Follow us on 
or join ours 
The aim of this study is to present the current state of the process of investigation of nodes to consensus in the Stellar XLM network, using the protocol SCP (Stellar Consensus Protocol) based on the model FBA (Federated Byzantine Agreement)as well as presenting the problems associated with the possibility of blocking the network in the event that three of the main nodes managed by Stellar Development Foundation.
Report does not cover the Stellar XLM project in its entirety, but only one of its parts - the fundamental architecture of reaching agreement within a decentralized network.
If you would like to support my work (all tips and tricks are spent on developing further reports):
BTC: 3EPY1Ys9ojPdJGAbdC3fnjTzAetUPiAamP
ETH: 0xB92353CCeC318Bb0F5e0af050E08cE012846D8b8
Stellar - A critical state of network centralization
The report is largely based on a study by three South Korean researchers1: Minjeong Kim (KAIST), Yujin Kwon (KAIST), Yongdae Kim (KAIST).
Original title: "Is Stellar as secure as you think?".
The rest of the sources I use are given in the bibliography.
The results, published in the Korean researchers' report, led to a global discussion of 2 between developers and community members Stellar.
Many of the cryptocurrencies, though explicitly claim that they are fully decentralized, in fact it is strongly centralized and has many points to attack, thus excluding the entire network.
This is especially true cryptocurrency based on inefficient protocols in decentralized consensus DBFT and PBFT - they use them, e.g. NEO i Zilliqa and cryptocurrencies using the POW, but not having sufficient computing power to effectively increase the costs of network attack while 51 attack (when the 51% attack costs are high enough to cease to be economically viable for any organization).
I would like to also A Polish community of cryptocurren enthusiasts she began to notice this problem, because it concerns many crypts, even those from TOP 10, as I showed in my previous report: "NEO - Smart Economy3 ".
Maintaining consent between nodes in decentralized networks is essential.
Without how else can you confirm that the cryptocurrency you keep is actually yours?
Satoshi Nakamototo solve this problem (as well as double spending) he introduced to Bitcoin protocol POW (Proof of Work). It puts the utmost importance on safety.
However, the next cryptocurrencies, to increase the network capacity and propagation capabilities more transactions per secondthey use in their own blockchainach other ways to reach agreement.
Unfortunately, most of them lead, or are possible, only with significant or full centralization of network transaction authorization nodes.
1 https://arxiv.org/pdf/1904.13302.pdf
2 https://www.reddit.com/r/Stellar/comments/bblahk/is_stellar_as_secure_as_you_think/?sort=new&depth=1
3 https://tokeny.pl/neo/
Key conclusions:
• Analysis of the network consensus mechanism Stellar - FBA, showed that if the security of the FBA system is more error-tolerant than PBFT, then the life of the FBA system will have less fault tolerance than PBFT.
• Current configuration FBA used by Stellar jest strongly centralized.
• Research cascading errors with the current quorum configuration in the Stellar network, it showed that if three of the most important nodes were attacked, Stellar blockchain succumbs to a full failure.
• Three of the most important nodes belong to Stellar Foundationcreating the so-called "Single point of failure" - one a sensitive point in blockchain securitythat you can attack to stop the entire network.
• Stellar has hierarchical structure of nodes in the network. This is the equality and independence of the full nodes known from Bitcoin and Ethereumthat use the POW (Proof of Work) protocol.
• In response to the conducted study Stellar Development Foundation took steps to reduction of network centralization.
SCP - how the distributed network of Stellar comes to agreement
Stellar XLM is not just a cryptocurrencybut also distributed billing infrastructurewhich is guided by the idea that the world needs cheap, fast and reliable transactions and a new, open billing system.
Another of Stellar's foundations is the possibility of making transactions regardless of physical boundaries, thus connecting people from different corners of the world (it is impossible to notice that all of the cryptocurrencies allow this).
It holds the honorable place in TOP 10 cryptocurrency in terms of capitalization.
SCP 4 (Stellar Consensus Protocol) is a tool thanks to which Stellar network nodes scattered around the world can come together to agree on the current state of the network.
