On Security of Proof-of-Policy (PoP) in the Execute-Order-Validate Blockchain Paradigm

Abstract

Attacks on consensus protocols against a blockchain system are often caused by inner malicious nodes, and inject valid but malicious transactions or blocks to the blockchain by exploiting the consensus protocol. Much attention is paid to attacks such as the 51% attack on the Proof-of-Work (PoW) and long range attack on Proof-of-Stake (PoS) on the consensus protocol in a public blockchain, where the attack cost is high. There is no much systematic work on the attacks on the consensus protocol in a permissioned blockchain. In this paper, we perform a holistic security study of the “execute-order-validate” paradigm used by a permissioned blockchain system such as Hyperledger Fabric. We first systematically present the consensus protocol in the execute-order-validate blockchain paradigm and abstract the consensus protocol as Proof-of-Policy (PoP). We then analyze the chaincode deployment process of Fabric and show it can be exploited to deploy malicious chaincode to launch collusion attacks against PoP. The collusion attacks do not incur high computational cost or monetary cost like attacks on PoW and PoS. The scale of a permissioned blockchain system is often limited, and there is no built-in penalty for such attacks. Therefore, the risk of those collusion attacks is high compared with those against public blockchain systems. We build a Fabric test network to validate the attacks. A large-scale analysis is performed on 7036 Fabric projects on GitHub to evaluate the attack generality.