Consensus-Layer DoS Attacks
- Consensus-layer DoS attacks are denial-of-service strategies that disrupt agreement by blocking or manipulating communication channels essential for consensus in multi-agent and blockchain systems.
- Mathematical and edge-targeted models quantify these attacks through metrics such as missed blocks, increased disagreement energy, and manipulated link weights.
- Defensive mechanisms such as hold-last-value strategies, self-triggered protocols, and proposer anonymization are employed to mitigate these attacks and preserve consensus.
Consensus-layer DoS attacks are denial-of-service attacks that disrupt the mechanism by which distributed entities reach agreement. In multi-agent systems, they prevent the exchange of neighbor or leader information, break communication/control links, or deny access to a shared medium; in blockchain systems, they interfere with proposer selection, block generation, quorum formation, branch selection, or reliable confirmation, thereby degrading convergence, liveness, chain growth, or finality (Senejohnny et al., 2015, R et al., 2021, Zhang et al., 30 Jul 2025, Burianová et al., 29 Sep 2025). Across these settings, the attacked object is not merely infrastructure in the abstract, but the protocol layer that computes agreement.
1. Conceptual scope and defining characteristics
In control-oriented consensus systems, consensus-layer DoS is typically modeled as loss of availability of the signals used to form disagreement or tracking errors. The attack may block all communication over a shared medium, as in self-triggered coordination over a shared network, or it may operate edge by edge, as in link-removal attacks, channel-wise masking, or componentwise packet blocking (Senejohnny et al., 2015, R et al., 2021, Zhang et al., 1 Jan 2025). In blockchain systems, the same label refers to attacks whose objective is to disrupt the blockchain’s consensus mechanism itself, namely the process by which nodes agree on the valid blockchain state, block ordering, or canonical branch (Zhang et al., 30 Jul 2025).
This yields an important distinction. Consensus-layer DoS is not restricted to volumetric network flooding. It also includes topology disruption through edge deletion, blackout of the channels carrying neighborhood consensus information, and targeted proposer suppression in Proof-of-Stake systems (R et al., 2021, Zhang et al., 1 Jan 2025, Burianová et al., 29 Sep 2025). In Ethereum-like PoS, the attack succeeds if the scheduled proposer cannot produce a valid block in its assigned slot; in the cited experimental framework, attack success is measured primarily by missed slots / missed blocks and the fraction of proposers prevented from proposing (Burianová et al., 29 Sep 2025). In PoW blockchains, the literature review on consensus and incentive attacks treats selfish mining, fork manipulation, and network-assisted reorganization as attacks that waste honest work, increase stale/orphan rates, reduce chain growth, and undermine confirmation reliability; this suggests a broader use of “consensus-layer DoS” that includes protocol-level liveness degradation even when the attack is economically motivated rather than phrased as jamming (Wijewardhana et al., 2024).
A recurring misconception is that consensus-layer DoS is identical to generic network-layer DoS. The surveyed work repeatedly separates the two. Network-layer attacks may exhaust bandwidth or delay packet propagation, whereas consensus-layer DoS attacks target the agreement process itself, whether by link blocking in a control graph, by suppressing a selected proposer, or by manipulating forks and confirmations (Zhang et al., 30 Jul 2025, Burianová et al., 29 Sep 2025).
2. Mathematical models of communication denial
In continuous-time and discrete-time multi-agent systems, the most common formalization is intermittent channel unavailability. A classical shared-medium model defines DoS intervals
and the set of denied times over an interval as
The attack is constrained by frequency and duration bounds:
with the key resilience condition
This is the paper’s notion of Persistency-of-Communication (PoC), introduced because in self-triggered digital consensus it is not enough that the graph be “connected often enough” in the usual switching-topology sense (Senejohnny et al., 2015).
A more general microgrid formulation extends this idea from communication links to all consensus-critical data channels. Persistency-of-Data-Flow (PoDF) is defined per channel by
and yields a bound on the waiting time to the next successful transmission (Ge et al., 2021). This generalization is significant because it treats communication DoS, measurement DoS, and actuation DoS as losses of consensus-critical data flow rather than as unrelated fault classes.
Edge-targeted models are more explicit about the attacked graph. In bipartite consensus over signed graphs, the attacker chooses binary controls , and attacked edge weights are redefined as
The attacked signed Laplacian is obtained by zeroing selected couplings, and the adversary can disable at most 0 links at each time instant (R et al., 2021). In data-driven resilient consensus under simultaneous FDI and DoS, the availability mask is
1
where 2 is diagonal and componentwise switching between 3 and 4; DoS thus acts as multiplicative signal unavailability on the neighborhood consensus channel (Zhang et al., 1 Jan 2025). In multi-dimensional resilient consensus, link-wise DoS intervals are written as
5
with aggregate blocked time bounded by
6
Here the attack makes the digraph time-varying and even disconnected, but the protocol uses the most recently received neighbor values rather than treating missing data as null (Chen et al., 8 Oct 2025).
