In-depth analysis on Stratum Protocol and its known vulnerabilities
As mentioned in a previous article, Overt-AsicBoost allows to change 2 bits, the so called “version-rolling”, in the nVersion field of bitcoin block header.
Recently Slush Pool announced through its website the release of mining service specification to use Stratum Protocol and in the meantime proposed as BIP the Stratum Protocol Extensions.
Stratum Protocol is essentially the getwork protocol evolution, created to support polled mining. In the past, with getwork, the block header was passed from the server to the client, without any transactions. The only way to modify the block was through the nonce value. The maximum that client could do was to try all the nonce values requesting more work from the server.
LET’S SEE HOW STRATUM PROTOCOL WORKS
“Stratum Protocol was originally designed for lightweight Bitcoin client called Electrum. After its implementation, developers figured out how the protocol requirements are quite similar for bitcoin mining, so they started to reuse it as-is.
Technically Stratum is a line-based protocol using plain TCP socket, with payload encoded as JSON-RPC messages. That’s all. Client simply opens TCP socket and writes requests to the server in the form of JSON messages finished by the newline character \n. Every line received by the client is again a valid JSON-RPC fragment containing the response.
There are good reasons for such solution: it is very easy to implement and very easy to debug, because both sides are talking in human-readable format. The protocol is unlike many other solutions easily extensible without messing up the backwards compatibility. As a bonus, JSON is widely supported on all platforms and current miners already have JSON libraries included. So packing and unpacking of the message is really simple and convenient.”
THE STRATUM PROTOCOL ADVANTAGES
Before of all, Stratum Protocol is a solution of HTTP situation:
HTTP was designed for web site browsing where clients ask servers for specific content, which means that in mining sector, HTTP communication is driven by miners asking for new mining jobs available to the pool servers.
In reality, between pool and miners, it is obviously that pool servers know much better what each individual miner should be doing or when miners need new mining jobs, without they spend time requesting news like it happens with HTTP, with Stratum Protocol it is possible control the communication in a more efficient way, swapping the role.
Secondly, Stratum Protocol is a solution for NTime rolling:
Technically for every received job from the server, a miner can modify only ntime and nonce. Usually, large miners can run through all possible values of the two fields in search of the solution. If a miner runs out of unique possibilities, they have to send a new request. Newer and faster miners make this easier to do by the month and bandwidth usage for a pool increases dramatically. Stratum solves this by giving the miners a few more fields which seriously increase the total possible solutions to a block.
The Third advantage is on Long-Polling:
When pools came into the game, people found out that they must decide between short polling intervals (=higher network load, lower stale ratio) and intervals, which don’t overload network and servers, but lead to a much higher ratio of rejected shares. And long polling pattern was the answer. Long polling is a great way to achieve real-time updates using standard web technologies.
Always for the same reason as per HTTP, the standard web technologies create a lot of inefficiency as miners are requesting data that simply isn’t there and servers have to maintain those connections as well for as long as mining happens.
The solution for such issues is related to the previous point about driving load by the server and not by thousands of (sometimes) strangely implemented miners, who are aggressively trying to reach the server.
IS STRATUM PROTOCOL SAFE OR NOT?
Curious is the theory of “Hardening Stratum, the Bitcoin Pool Mining Protocol” , wrote and showed by Ruben Recabarren, famous Penetration Tester and SANS employee, where Stratum Protocol vulnerabilities are analyzed and solutions are created.
In particular way, the pool and the miners communicate over the Stratum protocol, to assign jobs and submit results (shares), Recabarren shows three kind of possible attacks building an “Adversary Model”:
- Eavesdrop attack;
- Recover ISP Logs;
- Inject and modify the Stratum communications of victim miners.
Analyzing the attacks above, Ruben worked on two passive attacks called: StrapTap, where adversary can capture and access all Stratum packet information and ISP Logs, where adversary can only access packet time.
The solution required to get stronger Stratum Protocol has to consider:
Security: Protect against Stratum attacks and be resilient to attacks
Efficiency: Encryption of all Stratum Packets is inefficient & insecure
Adaptability: Minimal modifications to the Stratum Protocol
So, here we are with Bedrock, a secure and efficient extension of the Stratum protocol, introduced by Recabarren. Bedrock seeks to prevent adversaries from inferring the hashrates of miners, and to efficiently authenticate Stratum messages. Bedrock has 3 components, each addressing different Stratum vulnerabilities. The first component authenticates and obfuscates the job assignment and share submission messages. The second component secures the share difficulty notifications, and the third component secures the pool’s inference of the miner’s capabilities.
HARDENING STRATUM PROTOCOL
Slush Pool, the third biggest pool for hashrate distribution, strongly supports AsicBoost and Stratum Protocol Extensions, with the objective to reduce Bitcoin Mining costs and time and achieve fastly the block reward.
Remember, this block reward gained from the pool is proportionately distributed to each member of the pool based on each miner’s hash contribution, it doesn’t matter which individual miner mines the block.