Condorcet Attack Against Fair Transaction Ordering

TL;DR

The paper introduces the Condorcet attack, a novel method that exploits cycles in transaction ordering to undermine fairness in blockchain systems, even when all nodes behave honestly.

Contribution

It presents the Condorcet attack, demonstrating how adversaries can impose cycles to disrupt transaction fairness and proposes three mitigation strategies with simulation results.

Findings

The attack can be executed with as few as two legitimate transactions.

The attack can trap transactions outside cycles based on timing.

Proposed mitigation methods show effectiveness but have limitations.

Abstract

We introduce the Condorcet attack, a new threat to fair transaction ordering. Specifically, the attack undermines batch-order-fairness, the strongest notion of transaction fair ordering proposed to date. The batch-order-fairness guarantees that a transaction tx is ordered before tx' if a majority of nodes in the system receive tx before tx'; the only exception (due to an impossibility result) is when tx and tx' fall into a so-called "Condorcet cycle". When this happens, tx and tx' along with other transactions within the cycle are placed in a batch, and any unfairness inside a batch is ignored. In the Condorcet attack, an adversary attempts to undermine the system's fairness by imposing Condorcet cycles to the system. In this work, we show that the adversary can indeed impose a Condorcet cycle by submitting as few as two otherwise legitimate transactions to the system. Remarkably, the adversary (e.g., a malicious client) can achieve this even when all the nodes in the system behave honestly. A notable feature of the attack is that it is capable of "trapping" transactions that do not naturally fall inside a cycle, i.e. those that are transmitted at significantly different times (with respect to the network latency). To mitigate the attack, we propose three methods based on three different complementary approaches. We show the effectiveness of the proposed mitigation methods through simulations, and explain their limitations.