Heterogeneity- and homophily-induced vulnerability of a P2P network formation model: the IOTA auto-peering protocol

TL;DR

This work models IOTA's auto-peering P2P network as a homophily-driven random network formed via a Zipf-distributed Mana endowment and locality constraints, and examines eclipse-like partition attacks. It defines a damage-cost framework with $D(A)=\dfrac{\sum_{i\in A} m(i)}{M}$ and $x(i,j)=\min(m(i),m(j))$, and proposes Betweenness, Greedy, and Blind attack strategies to assess network resilience, including a Watts-Strogatz baseline for comparison. The key finding is that when Mana heterogeneity is moderate (Zipf exponent near 1), an attacker can achieve substantial network damage with a relatively small Mana budget (around $24\%$ of total Mana), effectively splitting the network, while the auto-peering topology remains more resistant than a 1D lattice but less so than WS networks. Although the protocol is not yet implemented in IOTA, the results provide policy guidance and contribute to understanding how Mana-based, homophilic network formation bridges 1D lattices and Poisson graphs in terms of security vulnerabilities.

Abstract

IOTA is a distributed ledger technology that relies on a peer-to-peer (P2P) network for communications. Recently an auto-peering algorithm was proposed to build connections among IOTA peers according to their "Mana" endowment, which is an IOTA internal reputation system. This paper's goal is to detect potential vulnerabilities and evaluate the resilience of the P2P network generated using IOTA auto-peering algorithm against eclipse attacks. In order to do so, we interpret IOTA's auto-peering algorithm as a random network formation model and employ different network metrics to identify cost-efficient partitions of the network. As a result, we present a potential strategy that an attacker can use to eclipse a significant part of the network, providing estimates of costs and potential damage caused by the attack. On the side, we provide an analysis of the properties of IOTA auto-peering network ensemble, as an interesting class of homophile random networks in between 1D lattices and regular Poisson graphs.

Figures (11)

• Figure 1: Intuitive visualisation of the different topologies realised by the IOTA auto-peering formation model as a function of $\rho$ and $s$. The graphs are generated with fixed $N=100, R=10$, $k=4$. Colour represents the Mana endowment of nodes, in a logarithmic scale.
• Figure 2: The average damage over cost ratio by attack strategy and underlying network formation model. Each auto-peering generated network has $N=100$, $\rho=4, R=10$, $k=4$. WS generated networks have $N=100, k=4, p=1$, the data size is 1000 graphs.
• Figure 3: Success ratio $p$ (on the right $y$-axis) and average damage $\mathbb{E}[D/x]$ (on the left $y$-axis) per unit cost of a Blind strategy informed by the Greedy ("BG") and Betweenness ("BB") strategies. The results are averaged over a sample of $1000$ simulated networks with $N=100$, $\rho=4$, $R=10$ and $s=1$ while the error bars are $95\%$ confidence intervals. As comparisons, we also show the success ratio $p$ on an equivalent 1D lattice and a fully randomised regular WS-type network in the inset.
• Figure 4: Heatmaps of the expected damage over cost, $\mathbb{E}[D/x]$, plotted over $\rho$ and $s$, for the betweenness (up plot) and greedy (down plot) strategy. $R=10$ is kept constant. The maximum for each fixed $s$ is when $\rho$ is minimal, meaning that whenever the P2P model is more similar to a chain, the network is maximally vulnerable.
• Figure 5: Cost in Mana (as a percentage of the total Mana in the system) of a blind attack strategy inspired by betweenness strategy results (bottom plot) and greedy strategy results (upper plot) necessary to obtain a successful network split $100\%$ of the times, the results are averaged over $1000$ simulations for each parameters combination. $s$ and $\rho$ vary, while $R=10$ and $N=100$ are kept constant.