中的网络延迟呈反比。我们实现了Manifestchain的完整系统原型,在模拟和现实世界的测试台上进行了全面评估。这些实验验证了其与网络带宽的垂直可扩展性和与网络大小的水平可扩展性,在矿工带宽从5Mbps到60Mbps的情况下,吞吐量比基线分片协议大幅提高了186%。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-28-paper.pdf
3
Title:
The Forking Way: When TEEs Meet Consensus
分叉之路:当TEEs达成共识时
Authors:
Annika Wilde (Ruhr University Bochum), Tim Niklas Gruel (Ruhr University Bochum), Claudio Soriente (NEC Laboratories Europe), Ghassan Karame (Ruhr University Bochum)
Abstract:
An increasing number of distributed platforms combine Trusted Execution Environments (TEEs) with blockchains. Indeed, many hail the combination of TEEs and blockchains a good “marriage”: TEEs bring confidential computing to the blockchain while the consensus layer could help defend TEEs from forking attacks.
In this paper, we systemize how current blockchain solutions integrate TEEs and to what extent they are secure against forking attacks. To do so, we thoroughly analyze 29 proposals for TEE-based blockchains, ranging from academic proposals to production-ready platforms. We uncover a lack of consensus in the community on how to combine TEEs and blockchains. In particular, we identify four broad means to interconnect TEEs with consensus, analyze their limitations, and discuss possible remedies. Our analysis also reveals previously undocumented forking attacks on three production-ready TEE-based blockchains: Ten, Phala, and the Secret Network. We leverage our analysis to propose effective countermeasures against those vulnerabilities; we responsibly disclosed our findings to the developers of each affected platform.
越来越多的分布式平台将可信执行环境(TEE)与区块链相结合。事实上,许多人称赞TEE和区块链的结合是一种很好的“结合”:TEE为区块链带来了机密计算,而共识层可以帮助保护TEE免受分叉攻击。
在本文中,我们系统化了当前的区块链解决方案如何集成TEE,以及它们在多大程度上可以抵御分叉攻击。为此,我们深入分析了基于TEE的区块链的29个提案,从学术提案到生产就绪平台。我们发现社区中对于如何将TEE和区块链结合起来缺乏共识。特别是,我们确定了四种将TEE与共识互连的广泛方法,分析了它们的局限性,并讨论了可能的补救措施。我们的分析还揭示了之前未记录的对三个基于TEE的生产就绪区块链的分叉攻击:Ten、Phala和Secret Network。我们利用我们的分析提出了针对这些漏洞的有效对策;我们负责任地向每个受影响平台的开发人员披露了我们的发现。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-1934-paper.pdf
4
Title:
Eclipse Attacks on Monero's Peer-to-Peer Network
对Monero点对点网络的Eclipse攻击
Authors:
Ruisheng Shi (Beijing University of Posts and Telecommunications), Zhiyuan Peng (Beijing University of Posts and Telecommunications), Lina Lan (Beijing University of Posts and Telecommunications), Yulian Ge (Beijing University of Posts and Telecommunications), Peng Liu (Penn State University), Qin Wang (CSIRO Data61), Juan Wang (Wuhan University)
Abstract:
Eclipse attack is a major threat to the blockchain network layer, wherein an attacker isolates a target node by monopolizing all its connections, cutting it off from the rest of the network. Despite the attack's demonstrated effectiveness in Bitcoin (Usenix'15, SP'20, Usenix'21, CCS'21, SP'23) and partially in Ethereum (NDSS'23, SP'23), its applicability to a wider range of blockchain systems remains uncertain.
In this paper, we investigate eclipse attacks against Monero, a blockchain system known for its strong anonymity and pioneering the use of Dandelion++ (the state-of-the-art blockchain network layer protocol for transaction privacy protection). Our analysis of Monero's connection management mechanism reveals that existing eclipse attacks are surprisingly ineffective against Monero. We accordingly introduce the first practical eclipse attack against Monero by proposing a connection reset approach, which forces the target node to drop all benign connections and reconnect with malicious nodes. Specifically, we outline two methods for executing such an attack. The first one exploits the private transaction mechanisms, while the second method leverages the differences in propagation between stem transactions and fluff transactions under Dandelion++. Our attack is not only applicable to Monero but to all blockchain systems utilizing Dandelion++ and similar connection management strategies.
We conduct experiments on the Monero mainnet. Evaluation results confirm the feasibility of our attack. Unlike existing eclipse attacks, our connection reset-based approach does not require restarting the target node, significantly accelerating the attack process and making it more controllable. We also provide countermeasures to mitigate the proposed eclipse attack while minimizing the impact on Monero. In addition, we have ethically reported our investigation to Monero official team.
Eclipse 攻击是对区块链网络层的一种重大威胁,攻击者通过垄断目标节点的所有连接来孤立该节点,切断其与网络其他部分的联系。尽管这种攻击在比特币(Usenix'15、SP'20、Usenix'21、CCS'21、SP'23)中被证明有效,在以太坊(NDSS'23、SP'23)中也部分有效,但它是否适用于更广泛的区块链系统仍不确定。
在本文中,我们研究了针对 Monero 的日蚀攻击,Monero 是一个以强匿名性著称的区块链系统,率先使用了 Dandelion++(用于交易隐私保护的最先进的区块链网络层协议)。我们对 Monero 的连接管理机制进行的分析表明,现有的日蚀攻击对 Monero 出奇地无效。因此,我们提出了一种连接重置方法,迫使目标节点放弃所有良性连接,并与恶意节点重新连接,从而首次针对 Monero 提出了实用的日蚀攻击。具体来说,我们概述了执行这种攻击的两种方法。第一种方法利用了私有交易机制,第二种方法则利用了蒲公英++下茎交易和绒毛交易在传播上的差异。我们的攻击不仅适用于 Monero,也适用于所有使用 Dandelion++ 和类似连接管理策略的区块链系统。
我们在 Monero 主网上进行了实验。评估结果证实了我们攻击的可行性。与现有的日蚀攻击不同,我们基于连接重置的方法不需要重启目标节点,从而大大加快了攻击进程,使其更加可控。我们还提供了应对措施,以减轻拟议的日蚀攻击,同时最大限度地减少对 Monero 的影响。此外,我们还向 Monero 官方团队道德地报告了我们的调查。
Pdf下载链接:
https://www.ndss-symposium.org/wp-content/uploads/2025-95-paper.pdf