A comprehensive Evaluation of GossipSub-v1.1 (and a new Logo!)

by David Dias on 2020-07-07

Gossipsub logo

We are back with a direct follow up on the Gossipsub v1.1 release from May with the much awaited Evaluation Report and three other presents we have for you.

The first cat was out of the bag as soon as you opened this post – the new logo! We now have a dedicated logo for this libp2p PubSub router implementation which represents the double network nature of Gossipsub. We hope you enjoy it!

You can find all the logo assets here

📊 Evaluation Report

We are sharing with you a comprehensive, 61-page evaluation report, in which you can learn how we approached the testing of Gossipsub v1.1, the setting in which tests were run, and detailed descriptions of the conclusions we were able to take from such evaluation. With this evaluation, we demonstrate that GossipSub is resilient against all of the attacks studied, capable of recovering the mesh and meeting the message delivery deadline requirements of the Filecoin and the ETH2.0 blockchains.

In addition to this report, which you can find here, we are also excited to share with you:

We went from the regular Sybil and Eclipse Attacks to tests that stretch the protocol in unconventional ways to challenge it under extreme conditions. Such attacks include:

These are all very challenging attacks, which we wanted to test GossipSub against. You will be surprised to see the elegant way in which GossipSub resists all of these attacks.

🔏 Security Audit by Least Authority

Additionally, we are delighted to release Least Authority’s audit report for GossipSub. Least Authority has carried out an extensive audit on GossipSub v1.1 hardening extensions, both in theory and in implementation.

It was a great experience to work with Least Authority throughout multiple fruitful discussions, LA identified multiple findings which then got mitigated by the Gossipsub team and reviewed again by LA.

Least Authority produced a report detailing all of the tests they have carried out. You can consult the final report here. You can also read Least Authority’s report announcement post at their own blog.

📜 Gossipsub Paper

Finally, we are proud to share with you a preprint of a 16-page paper that puts everything together, justifies our design choices, and outlines the most important results we have gathered throughout. With this paper we want to put everything in one place, from the spec, to the details of the test setup, and the insights we have gathered from the most challenging of attacks, in a concise manner. The paper benchmarks performance of GossipSub with Bitcoin’s broadcast/flooding protocol, ETH1.0’s pubsub protocol and the vanilla version of GossipSup (the one without mitigation strategies and the scoring function integrated). The performance improvements brought by GossipSub v1.1 are really impressive and certainly rewarding of the effort that has gone into the design and testing of the protocol.

You can find a preprint of the paper here

One last thing, as Gossipsub v1.1 adds mitigations to many attack scenarios, we found it wise to create a CVE for Gossipsub v1.0 so that users can get automatically notified through their build systems and package managers (assuming that the CVE database is being used). You can consult it at CVE-2020-12821

That’s all for now. Hope you enjoy the Evaluation Report and let us know if you have questions by posting them at https://discuss.libp2p.io

The Gossipsub Task Force - David Dias, Dmitris Vyzovitis, Yiannis Psaras, Yusef Napora, Dirk McCormick