# Blockchain Trilemma Solver Algorand has Dilemma over Undecidable   Messages

**Authors:** Mauro Conti, Ankit Gangwal, Michele Todero

arXiv: 1901.10019 · 2019-01-30

## TL;DR

This paper provides the first security analysis of Algorand, revealing a vulnerability where malicious actors can slow down message validation, potentially compromising consensus despite Algorand's innovative cryptographic sortition process.

## Contribution

It introduces a novel security analysis and attack scenario for Algorand, highlighting potential vulnerabilities in its message validation process.

## Key findings

- Attack can slow down honest nodes' message validation
- Malicious users can force honest nodes to default consensus values
- The core attack concept remains valid despite implementation assumptions

## Abstract

Recently, an ingenious protocol called Algorand has been proposed to overcome these limitations. Algorand uses an innovative process - called cryptographic sortition - to securely and unpredictably elect a set of voters from the network periodically. These voters are responsible for reaching consensus through a Byzantine Agreement (BA) protocol on one block per time, guaranteeing an overwhelming probability of linearity of the blockchain.   In this paper, we present a security analysis of Algorand. To the best of our knowledge, it is the first security analysis as well as the first formal study on Algorand. We designed an attack scenario in which a group of malicious users tries to break the protocol, or at least limiting it to a reduced partition of network users, by exploiting a possible security flaw in the messages validation process of the BA. Since the source code or an official simulator for Algorand was not available at the time of our study, we created a simulator (which is available on request) to implement the protocol and assess the feasibility of our attack scenario. Our attack requires the attacker to have a trivial capability of establishing multiple connections with targeted nodes and costs practically nothing to the attacker. Our results show that it is possible to slow down the message validation process on honest nodes, which eventually forces them to choose default values on the consensus; leaving the targeted nodes behind in the chain as compared to the non-attacked nodes. Even though our results are subject to the real implementation assumption, the core concept of our attack remains valid.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1901.10019/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1901.10019/full.md

## References

35 references — full list in the complete paper: https://tomesphere.com/paper/1901.10019/full.md

---
Source: https://tomesphere.com/paper/1901.10019