SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected...
Transcript of SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected...
![Page 1: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/1.jpg)
Maria Apostolaki
ETH Zürich
Joint work with Gian Marti, Jan Müller and Laurent Vanbever
Protecting Bitcoin against Routing Attacks SABRE
�1
![Page 2: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/2.jpg)
�2
An adversary splits the Bitcoin network in two disjoint components
Partition Attack
![Page 3: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/3.jpg)
�3
Partition attack is general, dangerous, effective, practical
![Page 4: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/4.jpg)
�4
Partition attack is general, dangerous, effective, practical
Any Blockchain system is vulnerable
![Page 5: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/5.jpg)
�5
Partition attack is general, dangerous, effective, practical
Any Blockchain system is vulnerable
Double-spending, Revenue Loss, DoS
![Page 6: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/6.jpg)
�6
Partition attack is general, dangerous, effective, practical
50-50 partition is feasible
Any Blockchain system is vulnerable
Double-spending, Revenue Loss, DoS
![Page 7: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/7.jpg)
�7
Any network in the world is a possible attacker
Partition attack is general, dangerous, effective, practical
50-50 partition is feasible
Any Blockchain system is vulnerable
Double-spending, Revenue Loss, DoS
![Page 8: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/8.jpg)
�8
Any network in the world is a possible attacker
In 2017 we uncovered the practicality and effectiveness of routing attacks in Bitcoin
Double-spending, Revenue Loss, DoS
Any Blockchain system is vulnerable
50-50 partition is feasible
![Page 9: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/9.jpg)
Bitcoin is a distributed network of nodes (Bitcoin clients)
j
k
l
m
n
o
p
q
9
![Page 10: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/10.jpg)
Bitcoin clients establish random connections
j
k
l
m
n
o
p
q
10
![Page 11: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/11.jpg)
Bitcoin clients exchange Blocks
j
k
l
m
n
o
p
q
block
11
![Page 12: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/12.jpg)
Blocks contain the latest transactions
j
k
l
m
n
o
p
q
block
block
block
12
![Page 13: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/13.jpg)
block
block
j
k
l
m
n
o
p
q
block
block
block
Bitcoin clients exchange Blocks
13
![Page 14: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/14.jpg)
block
block
j
k
l
m
n
o
p
q
block
block
block
block
block
block
until all clients have the same view of the transactionsBitcoin clients exchange Blocks
14
![Page 15: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/15.jpg)
�15
What can go wrong?
![Page 16: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/16.jpg)
Bitcoin connections are routed over the Internet using BGP, the default Internet routing protocol
Internet
j
k
l
m
n
o
p
q
16
![Page 17: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/17.jpg)
G
F
E
C
HB
ID
The Internet is composed of Autonomous Systems
j
k
l
m
n
o
p
q
AA
B
D
17
![Page 18: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/18.jpg)
G
F
E
C
HB
ID
Each Bitcoin client n has an IP
j
k
l
m
n
o
p
q
AA
B
D
82.0.0.3
18
![Page 19: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/19.jpg)
G
F
E
C
HB
ID
AS H creates a BGP advertisement for n’s IP prefix
j
k
l
m
n
o
p
q
AA
B
D
82.0.0.3
82.0.0.0/23
Path:
19
![Page 20: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/20.jpg)
G
F
E
C
HB
ID
BGP propagates advertisements in the Internet
j
k
l
m
n
o
p
q
AA
B
D
82.0.0.0/23
Path: H
82.0.0.0/23
Path: H
82.0.0.0/23
Path: H
20
82.0.0.3
![Page 21: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/21.jpg)
82.0.0.3
G
F
E
C
HB
ID
j
k
l
m
n
o
p
q
AA
B
D
82.0.0.0/23
Path: B H Path: G H
82.0.0.0/23
Path: I H
82.0.0.0/23
Path: E H
82.0.0.0/23
82.0.0.0/23
BGP propagates advertisements in the Internet
21
![Page 22: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/22.jpg)
82.0.0.3
G
F
E
C
HB
ID
j
k
l
m
n
o
p
q
AA
B
D 82.0.0.0/23
Path: I H
82.0.0.0/23
Path: H
82.0.0.0/23
Path: H
AS I can directly reach AS H
22
![Page 23: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/23.jpg)
G
F
E
C
HB
ID
j
k
l
m
n
o
p
q
AA
B
D 82.0.0.0/23
Path: I H
82.0.0.0/23
Path: H
82.0.0.0/23
Path: H
BGP does not check the legitimacy of advertisements
23
![Page 24: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/24.jpg)
G
F
E
C
HB
ID
j
k
l
m
n
o
p
q
AA
B
D
82.0.0.0/23
Path: H
82.0.0.0/24
Path: H G
Attacker creates a fake BGP advertisement
24
