Peer Discovery

The initial process where a node discovers its first peers. It typically involves connecting to hardcoded seed nodes or using a DNS seed to fetch a list of initial peer addresses. This is the critical first step to join the network's peer-to-peer (P2P) overlay.

• Example: Bitcoin clients connect to DNS seeds like seed.bitcoin.sipa.be.
• Purpose: Provides a trusted entry point to bootstrap the node's local peer list.

The primary method for decentralized peer discovery after bootstrapping. Nodes gossip or advertise the addresses of their connected peers to each other. This creates a self-organizing and resilient network where peer lists are dynamically shared and updated.

• Mechanism: A node sends addr messages containing peer addresses.
• Benefit: Eliminates central points of failure and allows the network topology to evolve.

A dedicated sub-protocol for efficient peer list sharing. While gossip is often implicit, PEX is an explicit request-response mechanism where a node can ask a connected peer for a list of other known nodes.

• Function: Optimizes the discovery of healthy, reachable peers.
• Use Case: Common in networks like Ethereum (devp2p) and BitTorrent to quickly build a robust connection set.

A decentralized key-value storage system used for peer discovery in networks without a fixed structure. Nodes participating in a DHT can look up the network addresses of peers responsible for specific data or services.

• Key Technology: Underpins discovery in IPFS and BitTorrent Mainline DHT.
• Advantage: Enables discovery in a fully decentralized, scalable manner without central indexes.

The method used by network analysts and some node implementations to map the entire network. A crawler node connects to many peers, records their connection graphs, and listens for advertised addresses without fully participating in consensus.

• Purpose: Used for network analysis, monitoring node count, and geographic distribution.
• Output: Provides a snapshot of the network topology and peer connectivity.

Protocols designed to prevent malicious peers from overwhelming the network. Since discovery is trustless, networks implement safeguards.

• Examples: Eclipse attacks are mitigated by limiting connections from a single subnet and using diverse seed nodes.
• Proof-of-Work: Some protocols require minimal PoW in handshake messages to slow down fake peer generation.

A node initially discovers peers by querying a list of DNS seeders—hardcoded or configurable DNS servers that return a set of initial node IP addresses. This is a centralized bootstrap mechanism used by networks like Bitcoin and Ethereum to help new nodes find their first connections.

• Example: Bitcoin Core uses DNS seeds like seed.bitcoin.sipa.be.
• Purpose: Provides a reliable entry point into the P2P network without requiring a pre-existing peer list.

Once connected, nodes use Peer Exchange protocols to share known peer addresses with each other. This creates a decentralized, self-sustaining discovery mechanism after the initial bootstrap.

• Mechanism: A node requests and receives lists of peer addresses from its connected peers.
• Gossip Protocol: Peer lists are propagated through the network via gossip, allowing nodes to discover fresh peers and replace disconnected ones dynamically.

Discv5 is a Kademlia-based distributed hash table (DHT) protocol used for peer discovery, notably in Ethereum's networking stack. It enables structured, efficient discovery without centralized components.

• How it works: Nodes are assigned a Node ID and organize themselves in the DHT. Lookups for peers are routed through the network to find the nodes closest to a target ID.
• Key Feature: Supports topic-based advertisement for protocol discovery, allowing nodes to find peers supporting specific sub-protocols (e.g., eth/66).

An Ethereum Node Record (ENR) is a signed, self-contained data structure that encapsulates a node's identity and connection information. It is the standard payload exchanged in Discv5.

• Contents: Includes the node's public key, IP address, TCP/UDP ports, and optional key-value pairs for protocol capabilities.
• Function: Provides cryptographic verification of a node's identity and its advertised information, preventing spoofing.

Bootnodes are hardcoded, well-known nodes that serve as persistent entry points into a network. Clients ship with a list of bootnode ENRs or multiaddresses.

• Role: Act as a fallback if DNS seeds are unavailable and provide a stable foundation for the DHT.
• Static Configuration: Network operators can also configure a static node list for private networks or to ensure connections to specific, trusted peers.

An Eclipse Attack occurs when a malicious actor isolates a target node by monopolizing all its incoming and outgoing connections with sybil nodes under the attacker's control. This allows the attacker to:

• Filter or manipulate the target's view of the blockchain (e.g., hiding transactions or blocks).
• Enable double-spend attacks by presenting a fraudulent chain.
• Censor the target's transactions from the honest network. Defenses include using hardcoded seed nodes, inbound connection limits, and random peer selection algorithms.