Blockchain models use different state variables but the same availability logic. Ethereum PoS proposer attacks exploit the fact that validators know duties in advance because proposer selection is deterministic and public once the RANDAO mix is known; with fixed 12-second slots and 32-slot epochs, short-lived disruption of the right validator at the right moment can cause a missed slot (Burianová et al., 29 Sep 2025). Permissioned blockchains with explicit committees expose a similarly sharp attack surface: if the attacker knows which nodes are the current proposer, acceptors, collectors, or committee members, quorum formation can be prevented by selective DoS or partition (Chen et al., 2018).
3. Attack objectives and optimal attack policies
In control-theoretic consensus, the dominant objective is usually to maximize disagreement or to slow convergence. For structurally balanced signed graphs, the adversary’s finite-horizon cost is
7
and the paper’s main theorem states that the optimal strategy at time 8 is to break the 9 links with the highest
0
For positive links this reduces to 1; for negative links it becomes 2. The attacked links are therefore the ones currently doing the most work to reduce signed disagreement (R et al., 2021). This result makes consensus-layer DoS an optimal-control problem on the Laplacian itself, rather than on plant dynamics or measurements.
A second class of attacks exploits quantized or sampled communication. In quantized consensus of discrete-time linear agents, DoS induces packet losses on the observer-state innovations used in the consensus law, and the control law is set to zero when DoS is active (Feng et al., 2023). The dynamic quantization scale evolves as
3
with 4 and 5, and consensus is preserved if
6
The key contribution is a tight zooming-out factor 7, and in the scalar case a stronger result 8, recovering the DoS tolerance of unquantized consensus (Feng et al., 2023). A related nonlinear design replaces zooming-out with “zooming-in and holding”: the scale shrinks in attack-free periods and is held constant during DoS, with the protocol capable of handling any DoS attacks inducing bounded consecutive packet losses with merely 3-level quantization (Ran et al., 2022).
In blockchain consensus, the objectives broaden from convergence delay to chain-growth suppression and confirmation instability. The hierarchical blockchain survey identifies 51% attack and network splitting attack as the most prevalent consensus-layer attack methods, and analyzes the 51% attack as the paradigmatic case: broadcasting conflicting transactions, exploiting fork coexistence, privately extending a preferred branch, and using the longer-branch rule to invalidate earlier accepted payments (Zhang et al., 30 Jul 2025). The systematic literature review goes further by showing that selfish mining, stubborn mining, optimal selfish mining, FAW, EFAW, bribery selfish mining, and difficulty raising all degrade consensus availability by wasting honest work, increasing stale/orphan rates, slowing chain growth, or destabilizing confirmation reliability. The review reports a selfish-mining profitability threshold of 33%, an optimal selfish-mining threshold of 23.21%, and lower thresholds under network-assisted or multi-attacker conditions (Wijewardhana et al., 2024). This suggests that consensus-layer DoS in PoW includes a class of fork-inducing, withholding, and propagation-manipulation strategies that are not framed as packet floods but have the same liveness effects.
4. Defensive mechanisms in resilient consensus design
The dominant defensive pattern in the control literature is not prevention but tolerance through bounded staleness. In observer-based data-driven consensus control under simultaneous FDI and DoS, the paper’s core compensation variable is
9
If current consensus data are available, the controller uses 0; if communication is blocked, it substitutes the previous neighborhood consensus error 1. This is a signal-level “hold-last-available consensus error” mechanism that keeps the controller defined during blackout (Zhang et al., 1 Jan 2025). A closely related geometric result appears in resilient multi-dimensional consensus and distributed optimization: if edge 2 is under DoS at 3, the agent uses the most recently received value 4, preserving the safe-kernel construction and preventing missing messages from becoming artificial outliers (Chen et al., 8 Oct 2025).
Self-triggered and switched architectures pursue the same idea in a different language. Under shared-medium DoS, the modified self-triggered protocol sets 5 during blackout and schedules the next retry after the minimum interval 6, leading to finite-time convergence to the practical consensus set
7
whenever PoC holds (Senejohnny et al., 2015). In networked microgrids, edge-based self-triggering and PoDF yield a sufficient condition of the form
8
under which finite-time practical consensus is preserved despite multi-layer DoS (Ge et al., 2021).
More elaborate architectures isolate the consensus computation itself. In the twins-layer approach, a digital twin layer solves leader-following consensus under DoS with the switched law
9
where 0 under DoS and 1 otherwise. Attack-free intervals contract the tracking error, while DoS intervals produce growth bounded by a duration-ratio condition
2
yielding a uniformly ultimately bounded consensus error on the twin layer (Gong et al., 2023). This suggests a general design principle: consensus-layer DoS can be mitigated either by freezing the consensus state, by holding the last valid consensus signal, or by shifting the agreement computation into a layer where bounded blackout can be treated as staleness rather than loss of meaning.