![Page 25: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/25.jpg)
G
F
E
C
HB
ID
j
k
l
m
n
o
p
q
AA
B
D
82.0.0.0/23
Path: H
82.0.0.0/24
Attacker attracts traffic destined to AS H using BGP hijacking
25
Path: H G
![Page 26: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/26.jpg)
A
F
E
C
HB
I
D
j
k
l
m
n
o
p
q
Attacker attracts connections with BGP hijacking
26
![Page 27: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/27.jpg)
A
F
E
C
HB
I
D
j
k
l
m
n
o
p
q
Attacker drops connections crossing the partition
27
![Page 28: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/28.jpg)
A
F
E
C
HB
I
D
j
k
l
m
n
o
p
q
A new block in the grey zone cannot be propagated further
28
block
![Page 29: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/29.jpg)
�29
SABRE:Additional channel that is engineered to allow clients to exchange blocks, even if the Bitcoin network is partitioned
![Page 30: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/30.jpg)
�30
SABRE:Additional channel that is engineered to allow clients to exchange blocks, even if the Bitcoin network is partitioned
… without the need to deploy secure routing protocols
![Page 31: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/31.jpg)
G
F
E
C
HB
ID
j
k
l
m
n
o
p
q
AA
B
D
SABRE does not affect any of the regular Bitcoin clients
31
![Page 32: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/32.jpg)
GA
F
E
C
HB
I
D
SABRE is an overlay network of special Bitcoin clients
j
k
l
m
n
o
p
q
32
![Page 33: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/33.jpg)
GA
F
E
C
HB
I
D
SABRE nodes are connected to each other
j
k
l
m
n
o
p
q
33
![Page 34: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/34.jpg)
GA
F
E
C
HB
I
D
Each Bitcoin client connects to at least one SABRE node
j
k
l
m
n
o
p
q
34
![Page 35: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/35.jpg)
A
F
E
C
HB
I
D
SABRE protects the Bitcoin network from partition attacks
j
k
l
m
n
o
p
q
35
![Page 36: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/36.jpg)
A
F
E
C
HB
I
D
Block is propagated via the SABRE network
j
k
l
m
n
o
p
q
36
block
![Page 37: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/37.jpg)
�37
The attacker might try to fight back by attacking SABRE itself
�37
![Page 38: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/38.jpg)
�38
The attacker might try to fight back by attacking SABRE itself
Attacker knows SABRE’s locations and code
BGP hijacks against SABRE nodes
malicious requests to take down SABRE nodes
![Page 39: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/39.jpg)
�39
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
![Page 40: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/40.jpg)
�40
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
secure relay-to-relay connections
SABRE needs to…
![Page 41: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/41.jpg)
�41
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
secure relay-to-relay connections
SABRE needs to…
�41
![Page 42: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/42.jpg)
�42
remain reachable by Bitcoin clients
relay blocks seamlessly
secure relay-to-relay connections
SABRE needs to…
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
![Page 43: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/43.jpg)
�43
NetworkDesign
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks seamlessly
secure relay-to-relay connections
SABRE needs to…
![Page 44: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/44.jpg)
�44
NetworkDesign
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
NodeDesign
![Page 45: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/45.jpg)
�45
Protecting Bitcoin against Routing Attacks SABRE
SABRE locationinherently safe locations
SABRE design software/hardware
Deployabilitydeployment opportunities
![Page 46: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/46.jpg)
�46
Protecting Bitcoin against Routing Attacks SABRE
SABRE locationinherently safe locations
SABRE design software/hardware
Deployabilitydeployment opportunities
![Page 47: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/47.jpg)
�47
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
NodeDesign
![Page 48: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/48.jpg)
�48
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
NodeDesign
![Page 49: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/49.jpg)
SABRE selects nodes that satisfy three properties
each node is hosted in /24 IP prefixes
nodes are connected via financially & distance-wise optimal paths
relay graph is k-connected
49
![Page 50: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/50.jpg)
longer prefix hijacksare not possible
each node is hosted in /24 IP prefixes
