What are long-range attacks on proof-of-stake? The concept of Long Range Attacks
Ranged attacks are one of the biggest unsolved problems in Proof of stake algorithm (PoS) are But what exactly are these attacks and how can they be countered? In general, there are two main solutions to deal with proof-of-stake attacks, known as weak detection headers and direct secure keys. In this article, we will first introduce proof-of-stake attacks and finally introduce a new fork algorithm that will be more effective against long-range attacks. This new fork algorithm can be used in combination with one or two of the proposed solutions to act as a countermeasure against long-range proof-of-stake attacks.
What are proof-of-stake attacks?
A proof-of-work (PoW) system with a strong fork algorithm has a very desirable feature, which is that attackers cannot reverse a block that has been verified long ago unless they can control more than half of the hash power. . But systems based on Proof of Stake (PoS) are different; If producers get back their staked (staked) tokens because of a block they created in the past, the keys they used to create blocks are worthless to them. Therefore, attackers can buy these keys at a much lower price. Since proof-of-stake systems, unlike proof-of-work systems, do not have a mechanism to create a delay between generated blocks, attackers can create a chain longer than usual within minutes and force the fork algorithm to recognize the new chain.
Countermeasures against proof-of-stake attacks
There are two main solutions to circumvent such a problem:
According to this solution, all nodes of the network are required to be checked The newest block produced They are periodic so as not to allow old activities to be reorganized. If nodes check the chain regularly, they will never later choose a long chain that attackers have built with keys corresponding to unstaked tokens. The disadvantage of this approach is that although the existing nodes will not be fooled by the attackers, new nodes that start for the first time and have no idea how to detect the first chain will choose the long chain that the attackers made. To prevent such an incident from happening, they should be familiar with the concept of the usual chain in advance and be able to identify trusted people in the network.
Direct secure keys
Another solution is for block producers to destroy the keys they use to generate the blocks immediately or shortly after the blocks are generated. This can be done by generating a new key pair each time a block is generated, or by using a direct secure key mechanism that allows a secret key to change while its public key remains the same. In this method, the honesty of the nodes and strict adherence to the protocol play the main role. Some people do not see any reason or motivation to destroy them because they know that probably no one will be willing to buy their worthless keys in the future. Although it is unlikely that the majority of block producers will decide to change their second key at the same time, a protocol based on the majority of producers being honest can have different security results than protocols whose members act rationally. The proof-of-work system works as long as more than half of the members act rationally and do not cooperate, and for this reason, it is recommended to use the fork algorithm and the Sybil resistance mechanism, which have similar characteristics.
What is the proposed fork algorithm to deal with proof-of-stake attacks?
Consider the figure below. You’ll find Block B was created much earlier in the chain than usual, and most or all of the producers who were active in the chain when Block B was formed have pulled out. Attackers contact all manufacturers and buy the secret keys of two-thirds of them. Since the keys are no longer valuable to block producers, attackers buy these keys at a very low price.
The keys are then used to build a longer chain. Since scarce resources are not used in a proof-of-stake system, attackers can build their own long chains very quickly. We need a fork algorithm so that no user, including first timers, confuses that long chain with fake verifiers with the regular main chain.
The proposed fork algorithm is: start from the first point and upon reaching each block, choose one of its subsets (child block) as the next block and proceed in the following order:
1. After applying the current block, record its status somewhere.
2. Consider all accounts that currently have tokens as a pair (public key).
3. For each child block, identify all public keys from the set that have confirmed at least one transaction in the child block subset.
4. Select the child block whose score, i.e. the total amount of accounts that have approved at least one transaction in the subset, is the highest.
In the example above, if the current block is B, its child blocks are C1 and C2. Subset C1 is all the blocks ever made on the normal and main chain, while subset C2 is all the blocks made by attackers.
The Common Chain Score is the sum of the amounts in accounts that have confirmed at least one transaction during the history of the Common Chain since the formation of Block B, which includes all money transfers and transactions. The score of the fake chain made by the attackers is the sum of the amounts in the accounts that have made a transaction in that chain, and this means that all these types of transactions have been issued by the attackers themselves.
Let’s say p is the sum total of all accounts that have made at least one transaction since block B was formed in the usual chain. Suppose that the attackers were able to buy the keys of a subset of these accounts such that the sum is q and q < p.
In order for the attackers to make their chain appear more real, the total number of accounts that have transacted in the fake chain must be greater than p. They also need to obtain the keys of accounts with more than p – q tokens for which no transactions have been recorded on the main chain. Since there is no transaction recorded for them in the main chain, the keys of those accounts cannot be purchased at a price lower than its original value.
So even if attackers can buy the keys of 80% of the accounts in block B at a discount that have had at least one transaction in the regular chain, they still have to pay a fee of 0.2 times p.
Note that this fork algorithm only works for long-range fork decisions, because the main chain’s way to stay safe from fake forks is to have more accounts issuing transactions in the main chain. One of the ways to combine this method with classical algorithms is: first, create a subset of the blockchain that consists only of blocks verified with the BFT tool. Then implement the fork algorithm described above in this sub-blockchain and start with the fork algorithm (preferably LMD GHOST) after the last confirmed block in the selected chain.
The importance of blockchain security
In this article, we discussed one of the most interesting types of attack, that is, proof-of-stake attacks, and mentioned two ways to deal with it. We also presented a proposed fork algorithm that can be more efficient against long-range attacks and protect the chain. Although this algorithm has certain interesting features, it needs to be studied and researched more because the issue of blockchain security is not a joke. In the end, we hope this article was useful for you.
What is written about long-range attacks in proof of stake? The concept of Long Range Attacks appeared first on the Wallex blog. appeared.