Multi-Certificate Attacks against Proof-of-Elapsed-Time and Their Countermeasures

—Proof-of-Elapsed-Time (P O ET) is a blockchain consensus protocol in which each participating node is required to wait for the passage of a specified time duration before it can participate in the block leader election in each round. It relies on trusted execution environments, such as Intel SGX, to ensure its security, and has been implemented in Hyperledger Sawtooth and used in many real-world settings. This paper examines the security issues including fairness guarantees of the Sawtooth’s P O ET design and implementation, and discovers a new category of security attacks against P O ET, dubbed Multi-Certificate Attacks, which allows a malicious node to unfairly create multiple Certificate s in each round of block leader election and select the one that maximizes her probability of winning. We have systematically analyzed the root causes of these attacks and assisted the Sawtooth community to fix several vulnerabilities in the latest version of P O ET. To further mitigate the identified threats, we propose a new design of P O ET in this paper, which we call P O ETA, that can be used to address the remaining vulnerabilities we have discovered. We have implemented P O ETA and evaluated its security and performance.