nodes are connected via financially & distance-wise optimal paths
relay graph is k-connected
50
SABRE selects nodes that satisfy three properties
![Page 51: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/51.jpg)
Relays A and relay B are hosted in ASes with customer-provider relationship
BA
relay A relay B
51
$$$
![Page 52: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/52.jpg)
AS A receives a BGP advertisement from AS B for the prefix of relay B
BA
82.0.0.0/23
Path: Brelay A relay B
$$$
52
![Page 53: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/53.jpg)
Relay A sends to relay B via a direct expensive link
BA
82.0.0.0/23
Path: Brelay A relay B
$$$
53
![Page 54: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/54.jpg)
AS A has a malicious or compromised neighbor ASwith a least expensive link
C
82.0.0.0/23
Path: B$$
BA
relay A relay B
$$$
54
![Page 55: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/55.jpg)
$$
Attacker advertises AS B’s prefix to AS A
82.0.0.0/23
C
82.0.0.0/23
Path: B
Path: B C
BA
relay A relay B
$$$
55
![Page 56: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/56.jpg)
$$
AS A prefers the path via the attacker, because it is less expensive
C
82.0.0.0/23
Path: B
BA
relay A relay B
$$$
82.0.0.0/23
Path: B C
56
![Page 57: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/57.jpg)
$$
The attacker can disconnect the relays
C
82.0.0.0/23
Path: B
BA
relay A relay B
$$$
82.0.0.0/23
Path: B C
57
![Page 58: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/58.jpg)
no strictly more preferred path exists
each node is hosted in /24 IP prefixes
nodes are connected via financially & distance-wise optimal paths
relay graph is k-connected
58
SABRE selects nodes that satisfy three properties
![Page 59: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/59.jpg)
Relays A, B are hosted in ASes with a more cost effective agreement
relay A relay B
$
59
![Page 60: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/60.jpg)
Attacker’s advertisement is less preferred,thus attacker cannot discontent the relays
82.0.0.0/23
Path: B
82.0.0.0/23
Path: B C
C
BA
relay A relay B
$$
$$
60
![Page 61: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/61.jpg)
Aggreements can be revoked, link can be cut …
C
82.0.0.0/23
Path: B C
BA
relay A relay B
$$
61
![Page 62: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/62.jpg)
Relay A will inevitably send traffic via ASC
C
Peering agreement can be revoked, link can be cut …
BA
relay A relay B
62
![Page 63: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/63.jpg)
each node is hosted in /24 IP prefixes
nodes are connected via financially & distance-wise optimal paths
relay graph is k-connected relay connectivity is not
disrupted by any k-1 cuts
63
SABRE selects nodes that satisfy three properties
![Page 64: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/64.jpg)
2-k connected graph retains connectivityeven if one peering link is cut
C
BA
relay A relay B
$$
$
$$
relay C 64
![Page 65: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/65.jpg)
If the link between relays A and B is cut
C
BA
relay A relay Brelay B
$$
$ $
relay C 65
![Page 66: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/66.jpg)
Relays A, B can still exchange blocks via the relay C
C
BA
relay A relay Brelay B
$$
$ $
relay C 66
If the link between relays A and B is cut
block
![Page 67: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/67.jpg)
�67
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
NodeDesign
![Page 68: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/68.jpg)
�68
SABRE positions nodes s.t. most clients are protected from each potential attacker
by at least one relay node
see paper for more
![Page 69: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/69.jpg)
�69
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
NodeDesign
![Page 70: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/70.jpg)
Node-levelattacks
We evaluate SABRE’s network design by its effectiveness against two attack types
�70
![Page 71: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/71.jpg)
Network-wide attacks
Node-levelattacks
We evaluate SABRE’s network design by its effectiveness against two attack types
�71
![Page 72: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/72.jpg)
Network-wide attacks
Effective attackAll ASes follow fake advertisement
Node-levelattacks
We evaluate SABRE’s network design by its effectiveness against two attack types
�72
![Page 73: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/73.jpg)
We evaluate SABRE’s network design by its effectiveness against two attack types
Network-wide attacks
Node-levelattacks
What is the largest partitioneach single AS can create?