A Sybil Attack involves an attacker creating a large number of pseudonymous identities (sybil nodes) to gain a disproportionately large influence over the peer-to-peer network. In peer discovery, this can be used to:

• Flood peer lists with malicious addresses, poisoning the discovery process.
• Dominate Distributed Hash Table (DHT) tables in networks like Ethereum's Discv5.
• Overwhelm honest nodes during initial bootstrap. Countermeasures include proof-of-work puzzles for node ID generation, reputation systems, and bonding/staking requirements for node participation.

These are infrastructure-level attacks where an entity (often an ISP) maliciously reroutes internet traffic. An attacker can hijack the Border Gateway Protocol (BGP) prefixes associated with a blockchain's bootnodes or a large subset of peers, allowing them to:

• Partition the network by isolating groups of nodes.
• Intercept and manipulate peer-to-peer communications.
• Launch man-in-the-middle attacks on unencrypted connections. Mitigation is complex and relies on network diversity, using encrypted transports (like TLS), and monitoring for anomalous routing announcements.

Peer discovery often relies on a set of trusted seed nodes or bootnodes to provide initial peer lists. If these are compromised or malicious, they can:

• Provide lists containing only sybil nodes, facilitating eclipse attacks.
• Propagate incorrect network information, such as invalid chain tips.
• Serve as a single point of failure for new nodes joining. Robust networks use multiple, geographically distributed, and community-run bootnodes. Some protocols also employ DNS-based discovery with DNSSEC to authenticate seed records.

Different peer discovery protocols have unique weaknesses. Key examples include:

• Kademlia DHT (used by Ethereum): Vulnerable to eclipse attacks via careful ID selection and Sybil attacks due to low cost of entry. Solutions include salted hashing and distance-based peer validation.
• Bitcoin's DNS Seeder: Relies on DNS, which is vulnerable to DNS cache poisoning and DDoS attacks against the seeder hosts.
• Gossip Protocols: Can be slowed or manipulated by adversarial gossip where nodes selectively forward or alter peer advertisements.

Secure peer discovery implementations combine multiple strategies to mitigate attacks:

• Peer Scoring & Reputation: Nodes track peer behavior (e.g., sending invalid data) and deprioritize malicious ones.
• Randomized Peer Selection: Algorithms like random walk in DHTs or random sampling from peer lists reduce predictability.
• Outbound-Only Connections: Configuring nodes to only initiate outbound connections can reduce eclipse surface but limits network size.
• Multi-Channel Discovery: Using a combination of DNS lists, hardcoded seeds, and peer exchange (PEX) increases resilience.
• Continuous Monitoring: Networks monitor peer graph topology for signs of partitioning or sybil clusters.

Privacy-focused networks like Monero or Zcash often support peer discovery and communication over onion routing networks (Tor) or the Invisible Internet Project (I2P). Instead of revealing IP addresses, nodes connect via .onion or `.i2p** addresses. Discovery in these environments often relies on:

• Seed nodes with known onion addresses.
• Peer exchange within the anonymizing network.
• DHTs operating over the anonymity layer. This provides strong network-level privacy but introduces higher latency.

Bootstrap nodes are hardcoded, well-known entry points used by a new node to initially join the network. They provide the first list of peer addresses, enabling the node to begin its own peer discovery process. Without bootstrap nodes, a new node would have no starting point to find the network.

• Example: Ethereum's Geth client includes a list of bootstrap nodes in its source code.
• Function: Act as a trusted, static seed for network entry.

A Distributed Hash Table (DHT) is a decentralized key-value storage system that underpins peer discovery in many P2P networks like IPFS and BitTorrent. Nodes use the DHT to find the network addresses of other peers by looking up a Node ID.

• Mechanism: Peers store and retrieve contact information in a structured, distributed manner without central servers.
• Kademlia: The most common DHT protocol, which efficiently routes lookup queries.

A gossip protocol is a communication pattern where nodes periodically exchange known peer information with their neighbors, causing data to spread through the network like an epidemic. It's used for both peer discovery and broadcasting transactions or blocks.

• Process: Node A tells Node B about Nodes C, D, and E; Node B then shares this with its own connections.
• Benefit: Creates a robust, self-healing overlay network as peers join and leave.

A node's identity is its cryptographic public key, but its discoverable information is encapsulated in an Ethereum Node Record (ENR). An ENR is a signed, verifiable data structure containing the node's IP address, ports, and supported capabilities.

• Purpose: Provides authenticated and up-to-date connection details for peers.
• Usage: Exchanged during discovery protocols (like Discv5) to ensure peers connect to the intended node.

NAT Traversal techniques like STUN and TURN are crucial for peer discovery and connection in networks where nodes are behind routers or firewalls. They help nodes discover their own public IP address and establish direct P2P connections.

• STUN: Helps a node discover its public address.
• TURN: Relays traffic if a direct connection is impossible, acting as a last-resort intermediary.