Unlike the standard one the banking systemwhen there is one central database, cryptocurrencies require agreement between multiple, independent nodes authorizing all transactions in the network.
What's more, they must be able to do it, even if some of the nodes turn out to be defective or faulty, attacked. Stellar currently has 645 validation nodes all transactions taking place within his blockchain.
SCP is based, in fundamental terms, on the assumptions known from the BFT protocol, which makes the decentralized system resistant to errors resulting from the problem Byzantine generals.
BFT (Bizantine Fault Tolerance) is a protocol by means of which, in spite of the appearance of dishonest nodes known from the problem of Byzantine Generals6, an agreement is reached in a specific, decentralized network.
BFT establishes a consensus and so-called resistance to Byzantine errors (these are simply types of errors resulting from the Problem of Byzantine Generals - e.g. What if one of the generals turns out to be a traitor? - translating it into computer networks - how a decentralized network is to come to an agreement, at which one of the main nodes is not trustworthy.)
At BFT, nodes continually send "messages" to each other so that they stay in agreement. BFT needs a minimum of 66 (6)% honest nodes to reach consensus.
Interestingly, the nodes in the BFT must also be extremely accurately timed (have the same timestamps), the smallest delays can lead to critical network errors.
4 https://www.stellar.org/papers/stellar-consensus-protocol.pdf
5 https://stellarbeat.io/
6 Wikipedia: The problem of Byzantine Generals
FBA7 used in Stellar is a generalization of the Byzantine Agreement (BA).
If all of the nodes decide to create the same quorum of trusted nodes, the FBA simply becomes BA.
So what is the quorum and how exactly does Stellar work?
The nodes in the Stellar network use a unique mechanism invented by the creators of Stellar, and called FBA (Federated Bizantine Agreement).
Nodes, instead of connecting with all the other nodes at any time in time, form a quorum in order to reach a proper agreement.
In simple words, the FBA assumes:
• Nodes choose a group of nodes they trust and do not care about the rest
• Nodes form groups within which there is an agreement regarding the transaction
• As soon as the consensus occurs in local groups, they communicate with each other and agree on the whole network
• The asymmetric structure of node validity (see Figure 3) 8 prevails
• Everyone can join the network and become a node (the current cost of maintaining such a node is approx. 40 $ per month)
7 https://www.youtube.com/watch?v=X3Gj2nQZCNM
8 http://muratbuffalo.blogspot.com/2018/04/the-stellar-consensus-protocol.html
The federal version of the Byzantine agreement used in SCP (Stellar Consensus Protocol) introduces two important mechanisms to the network consensus model:
A) Federal voting
B) Federal election of leaders among nodes
Federal voting is that each node participating in it can send confirmation or denial to the statement issued by another node: "x has been entered into the Stellar chain and should be approved in the main chain".
If the vote between quorum of trusted nodes it will turn out to be a success and none of the nodes will reject the transaction as incorrect, it will be accepted into the network. The federal vote takes place inside the quorum of trusted nodes, while dynamically establishing the limit of a given quorum.
The federal vote takes place in three phases.
In the first phase, the nodes send the transaction, then it is accepted, and at the end it is confirmed and passed to the main chain.
During the federal election, all nodes in the network Stellar xlm decide which of the nodes should have the highest validity in terms of establishing an agreement. Voting is a character pseudorandom 9.
The Federal election allows each of the nodes to choose a leader in such a way that there is one leader in a given quorum, or a very small number of them.
9 http://www.scs.stanford.edu/~dm/blog/simplified-scp.html
In addition, the network is secured against choosing the wrong leader - for this purpose the round mechanism is used. If the leaders of the current round seem not to fulfill their obligations, after a certain period the nodes go to the next round to develop the group of leaders they follow.
In this way, one or more leaders can be selected in a given quorum of trusted nodes.
Security issues in the FBA protocol
FBA is characterized by asymmetrical architecture - different nodes have different values, that is why even in the case of a type attack Sybil 10, attackers can create a full quorum consisting of incorrectly functioning and defective nodes, and yet they did not affect the consensus breaking in the Stellar network.
However, the question arises whether in a decentralized cryptographic process all full nodes should not be equal?
