We study the effects of the Internet, especially with respect to routing on public Blockchains, taking Bitcoin as our use case. To that end, we first uncover the impact that Internet routing attacks (such as BGP hijacks) and malicious Internet Service Providers (ISP) can have on Bitcoin (see paper). Next, we provide a concrete relay design that guarantees connectivity to the Bitcoin network even in the presence of a malicious ISP (see paper). Both our attacks and our relay design generalize to other public Blockchains.

Attacks

Because of the extreme efficiency of Internet routing attacks and the centralization of the Bitcoin network in few networks worldwide, we show that the following two attacks are practically possible today:

Partition attack: Any ISP can partition the Bitcoin network by hijacking few IP prefixes.

Delay attack: Any ISP carrying traffic from and/or to a Bitcoin node can delay its block propagation by 20 minutes while staying completely under the radar.

The potential damage to Bitcoin is worrying. Among others, these attacks could reduce miner's revenue and render the network much more susceptible to double spending. These attacks could also prevent merchants, exchanges and other large entities that hold bitcoins from performing transactions.

Defences

To secure Bitcoin against the most effective attack, namely the partition attack we build SABRE. SABRE is a secure and scalable Bitcoin relay network which relays blocks worldwide through a set of connections that are resilient to routing attacks. SABRE runs alongside the existing peer-to-peer network and is easily deployable. As a critical system, SABRE design is highly resilient and can efficiently handle high bandwidth loads, including Denial of Service attacks. Our results demonstrate that SABRE is effective at securing Bitcoin against routing attacks, even with deployments of as few as 6 nodes.

We built SABRE by levaraging two key technical insights.

Our Work won an IRTF Applied Networking Research Prize! You can find more information about the award here and the video of the presentation here .

We leverage fundamental properties of inter-domain routing (BGP) policies to host relay nodes: (i) in networks that are inherently protected against routing attacks; and (ii) on paths that are economically-preferred by the majority of Bitcoin clients. These properties are generic and can be used to protect other Blockchain-based systems.We leverage the fact that relaying blocks is communication-heavy, not computation-heavy. This enables us to offload most of the relay operations to programmable network hardware (using the P4 programming language). Thanks to this hardware/software co-design, SABRE nodes operate seamlessly under high load while mitigating the effects of malicious clients.