How many clients are protected against isolation?
�73
![Page 74: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/74.jpg)
What is the largest partition each single AS can create?
current network
20 SABRE nodes single connected
>90% of the clients can be isolated by any single AS in the world
>15% of the clients can be isolated only by 2.5% of ASes in the world
6 SABRE nodes 3-k connected
>15% of the clients can be isolated by only 3% of ASes in the world
�74
![Page 75: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/75.jpg)
What is the largest partition each single AS can create?
current network
�75
any single AS in the world can create partitions of >90% of the clients
![Page 76: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/76.jpg)
What is the largest partition each single AS can create?
current network
6 SABRE nodes 3-connected
only 3% of ASes in the world can create a partition of 15%-30%
�76
see paper for more results
any single AS in the world can create partitions of >90% of the clients
![Page 77: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/77.jpg)
We evaluate SABRE’s network design by its effectiveness against two attack types
What is the largest partitioneach single AS can create?
Network-wide attacks
Node-levelattacks
How many clients are protected against isolation?
�77
![Page 78: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/78.jpg)
How many clients are protected against isolation?
current network
6 SABRE nodes single connected
at most 10% are protected from 50% of ASes
90% of Bitcoin clients are protectedfrom 92.5% of ASes
6 SABRE nodes 5-k connected
89.5% of Bitcoin clients are protectedfrom 92.5% of ASes
�78
![Page 79: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/79.jpg)
How many clients are protected against isolation?
current network at most 10% of Bitcoin clients are protected from 50% of ASes
�79
![Page 80: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/80.jpg)
How many clients are protected against isolation?
current network at most 10% of Bitcoin clients are protected from 50% of ASes
6 SABRE nodes 5-k connected
89.5% of Bitcoin clients are protected from 92.5% of ASes
see paper for more results
�80
![Page 81: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/81.jpg)
�81
Protecting Bitcoin against Routing Attacks SABRE
SABRE locationinherently safe locations
SABRE design software/hardware
Deployabilitydeployment opportunities
![Page 82: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/82.jpg)
�82
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
![Page 83: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/83.jpg)
�83
A SABRE node performs four operations
transmits blocks to Bitcoin clients
verifies blocks
receives blocks
maintains connections with Bitcoin clients
![Page 84: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/84.jpg)
Two ways to deploy a SABRE node
�84
![Page 85: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/85.jpg)
Serving few predefined clients
Two ways to deploy a SABRE node
Private deployment
�85
![Page 86: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/86.jpg)
Serving all Bitcoin clients
Two ways to deploy a SABRE node
Public deployment
�86
Serving few predefined clients
Private deployment
![Page 87: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/87.jpg)
Serving few predefined clients
Two ways to deploy a SABRE node
Private deployment Public deployment
�87
![Page 88: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/88.jpg)
Private SABRE nodes need not scale
establish connection to a predefined set of IPs
SABRE nodes need to
be unreachable for unknown clients
�88
receive and relay blocks
![Page 89: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/89.jpg)
Private SABRE nodes need not scale
establish connection to a predefined set of IPs
SABRE nodes need to
regular Bitcoin client with few whitelisted IPs is sufficient
�89
be unreachable for unknown clients
receive and relay blocks
![Page 90: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/90.jpg)
Private deployment
Serving few predefined clients
Public deployment
Serving all Bitcoin clients
Two ways to deploy a SABRE node
�90
![Page 91: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/91.jpg)
Public SABRE nodes need to scale
maintain thousands of connections
SABRE nodes need to
distinguish spoofing and malicious request
receive, verify and relay blocks fast
�91
![Page 92: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/92.jpg)
Public SABRE nodes need to scale
SABRE nodes need to