5. Blockchain-specific forms of consensus-layer DoS
Blockchain consensus-layer DoS has a different operational meaning but the same core target: agreement and liveness. In Ethereum PoS, proposer predictability exposes a slot-specific attack surface because proposer selection is deterministic and public once the randomness is known, validators are informed of roles two epochs in advance, and time is divided into 12-second slots and 32-slot epochs (Burianová et al., 29 Sep 2025). In the cited experiments, targeted DoS without proposer protection caused 64% of blocks missed and 67% of proposers affected. With Whisk or homomorphic sortition, targeted DoS on the actual elected leader fell to close to 0%, but neither mechanism defended effectively against coordinated attacks on validator groups; under advanced DoS, Whisk suffered 28% of blocks missed, whereas no protection or homomorphic sortition showed about 6–8% of blocks missed (Burianová et al., 29 Sep 2025). The reason is protocol-specific: Whisk hides the exact proposer but exposes a future candidate set of 16,384 validators, shuffled over 8,192 slots, so a resourceful attacker can attack the candidate pool rather than the entire validator set. A common misconception is therefore corrected by the experiments: proposer secrecy strongly mitigates exact-leader targeting, but it does not solve broader coordinated attacks on validator groups (Burianová et al., 29 Sep 2025).
Permissioned blockchains address the same problem through hidden committee membership. EGES replaces the usual explicit committee with a per-block stealth committee selected inside SGX, consisting of exactly one proposer 3 and 4 acceptors 5, hidden among fake committee nodes (Chen et al., 2018). The paper’s core claim is that explicit committees are structurally vulnerable because an attacker knows exactly which nodes are critical for progress. By mixing real acceptors with fake ones and rotating the hidden committee every block, Eges turns targeted DoS into a guessing problem. In one illustrative example with 6, 7, an expected 600 fake acceptors, and attack budget 300, the probability that the attacker can luckily attack more than 8 real acceptors for one block is 0.3% (Chen et al., 2018).
A public-PoS variant of the same idea is proposer anonymization through native routing. PoS-CoPOR addresses the case where the next leader is known one round in advance, but its network address is concealed by a native onion-routing mechanism integrated into the consensus protocol (Homoliak et al., 6 Oct 2025). The leader identity is still verifiable at the protocol level, but the network identity of the next block proposer is hidden before block dissemination. The paper reports throughput of up to 110 tx/s with 6 nodes, even with the overhead of the anonymization layer (Homoliak et al., 6 Oct 2025). This suggests a distinction within blockchain consensus-layer DoS defenses: some protocols hide the election outcome cryptographically, whereas others allow the election outcome to be known but hide where to attack the proposer.
6. Metrics, misconceptions, and limitations
The literature evaluates consensus-layer DoS with domain-specific but structurally similar metrics. In multi-agent systems, the key quantities are disagreement energy, neighborhood consensus error, ultimate tracking error, quantizer saturation, and attack-occupation conditions such as
9
or
0
In signed bipartite consensus, the edge score 1 ranks the most damaging links to remove (R et al., 2021). In Ethereum PoS, the primary metrics are missed slots / missed blocks, percentage of proposers affected, and block or epoch processing overhead (Burianová et al., 29 Sep 2025). In PoW mining attacks, the systematic review emphasizes stale/orphan rates, wasted honest work, chain growth, confirmation reliability, and attacker revenue thresholds (Wijewardhana et al., 2024).
Several limitations recur. Many control papers assume bounded DoS frequency or duration, complete attacker knowledge, perfect link removal, or reliable detection of blackout onset (Senejohnny et al., 2015, R et al., 2021, Gong et al., 2023). Several guarantee only practical consensus or uniform ultimate boundedness rather than exact asymptotic agreement under attack (Ge et al., 2021, Gong et al., 2023, Khoshnevisan et al., 10 Dec 2025). Blockchain studies often abstract away network propagation, fork choice, execution-layer effects, or real Internet-scale traffic patterns; the Ethereum SSLE evaluation is intentionally a simplified yet representative model, and the PoS-CoPOR evaluation is a proof-of-concept on a single local machine (Burianová et al., 29 Sep 2025, Homoliak et al., 6 Oct 2025). The hierarchical blockchain survey also remains qualitative in its consensus-layer section: it names both 51% attack and network splitting attack as prevalent methods, but methodically analyzes only the 51% attack (Zhang et al., 30 Jul 2025).
A final misconception is that “connected often enough” is always sufficient. The self-triggered consensus literature explicitly rejects this for digital systems: because transmissions occur only at discrete self-triggered times and cannot be made arbitrarily fast, consensus can fail even if classical persistency-of-excitation style connectivity conditions hold (Senejohnny et al., 2015). A plausible implication is that consensus-layer DoS is best understood not only as graph disconnectivity, but as denial of timely, protocol-compatible opportunities to perform the updates that agreement requires.