Now, Catalin Cimpanu at Bleeping Computer reports on research showing yet another way in which P2P networks can become vulnerable through centralization driven by economies of scale. Below the fold, some details.
the Bitcoin network, despite counting thousands of nodes, is largely hosted on a small number of ISPs (networks, Autonomous Systems — AS). For example, 13 ISPs host 30% of the entire Bitcoin network, while 39 ISPs host 50% of the whole Bitcoin mining power.and this fact is being exploited via BGP hijacks:
Furthermore, most of the traffic exchanged between Bitcoin nodes passes through a small number of ISPs. In exact numbers, just three ISPs handle 60% of all Bitcoin traffic, right now.
Based on statistical data, researchers say they’ve found that around 100 Bitcoin nodes are the victims of BGP hijacks each month, with the largest number of BGP hijacks happening in November 2015, when 8% of the entire Bitcoin nodes (447 at the time) were the victims of such incidents.The research is described in Hijacking Bitcoin: Routing Attacks on Cryptocurrencies by Maria Apostolaki, Aviv Zohar and Laurent Vanbever, who write:
While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ∼50% of the mining power — even when considering that mining pools are heavily multi-homed.They show two classes of routing-based attacks on the Bitcoin network are feasible:
First, we evaluate the ability of attackers to isolate a set of nodes from the Bitcoin network, effectively partitioning it. Second, we evaluate the impact of delaying block propagation by manipulating a small number of key Bitcoin messages.BGP (Border Gateway Protocol) is a long-standing vulnerability of the Internet, so it is not surprising that it can and is affecting the Bitcoin network. The more interesting part of their research is that it illuminates second-order effects of economies of scale on P2P networks. Economies of scale drove Bitcoin mining from home computers into large data centers. Economies of scale drove these data centers to be located in a few areas with very cheap power and cooling. Thus these data centers naturally used the few ISPs that served these areas, leading to centralization at the network level, and thus to vulnerabilities caused by centralization at the network level.