The Tendermint consensus uses a deterministic round-robin process to choose the next validator for proposing a block. Wouldn’t an attacker also know this and be able to direct his bots to attack each validator in sequence (which may be less than a 100) in order to bring the network to a halt? Has Cosmos considered this? If so, what are the mechanisms to protect against it?
Yes this is considered as it is explicitly mentioned in the guide to become a validator.
I’m not part of the Cosmos team, but as far as I read it, the aim to solve this is by giving the responsibility to the validators. As a validator you lose money, or say atoms, when you are offline or effectively offline due to DoS. Nothing prevents a validator to have many instances of validation nodes, which take over when another fails.
I guess if DDosing becomes a thing, then validators will spawn more independent nodes,
We’re aware of the issue. Thank you for bringing this up. There is a discussion on Github https://github.com/tendermint/tendermint/issues/763. You are all welcome to join. Giving the responsibility to validators is one option, but we’re also considering introducing randomness into proposer’s selection.
My view is DDOS attacks on validators are going to more of a single show of force issue than an ongoing problem.
We expect validators to be fairly sophisticated operators. I’m going to recommend most validators run a “sentry node” architecture. Each validator should only connect to full nodes and other validators, ideally over private links.
DDOS attackers will be forced to attack multiple full nodes but they ultimately won’t be able to keep a validator off the network.
Once they fail, they will move on to softer targets.
There are certainly things we can do to make leader election less predictable but I’m unconvinced this is necessary.
2 Likes
Dunno if this would be a good test case to integrate crypto into the security layer of tcp/ip but me thinks yes. Imagine a “cost” associated for every communication to/from a node (private, public, hybrid). Could also be used to secure the powergrid, sensitive data, Cosmos validators, etc.
Get the protection from the ddos attack by using our Distributed Denial of Service for securing your business.