The FBA prefers network security and the fact that nodes will remain in compliance, over lifetime and possible delays in transactions (it is better that transactions are delayed than there was a disagreement among nodes that could lead to double spending the same means -double spending).
The FBA, in a sense, guarantees that in the event of loss of consent in the network, there will be no forku, i.e. breaking the main chain into two different ones.
Adding or removing nodes in the event of a network error requires reaching an agreement (consensus) between the remaining nodes. In a closed system, we are not able to do this when the protocol "handling" the agreement on the network is literally dead.
FBA, on the other hand, unless a critical software error occurs that needs to be corrected before resuming the blockchain operation, allows the nodes to match the quorum so that the network can be automatically restored for proper functioning.
You already know how Stellar network nodes come to an agreement between themselves.
It is time to look at why the current FBA configuration used by Stellar is highly centralized and it is possible to attack the entire network, focusing only on three of the main nodes owned by the Stellar Foundation.
10 https://www.binance.vision/pl/security/sybil-attacks-explained
The results of the team from KAIST - Stellar are strongly centralized
The figure shows the structure of the quorum sections on 22 January 2019.
Each circle represents one validating node. The size of a circle is proportional to the number of cases in which a node is included in any quorum slice. The tops of the same color are run by the same organization.
It can be clearly seen that the nodes signed as sdf_validator they are most often included in the assertion of consent in the quorum - most of the nodes are marked as trusted.
It is worth noting that all three of these nodes belong to the Stellar Development Foundation.
On the above visualization, however, you can see the importance of individual nodes in the Stellar network in reaching a consensus. These are updated data from 1.05.2019.
With this data, we will look at how to block the Stellar network.
As we can see, in the case of an attack on two of the three largest nodes managed by the Stellar Foundation, the network becomes inefficient in 42.5%.
The above visualization shows the effects attack on three of the largest nodes participating in the global consensus of the Stellar network.
In any case, if three of the largest nodes are successfully attacked, the entire Stellar blockchain stops functioning.
With the current FBA topology that Stellar uses, this blockchain is highly centralized and vulnerable in the event of an attack on these three specific nodes, managed by one organization.
It would be a mistake to assume that such a threat exists only in the sphere of simulations and research. It is as real as possible, as shown by historical data from the last 7 days. They illustrate the ability to disable the network in the event of an attack on 2 or 3 main nodes:
Proposal:
If the Stellar Development Foundation does not change the quorum models to a more decentralized one, the Stellar network will continue to be vulnerable to such attacks.
The last interesting thing I'd like to introduce is low ratio of the so-called "Independent" validators. So the participants of the network / nodes, not having a direct financial initiative from cooperation with Stellar:
In the interest of every cryptocurrency you want to get decentralization, and thus increase its resistance to errors resulting from, for example, a network attack, is increasing the number of independent network participants having nodes participating in the global consensus.
At present, 83.9% of nodes is connected with Stellar in business, 3.2% is nodes operating on a non-profit basis, and 12.9% is unknown.
Summation
The analysis showed that the current quorum arrangement in the Stellar system is strong centralized, making them susceptible to real attacks (as evidenced by historical data).
After the publication of the study, Stellar Development Foundation began to take steps to change this state of affairs. For now, however, the network remains as vulnerable as at the time of testing.
Cryptocurrencies, along with their rapid development, are becoming more and more complicated. Fundamental protocols for reaching a consensus within a centralized network pose a serious challenge for developers around the world.
At the moment, numerous studies suggest that there is a serious problem with system scaling, in particular transaction speed per second and network bandwidth, while leaving the system properly decentralized and reducing susceptibility to attacks by dishonest participants.
About the author
He is involved in researching and analyzing the world of cryptocurrencies. I'm fascinated by science and technology. Vires in numeris.
Studies and reports are possible to implement on request. Prepares reports on specific cryptocurrencies, as well as any other topics related to the cryptocurrency market, such as the cost-effectiveness of introducing a cryptocurrency related service to the market.
All reports provided by me do not constitute investment advice.
I am not an investment adviser, I do not have the power to give such advice. Analyzes are only my opinion.
It is forbidden to make any changes to the report without my consent.
stokarz