distinguish spoofing and malicious request
receive, verify and relay blocks fast
�92
Simple software implementation would not suffice
maintain thousands of connections
![Page 93: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/93.jpg)
SABRE can leverage programmable data planes
SABRE DP
93
![Page 94: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/94.jpg)
SABRE DP allows relay nodes to deal with high malicious or benign load
94
![Page 95: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/95.jpg)
can serve few Billions
of packets per second
scales to increased load
NetChain: Scale-Free Sub-RTT CoordinationNDSI 2018
is faster than any server optimization
95
SABRE DP allows relay nodes to deal with high malicious or benign load
![Page 96: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/96.jpg)
Dynamic Black/White lists Protection from spoofing &
Repetitive request
is faster than any server optimization
protects against malicious requests
96
SABRE DP allows relay nodes to deal with high malicious or benign load
![Page 97: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/97.jpg)
is faster than any server optimization
protects against malicious requests
almost all clients areseven directly from hardwareminimum software interaction
97
SABRE DP allows relay nodes to deal with high malicious or benign load
![Page 98: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/98.jpg)
Not all operations can be done in hardware
98
![Page 99: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/99.jpg)
control plane
data plane
SABRE
hardware
software #A
Bitcoin (TCP) connection
UDP connection
SABRE node has both software and hardware partsNot all operations can be done in hardware
99
![Page 100: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/100.jpg)
�100
remain reachable by Bitcoin clients
relay blocks
secure relay-to-relay connections
SABRE needs to…
SABRE is an additional overlay network which allows communication, even if the Bitcoin network is partitioned
![Page 101: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/101.jpg)
�101
Protecting Bitcoin against Routing Attacks SABRE
SABRE locationinherently safe locations
SABRE design software/hardware
Deployabilitydeployment opportunities
![Page 102: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/102.jpg)
Multiple deployment scenarios
102
![Page 103: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/103.jpg)
decreased cost
allows private deployments
SABRE’s deployment is practical
bootstrap with a software-only SABRE
103
![Page 104: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/104.jpg)
each party (e.g. pool) can deploy their own SABRE
SABRE’s deployment is practical
bootstrap with a software-only SABRE
multiple SABRE relays can co-exist
104
![Page 105: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/105.jpg)
clients can connect to bothrelays and regular clients
SABRE’s deployment is practical
bootstrap with a software-only SABRE
multiple SABRE relays can co-exist
community’s consensus is not required
105
![Page 106: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/106.jpg)
bootstrap with a software-only SABRE
e.g., FIBRE, FALCON can
relocate their nodesaccording to SABRE properties
SABRE’s deployment is practical
multiple SABRE relays can co-exist
community’s consensus is not required
network design applies to other relays
106
![Page 107: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/107.jpg)
�107
Protecting Bitcoin against Routing Attacks SABRE
SABRE locationinherently safe locations
SABRE design software/hardware
Deployabilitydeployment opportunities
![Page 108: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/108.jpg)
�108
Few SABRE relays can protect Bitcoin from partitionsby placing relay nodes in selected locations
SABRE can operate seamlessly under high load by serving clients directly in hardware
SABRE can be partially deployed and benefit early adopterse.g., each pool can deploy SABRE in software
Protecting Bitcoin against Routing Attacks SABRE
![Page 109: SABRE - ETH Z · preferred path exists each node is hosted in /24 IP prefixes nodes are connected via financially & distance-wise optimal paths relay graph is k-connected 58 SABRE](https://reader030.fdocuments.in/reader030/viewer/2022041006/5ead1fe205442b3a717ba403/html5/thumbnails/109.jpg)
SABRE vs FALCON & FIBRE
SABRE FALCON FIBRE
longer prefix hijack
protectedall nodes in /
24
vulnerableno node in /
24
vulnerableno node in /
24
same prefix hijack protected # possible
attackers# possible attackers
109