{"publisher":"ACM","abstract":[{"lang":"eng","text":"With the proliferation of blockchain technology in high-value sectors, consensus protocols are becoming critical infrastructures. The rapid innovation cycle in Byzantine fault tolerant (BFT) consensus protocols has culminated in HotStuff, which provides linear message complexity in the partially synchronous setting. To achieve this, HotStuff leverages a leader that collects, aggregates, and broadcasts the messages of other validators. This paper analyzes the security implications of such approaches in practice, from the perspective of liveness and availability.\r\nBy implementing attacks in a globally-distributed testbed, we show that state-of-the-art leader-based protocols are vulnerable to denial-of-service (DoS) attacks on the leader. Our attacks, demonstrated on committees of up to 64 validators, manage to disrupt liveness within seconds, using only a few tens of Mbps of attack bandwidth per validator. Crucially, the cost and effectiveness of the attacks are independent of the committee size. Based on the outcome of these experiments, we then propose and test effective mitigations. Our findings show that advancements in both protocol design and network-layer defenses can greatly improve the practical resilience of BFT consensus protocols."}],"file":[{"checksum":"1e743ddf49d35390eb56e11eb0759150","relation":"main_file","access_level":"open_access","file_id":"18914","creator":"dernst","success":1,"date_updated":"2025-01-27T14:04:12Z","file_name":"2024_ACMAsiaCCS_Giuliari.pdf","date_created":"2025-01-27T14:04:12Z","file_size":951940,"content_type":"application/pdf"}],"OA_place":"publisher","_id":"18913","publication":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","tmp":{"short":"CC BY (4.0)","image":"/images/cc_by.png","legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)"},"department":[{"_id":"ElKo"}],"publication_status":"published","doi":"10.1145/3634737.3656997","type":"conference","conference":{"location":"Singapore, Singapore","end_date":"2024-07-05","name":"ASIACCS: Asia Conference on Computer and Communications Security","start_date":"2024-07-01"},"author":[{"last_name":"Giuliari","first_name":"Giacomo","full_name":"Giuliari, Giacomo"},{"last_name":"Sonnino","full_name":"Sonnino, Alberto","first_name":"Alberto"},{"last_name":"Frei","first_name":"Marc","full_name":"Frei, Marc"},{"full_name":"Streun, Fabio","first_name":"Fabio","last_name":"Streun"},{"id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","last_name":"Kokoris Kogias","first_name":"Eleftherios","full_name":"Kokoris Kogias, Eleftherios"},{"last_name":"Perrig","full_name":"Perrig, Adrian","first_name":"Adrian"}],"date_updated":"2025-04-10T11:50:13Z","date_published":"2024-07-01T00:00:00Z","article_processing_charge":"Yes (in subscription journal)","month":"07","has_accepted_license":"1","day":"01","language":[{"iso":"eng"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","license":"https://creativecommons.org/licenses/by/4.0/","scopus_import":"1","acknowledgement":"This work was mostly realized while Alberto Sonnino and Lefteris Kokoris-Kogias were employed at Meta. We gratefully acknowledge support for this project from ETH Zurich and Mysten Labs.","date_created":"2025-01-27T13:57:00Z","quality_controlled":"1","OA_type":"hybrid","title":"An empirical study of consensus protocols’ DoS resilience","file_date_updated":"2025-01-27T14:04:12Z","year":"2024","ddc":["000"],"page":"1345-1360","publication_identifier":{"isbn":["9798400704826"]},"status":"public","oa":1,"oa_version":"Published Version"}