Does an Eclipse Attack pose a huge threat to the entire Bitcoin network?

[Felicity_Tide]

I am here again with questions that have raised my curiosity, but this time, they are security related. Security matters are practically the concern of everyone, whether it be within or outside Bitcoin matters. But there are needs to pay massive attention in this area so as to protect a true technology(Bitcoin) with value and transparency.

we can't underestimate the number of users who have chosen to run a node inorder to contribute more security to the Bitcoin network. These has strengthen decentralization and transparency among every participants that are connected to the network in one way or another. An attack on the network is practically what most people have learnt about, or will learn about in their Bitcoin journey.

51% attack happens to be very common, since majority of us must have come across a written article that provides explanation either here on BTT or elsewhere. it involves an entity gaining control of more than half of a blockchain network’s computing power(hash rate). This attack is proposed to have so many consequences such as reordering of the blocks, stealing and altering of transactions, etc.

Not until recently, when I came across Eclipse Attack. This attack sounds different from the one above, as it involves:
An attack that is been targeted at a specific node within P2P network. This attack obscure(make things unseen) a node's view, thereby rendering it isolated.

If by trying to manipulate a single node so as to prevent it from receiving information from other genuine nodes, then how does it become a threat when all other nodes are not disturb, but just only one?. like, isn't it a waste of time for anyone who is trying to manipulate just a single node?.

I really don't know how beneficial this type of attack can be to anyone who is having it in mind, because it's not even as threatening compared to the 51% attack. I also came across Sybil attack, which I might be confusing it with an Eclipse attack, so here are...

 My Question:
1. Are miners major targets or just those who runs a node?.
2. does an eclipse attack pose a massive threat to the network compared to a 51% attack?.
3. Is Eclipse Attack same as Sybil Attack?.


I am 100% open to correction as I still see myself as a learner. Pardon any of my error and share your personal opinion. You might want to also DYOR after reading this.

[un_rank]

Here is a good topic^[1] that discussed Eclipse Attack, it is the most detailed one I could find that contains relevant and recent information, like this article^[2] which talks about the implications of such an attack, many of which fixes has been implemented in subsequent versions of Bitcoin core^[3]

1. Are miners major targets or just those who runs a node?.
2. does an eclipse attack pose a massive threat to the network compared to a 51% attack?.
3. Is Eclipse Attack same as Sybil Attack?.

1. Any node could be the target of this attack.
2. Not as massive a threat, it can be used as a prop to a 51% attack or an attempt to double spend.
3. No. A sybil attack as I understand it, is an attempt to pass of a false chain as the real one. It is almost impossible to do with Bitcoin and PoW mechanism which requires you to do lots of work, making it unprofitable, it is more common in other blockchains which operate on a different mechanism.

[1] https://bitcointalk.org/index.php?topic=5468788.20
[2] https://eprint.iacr.org/2015/263.pdf
[3] http://web.archive.org/web/20220412122303/http://cs-people.bu.edu/heilman/eclipse/

- Jay -

[ABCbits]

My Question:
1. Are miners major targets or just those who runs a node?.
2. does an eclipse attack pose a massive threat to the network compared to a 51% attack?.
3. Is Eclipse Attack same as Sybil Attack?.

1. Anyone can become the target. But i expect there's more reason to attack node owned by miner/pool rather than random node.
2. No, especially when Bitcoin Core already fixed most of possible Eclipse attack.
3. No, although both of them are related. Eclipse Attack is about isolating your node from rest of the network, while Sybil Attack is about attack where you gain influence/power by running node/create multiple fake identity. Although in case of Bitcoin, running lots of node doesn't let anyone perform Sybil attack.

[Felicity_Tide]

Here is a good topic^[1] that discussed Eclipse Attack, it is the most detailed one I could find that contains relevant and recent information, like this article^[2] which talks about the implications of such an attack, many of which fixes has been implemented in subsequent versions of Bitcoin core^[3]
[1] https://bitcointalk.org/index.php?topic=5468788.20

Very interesting topic. The op used a good pictorial representation to make an explanation. But I observed that there seem to be contradiction, as few people couldn't agree that the quoted text below is part of what a supposed attacker can do. Any clarification on that?.

Broadcast fake transactions

[2] https://eprint.iacr.org/2015/263.pdf

I will go through this.

1. Anyone can become the target. But i expect there's more reason to attack node owned by miner/pool rather than random node.

Makes proper sense to me now.

3. while Sybil Attack is about attack where you gain influence/power by running node/create multiple fake identity. Although in case of Bitcoin, running lots of node doesn't let anyone perform Sybil attack.

Could this be possible on the Ethereum network?

And I also noticed this reply:

Mining pools can't accept the incoming connection of dozens of thousands of Bitcoin nodes, and neither should they. The network is peer-to-peer. That's why we have DNS seeds.

So, If I decide to run a full node, then my node will have to connect to other people's node who are within same geo-location(region) with me?, Rather than connecting to the pool directly?.

[un_rank]

But I observed that there seem to be contradiction, as few people couldn't agree that the quoted text below is part of what a supposed attacker can do. Any clarification on that?.

Broadcast fake transactions

There is no way to broadcast a fake transaction, either to an isolated node or to the entire network, if a transaction does not meet protocol standards, it cannot be be created or broadcasted. The attempt can be be to try and double spend a transaction.

- Jay -

[NotATether]

So, If I decide to run a full node, then my node will have to connect to other people's node who are within same geo-location(region) with me?, Rather than connecting to the pool directly?.

Bitcoin Core doesn't know anything about location of your peers, and it does not have a geo-lookup service to find the location of an IP address. So actually, it doesn't care who it's connected to, as long as the other peer is responsive and continues to send valid messages in a timely manner.

Key word here being *valid* because if any attempt is made to manipulate the other bitcoin node then it is placed in the node's banlist and will not connect to it anymore.

[ABCbits]

3. while Sybil Attack is about attack where you gain influence/power by running node/create multiple fake identity. Although in case of Bitcoin, running lots of node doesn't let anyone perform Sybil attack.

Could this be possible on the Ethereum network?

Short answer, no. You also need tons of staked ETH to attempt Sybil attack.

So, If I decide to run a full node, then my node will have to connect to other people's node who are within same geo-location(region) with me?, Rather than connecting to the pool directly?.

Bitcoin Core doesn't know anything about location of your peers, and it does not have a geo-lookup service to find the location of an IP address. So actually, it doesn't care who it's connected to, as long as the other peer is responsive and continues to send valid messages in a timely manner.

Key word here being *valid* because if any attempt is made to manipulate the other bitcoin node then it is placed in the node's banlist and will not connect to it anymore.

Although it's worth to mention Bitcoin Core perform IP bucketing, see https://bitcoincore.reviews/16702.