The updated version of Bitcoin Core (v0.20.0), among other improvements, contains an “Asmap” mechanism to protect against the so-called Erebus attack. In theory, it can disrupt the operation of the exchange or mining pools, reports Coindesk.
“Asmap” creates a hedge against malicious attempts to fragment the network by government agencies or large IT infrastructure companies such as Amazon.
In essence, the Erebus attack acts as a variation of the “man in the middle” attack and allows limiting and subsequent replacement of P2P connections in the blockchain. As a result, the target node can be “cut off” from the network, which will allow an attacker to take control of all aspects of its work and carry out a wide range of actions from censorship of individual transactions to an attack 51%.
The Erebus attack was first described by researchers at Singapore National University in 2019. Its implementation can be devastating in light of the increasing centralization of mining in recent years. In Greek mythology, Erebus is the personification of eternal darkness. The Erebus attack is a derivative of the Eclipse attack, which was introduced four years earlier.
According to researchers, about 10 thousand nodes are potentially susceptible to an Erebus attack, which can take anywhere from five to six weeks. The Asmap mechanism eliminates this threat, increasing the Bitcoin network’s resistance to censorship.
The presence of conditions for an Erebus attack is not a miscalculation of Satoshi Nakamoto. At the time of the creation of bitcoin, it was hard to imagine that the Internet would develop in this way. States and large providers control access to the Internet, and nodes, like other network members, have their own IP addresses.
“We are solving a problem of not your internet provider, but some internet provider in the world screwing you because that’s much more dangerous,” said Chaincode Labs researcher and Bitcoin Core contributor Gleb Naumenko.
When a node connects to a network, it usually creates eight outgoing connections, thus exchanging transactions with eight other nodes. The end goal is to make the victim node’s eight external connections pass through the malicious party.
The attack is carried out in two stages.
First, the AS maps out IP addresses of nodes within the network, noting where they can be found and what peers they connect to. Then the AS slowly begins to influence the peers it has surveyed. In other words, the malicious actor is working to exclusively accept connections from as many nodes in their community as possible.
“A powerful adversary, such as a nation-state attacker, may even aim to disrupt a large portion of the underlying peer-to-peer network of a cryptocurrency. At a small scale, the adversary can arbitrarily censor the transactions from the victim,” the researchers noted.
Unlike an Eclipse attack, an Erebus attack cannot be detected until it enters the active phase.
“In fact, there is no evidence. It looks like regular behavior,” explained Naumenko.
In Eclipse, an attacker uses information from the Internet protocol level, while in an Erebus attack it uses information from the Bitcoin protocol level. The Eclipse route “immediately reveals” the identity of the attacker, while this does not occur in the Erebus attack, which makes detection impossible until the attack begins.
To reduce the risk, in the latest release of Bitcoin Core, developers added connection maps of states and providers with typical Internet routing routes, based on which the node can avoid connecting to one malicious participant.
““This option is experimental and subject to removal or breaking changes in future releases,” said Bitcoin Core contributor Wladimir J. van der Laan.
According to Naumenko, the problem is fundamental. In addition to bitcoin, the Dash (DASH), Litecoin (LTC) and Zcash (ZEC) blockchains are subject to Erebus attacks.